Summary of "AZ-700 Designing and Implement Azure Networking Study SUPER Guide!"

This comprehensive video is a deep study guide and exam cram for the Microsoft AZ-700 certification, focused on designing and implementing Azure networking solutions. The presenter shares insights from taking the beta exam and provides a detailed walkthrough of key Azure networking concepts, services, and configurations relevant for the exam.

Key Technological Concepts & Product Features Covered

Azure Virtual Network (VNet) Fundamentals
- VNets are regional and subscription-scoped; cannot span regions or subscriptions.
- VNets are Layer 3 constructs supporting IPv4 (mandatory) and optional dual-stack IPv6.
- Subnets segment VNets; IP ranges must not overlap with other VNets or on-premises networks.
- Azure fabric provides DHCP; IPs are dynamic by default but can be static.
- Private IP ranges typically follow RFC 1918, but custom private ranges are possible.
- Public IPs in Azure come in two SKUs: Basic (dynamic/static, no zone support, open by default) and Standard (static only, locked down by default, zone-aware).
- Public IP Prefix allows contiguous blocks of public IPs.
VNet Peering
- Enables connection between VNets in same or different regions (global peering).
- IP address spaces must be unique; peering is non-transitive.
- Hub-and-spoke model supported with user-defined routing (UDR) and network virtual appliances (NVAs) for routing between spokes.
- Peering supports gateway transit to share VPN/ExpressRoute gateways between VNets.
Routing in Azure
- Default system routes exist; user-defined route tables (UDRs) can override routing.
- UDRs can direct traffic to NVAs, internet, virtual network gateways, etc.
- Effective routes and effective security rules can be viewed on NICs for troubleshooting.
Outbound Connectivity
- NAT Gateway resource provides scalable, static outbound IPs with SNAT.
- NAT Gateway requires Standard SKU public IPs and is linked to subnets.
DNS in Azure
- Azure DNS provides name resolution for Azure resources within VNets.
- Custom DNS servers can be used at VNet or NIC level.
- Azure Private DNS Zones support auto-registration and resolution across VNets.
- Azure Public DNS Zones for internet-facing services.
Hybrid Connectivity
- VPN Gateway
  - Two types: Basic (legacy, policy-based, limited) and Standard/High Performance (route-based, supports multiple tunnels, BGP, active-active).
  - Supports Site-to-Site VPN, Point-to-Site VPN (OpenVPN, SSTP, IKEv2), and coexists with ExpressRoute.
  - VPN tunnels limited to ~1 Gbps per tunnel.
- ExpressRoute
  - Private dedicated connection to Microsoft backbone.
  - Connects customer network to Microsoft Enterprise Edge at carrier-neutral meet-me locations.
  - Supports Private Peering (VNet connectivity) and Microsoft Peering (Microsoft services like M365).
  - Circuit speeds vary; redundant active-active connections.
  - Premium SKU adds global connectivity, increased route limits, and Microsoft 365 connectivity.
  - ExpressRoute Direct allows customer-owned ports with optional MACsec encryption.
  - ExpressRoute Global Reach enables connecting on-premises sites via Microsoft backbone.
- Azure Virtual WAN
  - Managed hub-and-spoke network with support for VPN, ExpressRoute, and Point-to-Site.
  - Supports multihub routing, vNet transit, and custom route tables.
  - Simplifies management of hybrid connectivity.
Load Balancing Solutions
- Azure Load Balancer (Layer 4)
  - Supports TCP/UDP, internal or external front ends (cannot mix).
  - SKUs: Basic (free, limited scale, no SLA) and Standard (SLA, zone redundant, supports IP-based backends).
  - Supports inbound load balancing rules, NAT rules, outbound rules, HA ports, and floating IP.
- Azure Application Gateway (Layer 7)
  - HTTP/HTTPS/HTTP2 load balancing with URL-based routing, SSL offload, rewrite, cookie affinity.
  - Supports Web Application Firewall (WAF) with OWASP CRS.
  - SKUs support autoscaling, zone redundancy.
- Global Load Balancing
  - Azure Traffic Manager (DNS-based) for global distribution with multiple routing methods (performance, priority, geographic, weighted).
  - Azure Front Door (Layer 7) uses Microsoft global network with anycast IP, split TCP, SSL offload, caching, WAF.
  - Azure Front Door V2 (preview) merges CDN, WAF, Front Door features with private link support and advanced security.
Network Security and Access Control