INTRODUCTION – Microsoft Azure Storage & Networking Services
Exploration of Azure Storage options available for different scenarios for the week. You will actually focus on Azure Blob Storage, Azure Disk Storage, Azure Files, and also Blob access tiers.
Apart from that, you will also explore some of the amazing networking resources in Azure. You can configure a custom network environment according to your company’s requirement by Azure Virtual Network. Azure VPN Gateway and Azure ExpressRoute will also be discovered to establish secure communication channels among various locations within the company.
Objectives of Learning:
- Understand Azure Blob Storage and Azure Disk Storage.
- Explore the advantages of Azure Files.
- Learn all about Azure Blob access tiers.
- Examine what Azure has to offer with its core networking resources.
- Understand the benefits and usage of Virtual Network, VPN Gateway, and ExpressRoute.
- Explore the benefits and usage of Azure Blob Storage, Azure Disk Storage, Azure Files, and Azure Blob access tiers.
KNOWLEDGE CHECK 1
1. True or False?
Azure storage is used by both Infrastructure as a Service (IaaS) virtual machines, and Platform as a Service (PaaS) cloud services.
- True (CORRECT)
- False
Correct: The independent use of Azure Storage varies from being a file share to being a repository for developers to work with and access through websites, mobile apps, desktop applications, or other custom solutions. Azure Storage is also a vital part of all IaaS virtual machines and PaaS cloud services.
2. Azure Blob Storage is Microsoft’s object storage solution for the cloud. Is the following statement on Azure Blob storage true or false?
Azure Blob Storage is ideal for streaming video and audio.
- True (CORRECT)
- False
Correct: Blob Storage allows you to serve images or documents directly to a browser, store files for distributed access and stream media.
3. True or False?
Azure Files are accessible via the industry standard Server Message Block (SMB) protocol.
- False
- True (CORRECT)
Correct: Provides file shares that are fully managed by Azure in the cloud and can be accessed using the well-known Server Message Block (SMB) protocol. User can mount these file shares from any Windows, Linux, or mac OS device, whether in the cloud or on-premises.
4. True or False?
Azure files can be accessed from anywhere in the world using a URL that points to the file.
- True (CORRECT)
- False
Correct: One of the major differences between Azure Files and a corporate network shared file system is that it enables you to access files from anywhere in the world via a URL that directly points to the file.
5. True or False?
Shared Access Signature (SAS) tokens allow access to a private asset for a specific amount of time.
- True (CORRECT)
- False
Correct: Private asset access can also be granted for a determined time period using SAS tokens.
6. Azure storage offers different access tiers for blob and file storage. This allows you to store object data in the most cost-effective manner. What do you think is the most cost-effective tier to optimize storage for data that is infrequently accessed and stored for at least 30 days?
- Cool storage tier (CORRECT)
- Hot storage tier
- Archive storage tier
Correct: The storage tier Cool is used for data that is rarely accessed and stored for a minimum of 30 days; for example, customer invoices.
KNOWLEDGE CHECK 2
1. Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity.
Which of the following is not a valid mechanism?
- Site-to-site Virtual Private Networks
- Azure ExpressRoute
- Point-to-site Virtual Private Networks
- Service endpoints (CORRECT)
Correct: The service endpoints are there to connect other Azure resource types with an Azure SQL database or storage accounts. Using that way, you will join different Azure resources into your virtual networks for better security and optimal routing between them.
2. True or false?
A VM in Azure can connect out to the Internet by default.
- True (CORRECT)
- False
Correct: As default, the VM in Azure gets access to the internet.
3. Azure virtual networks enable you to filter traffic between subnets. Which of the following are valid filtering approaches?
Select all options that apply.
- Border Gateway Protocol
- Network security groups (CORRECT)
- Network virtual appliances (CORRECT)
Correct: Completely true. A Network Security Group (NSG) is an Azure resource that includes inbound and outbound security rules. These rules enable you to manage traffic by defining source and destination IP address, port, and protocol conditions that allow or block traffic depending on those parameters.
Correct: Unlike a hardened network appliance, a network virtual appliance (NVA) is a SATA virtual machine (VM) that performs certain network-related functions. Examples of such include running a firewall or optimizing WAN performance.
4. When you create an Azure virtual network, you configure a number of settings such as multiple subnets, distributed denial of service (DDoS) protection, and service endpoints. Which of the following fields must be completed as part of the setup?
Select all options that apply.
- Subscription (CORRECT)
- Name (CORRECT)
- Resource Group (CORRECT)
- DDoS Protection
Each way of life must have an active subscription related to it.
The virtual network should be given a name.
All the resources should be assigned and linked to a resource group.
5. Policy-based VPN gateways specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.
Which of the following are key features of policy-based VPN gateways in Azure?
Select all options that apply.
- Support for IKEv2.
- Dynamic routing protocols.
- Compatibility with legacy on-premises VPN devices. (CORRECT)
- Use of static routing. (CORRECT)
Correct: Policy-based VPNs are narrative and need to be used under specific circumstances, such as checking for compliance with legacy on-premises VPN devices.
Correct: The prefix string from both the networks defines the encryption and decryption of the incoming and outgoing traffic through the virtual private network tunneling. The policy defines the source of the tunneled networks, eliminating the need to define it in the routing table destinations.
6. Which of the following are supported ExpressRoute models that you can use to connect your on-premises network to the Microsoft cloud?
Select all options that apply.
