Summary of "AZ-700 Designing and Implement Azure Networking Study SUPER Guide!"

Summary of "AZ-700 Designing and Implement Azure Networking Study SUPER Guide!"

This comprehensive video is a deep study guide and exam cram for the Microsoft AZ-700 certification, focused on designing and implementing Azure networking solutions. The presenter shares insights from taking the beta exam and provides a detailed walkthrough of key Azure networking concepts, services, and configurations relevant for the exam.

Key Technological Concepts & Product Features Covered

  1. Azure Virtual Network (VNet) Fundamentals
    • VNets are regional and subscription-scoped; cannot span regions or subscriptions.
    • VNets are Layer 3 constructs supporting IPv4 (mandatory) and optional dual-stack IPv6.
    • Subnets segment VNets; IP ranges must not overlap with other VNets or on-premises networks.
    • Azure fabric provides DHCP; IPs are dynamic by default but can be static.
    • Private IP ranges typically follow RFC 1918, but custom private ranges are possible.
    • Public IPs in Azure come in two SKUs: Basic (dynamic/static, no zone support, open by default) and Standard (static only, locked down by default, zone-aware).
    • Public IP Prefix allows contiguous blocks of public IPs.
  2. VNet Peering
    • Enables connection between VNets in same or different regions (global peering).
    • IP address spaces must be unique; peering is non-transitive.
    • Hub-and-spoke model supported with user-defined routing (UDR) and network virtual appliances (NVAs) for routing between spokes.
    • Peering supports gateway transit to share VPN/ExpressRoute gateways between VNets.
  3. Routing in Azure
    • Default system routes exist; user-defined route tables (UDRs) can override routing.
    • UDRs can direct traffic to NVAs, internet, virtual network gateways, etc.
    • Effective routes and effective security rules can be viewed on NICs for troubleshooting.
  4. Outbound Connectivity
    • NAT Gateway resource provides scalable, static outbound IPs with SNAT.
    • NAT Gateway requires Standard SKU public IPs and is linked to subnets.
  5. DNS in Azure
    • Azure DNS provides name resolution for Azure resources within VNets.
    • Custom DNS servers can be used at VNet or NIC level.
    • Azure Private DNS Zones support auto-registration and resolution across VNets.
    • Azure Public DNS Zones for internet-facing services.
  6. Hybrid Connectivity
    • VPN Gateway
      • Two types: Basic (legacy, policy-based, limited) and Standard/High Performance (route-based, supports multiple tunnels, BGP, active-active).
      • Supports Site-to-Site VPN, Point-to-Site VPN (OpenVPN, SSTP, IKEv2), and coexists with ExpressRoute.
      • VPN tunnels limited to ~1 Gbps per tunnel.
    • ExpressRoute
      • Private dedicated connection to Microsoft backbone.
      • Connects customer network to Microsoft Enterprise Edge at carrier-neutral meet-me locations.
      • Supports Private Peering (VNet connectivity) and Microsoft Peering (Microsoft services like M365).
      • Circuit speeds vary; redundant active-active connections.
      • Premium SKU adds global connectivity, increased route limits, and Microsoft 365 connectivity.
      • ExpressRoute Direct allows customer-owned ports with optional MACsec encryption.
      • ExpressRoute Global Reach enables connecting on-premises sites via Microsoft backbone.
    • Azure Virtual WAN
      • Managed hub-and-spoke network with support for VPN, ExpressRoute, and Point-to-Site.
      • Supports multihub routing, vNet transit, and custom route tables.
      • Simplifies management of hybrid connectivity.
  7. Load Balancing Solutions
    • Azure Load Balancer (Layer 4)
      • Supports TCP/UDP, internal or external front ends (cannot mix).
      • SKUs: Basic (free, limited scale, no SLA) and Standard (SLA, zone redundant, supports IP-based backends).
      • Supports inbound load balancing rules, NAT rules, outbound rules, HA ports, and floating IP.
    • Azure Application Gateway (Layer 7)
      • HTTP/HTTPS/HTTP2 load balancing with URL-based routing, SSL offload, rewrite, cookie affinity.
      • Supports Web Application Firewall (WAF) with OWASP CRS.
      • SKUs support autoscaling, zone redundancy.
    • Global Load Balancing
      • Azure Traffic Manager (DNS-based) for global distribution with multiple routing methods (performance, priority, geographic, weighted).
      • Azure Front Door (Layer 7) uses Microsoft global network with anycast IP, split TCP, SSL offload, caching, WAF.
      • Azure Front Door V2 (preview) merges CDN, WAF, Front Door features with private link support and advanced security.
  8. Network Security and Access Control

Category ?

Technology

Share this summary

Summarize another video

Video