- Any-to-any connection (CORRECT)
- Site-to-site connection
- Cloud Exchange colocation (CORRECT)
- Point-to-point Ethernet connection (CORRECT)
Any-to-any connectivity is therefore interfacing the WAN with Microsoft Azure for the offices and data centers.
Commonly co-located providers have Layer 2 and Layer 3 links between infrastructures, co-located or otherwise, and Microsoft cloud systems.
Point connection between an on-premises site and Microsoft Azure provides Layer 2 and Layer 3 cell connectivity, allowing offices or data centers to be connected to Azure while using these links.
TEST PREP
1. True or false?
Archive storage tier stores data online.
- True
- False (CORRECT)
Correct: Archive storage brings data into an offline scenario and the cheapest storage costs, although it has the most expensive retrieval and access fees.
2. Azure storage offers different access tiers for blob and file storage. This allows you to store object data in the most cost-effective manner. What do you think is the most cost-effective tier to optimize storage for data that is frequently accessed, such as images from your website, and stored for at least 30 days?
- Hot storage tier (CORRECT)
- Archive storage tier
- Cool storage tier
Correct: The one way of storing data that is accessed often, like images from your website, is through the Hot storage tier.
3. True or false?
Network security groups contain security rules that enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces.
- True (CORRECT)
- False
Correct: Access control policies within a network security group facilitate filtering the two different types of traffic that can move into and out of the virtual network subnets and the network interfaces. The network security group is created independently and is then associated with the particular virtual network.
4. A VPN gateway is a type of Virtual Network Gateway. To connect on-premises data centers to Azure virtual networks you need to configure…
- site-to-site connection. (CORRECT)
- network-to-network connection
- point-to-site connection.
Correct: You can link your on-premises data centers to Azure virtual networks by establishing a site-to-site connection.
5. True or False?
All Azure subscriptions connect from on-premises to Azure using Azure Express Route.
- True
- False (CORRECT)
Correct: Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud privately and securely. By using this service, you can effortlessly leverage Microsoft cloud services such as Azure, Office 365, and Dynamics 365. Thereby providing you an enhanced security, high-reliability connections, reduced latency, and increased throughput.
6. Which of the following resources are required before you can deploy a VPN gateway between Azure and on-premises resources?
Select all options that apply.
- Point-to-site connection
- Virtual network. (CORRECT)
- Public IP address. (CORRECT)
- Virtual network gateway (CORRECT)
Correct: You have to set up one Azure Virtual Network with enough address space to hold the extra subnet required for the VPN gateway. This address space for this virtual network should not conflict with the on-premises network which you want to connect.
Correct: When using the non-zone-aware gateway, you must create a Basic-SKU dynamic public IP address, which acts as the public-routable target for your on-premises VPN device.
Correct: You are required to create a virtual network gateway in order to route traffic between the virtual network and the data center on-premises or other virtual networks.
7. Which of the following statements do you think are true of Azure Blob Storage?
You might have to make an educated guess! Select all the options that apply.
- It can store files for distributed access. (CORRECT)
- It is good for streaming audio and video. (CORRECT)
- It can be used for backup and restore, disaster recovery, and archiving. (CORRECT)
- It can add storage capacity indefinitely for Virtual Machines.
Blob storage is used to hold files that have to be distributed.
Blob storage is also suitable for audio and video streaming.
Storage, backup, restoration, disaster recovery, and archiving can be used to store data.
8. Which of the following situations are suitable for using Azure Files?
Check all that apply.
- On-premises applications that use file shares (CORRECT)
- Store configuration files on a file share. (CORRECT)
- Write data to a file share, and process or analyze the data later. (CORRECT)
- Storing data for analysis by an on-premises or Azure-hosted service.
Correct: With the help of Azure Files, it becomes very easy to move applications from on-premises to Azure to share data.
Correct: Configuration files can be kept on a file share and accessed by an assortment of VMs. Tools and utilities used by a group of developers can also be kept on a file share to ensure everyone has access to the same version.
Correct: Using diagnostic logs, metrics and crash dump files would usually suffice.
9. Which of the following are capabilities of Azure virtual networks?
Select all that apply.
- Internet communications (CORRECT)
- Connect virtual networks (CORRECT)
- Communication with on-premises resources (CORRECT)
- Dedicated private connectivity to Azure that doesn’t travel over the internet
The Azure virtual network has an ability through which an internet communication can be established.
Azure Virtual Networks allow the connection of multiple virtual networks.
The ability to communicate with on-premises resources is a feature of Azure virtual networks.
10. Which of the following are benefits of ExpressRoute?
Check all that apply.
- Redundant connectivity (CORRECT)
- Encrypted network communication
- Dynamic routing (CORRECT)
- Access to Microsoft cloud services (CORRECT)
Correct: The built-in redundancy provided by ExpressRoute across every peering location delivers a higher reliability.
Correct: Express Route provides dynamic routing between your network and Microsoft via BGP.
Correct Express Route provides connectivity to Microsoft cloud services across all regions in the geopolitical region.
CONCLUSION – Microsoft Azure Storage & Networking Services
Overall, the current module has been a survey of the different forms of storage available with Azure Storage services such as Azure Blob Storage, Azure Disk Storage, Azure Files, and Blob access tiers, coupled with examples of their most appropriate use cases.
Furthermore, it explores some of the major networking resources in Azure, such as Azure Virtual Network, which allows you to custom-design your own network environments, as well as Azure VPN Gateway and Azure ExpressRoute. These provide secure communications tunnels through which many sites of a company can connect to one another. From this knowledge, you can now confidently make informed choices concerning Azure’s storage and network solutions at your organization.