| Introduction |
|
xxv | |
| Assessment Test |
|
xxxvii | |
|
Chapter 1 Getting Started with AZ-700 Certification for Azure Networking |
|
|
1 | (74) |
|
Basics of Cloud Computing and Networking |
|
|
2 | (1) |
|
The Need for Networking Infrastructure |
|
|
3 | (1) |
|
|
|
3 | (3) |
|
|
|
6 | (4) |
|
Enterprise Cloud Networking |
|
|
10 | (1) |
|
|
|
11 | (1) |
|
|
|
12 | (2) |
|
Azure Global Infrastructure |
|
|
14 | (6) |
|
Azure Networking Terminology |
|
|
20 | (1) |
|
Azure Networking Overview |
|
|
21 | (2) |
|
Azure Networking Services |
|
|
23 | (3) |
|
|
|
26 | (2) |
|
VNet Concepts and Best Practices |
|
|
28 | (7) |
|
Deploying a Virtual Network with Azure PowerShell |
|
|
35 | (2) |
|
Configure Public IP Services |
|
|
37 | (1) |
|
|
|
38 | (1) |
|
|
|
39 | (1) |
|
Configure a Basic SKU Public IP |
|
|
40 | (1) |
|
Configure a Standard SKU Public IP with Zones |
|
|
40 | (1) |
|
Configuring Domain Name Services |
|
|
40 | (2) |
|
Configure an Azure DNS Zone and Record Using Azure PowerShell |
|
|
42 | (1) |
|
Configuring Cross-Virtual Network Connectivity with Peering |
|
|
43 | (2) |
|
Configuring Peering between Two Virtual Networks in the Same Region |
|
|
45 | (1) |
|
Configuring Virtual Network Traffic Routing |
|
|
46 | (6) |
|
Using Forced Tunneling to Secure the VNet Route |
|
|
52 | (1) |
|
Configuring Internet Access with Azure Virtual NAT |
|
|
53 | (1) |
|
Deploy the NAT Gateway Using Azure PowerShell |
|
|
54 | (2) |
|
|
|
56 | (1) |
|
|
|
56 | (1) |
|
Hands-On Lab: Design and Deploy a Virtual Network via the Azure Portal |
|
|
57 | (1) |
|
Activity 1 Prepare the Network Schema |
|
|
58 | (2) |
|
Activity 2 Build the Aviation Resource Group |
|
|
60 | (1) |
|
Activity 3a Build the Corelnfra Vnet Virtual Network and Subnets |
|
|
60 | (4) |
|
Activity 3b Build the EngineeringVnet Virtual Network and Subnets |
|
|
64 | (2) |
|
Activity 3c Build the BranchofficeVnet Virtual Network and Subnets |
|
|
66 | (2) |
|
Activity 4 Validate the Build of VNets and Subnets |
|
|
68 | (2) |
|
|
|
70 | (5) |
|
Chapter 2 Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection |
|
|
75 | (70) |
|
Overview of Azure VPN Gateway |
|
|
76 | (3) |
|
Designing an Azure VPN Connection |
|
|
79 | (7) |
|
|
|
86 | (1) |
|
|
|
87 | (1) |
|
|
|
88 | (1) |
|
Choosing a Virtual Network Gateway SKU for Site-to-Site VPN |
|
|
89 | (3) |
|
Using Policy-Based VPNs vs. Route-Based VPNs |
|
|
92 | (2) |
|
Building and Configuring a Virtual Network Gateway |
|
|
94 | (3) |
|
Building and Configuring a Local Network Gateway |
|
|
97 | (4) |
|
Building and Configuring an IPsec/IKE Policy |
|
|
101 | (3) |
|
|
|
104 | (5) |
|
Diagnosing and Resolving VPN Gateway Connectivity Issues |
|
|
109 | (3) |
|
Choosing a VNet Gateway SKU for Point-to-Site VPNs |
|
|
112 | (4) |
|
Configuring RADIUS, Certificate-Based, and Azure AD Authentication |
|
|
116 | (1) |
|
Configuration Workflow for Native Azure Certification Authentication |
|
|
117 | (7) |
|
Configuration Workflow for Native Azure Active Directory |
|
|
124 | (3) |
|
Configuration Workflow for Windows Active Directory |
|
|
127 | (6) |
|
Diagnosing and Resolving Client-Side and Authentication Issues |
|
|
133 | (3) |
|
|
|
136 | (1) |
|
|
|
136 | (4) |
|
|
|
140 | (5) |
|
Chapter 3 Design, Deploy, and Manage Azure ExpressRoute |
|
|
145 | (58) |
|
Getting Started with Azure ExpressRoute |
|
|
146 | (5) |
|
Key Use Case for ExpressRoute |
|
|
151 | (1) |
|
ExpressRoute Deployment Model |
|
|
151 | (2) |
|
Choosing Between the Network Service Provider and ExpressRoute Direct |
|
|
153 | (3) |
|
Designing and Deploying Azure Cross-Region Connectivity between Multiple ExpressRoute Locations |
|
|
156 | (1) |
|
Selecting ExpressRoute Circuit SKUs |
|
|
156 | (1) |
|
Estimating Price Based on ExpressRoute SKU |
|
|
156 | (1) |
|
Select a Peering Location |
|
|
157 | (1) |
|
Select the Proper ExpressRoute Circuit |
|
|
157 | (2) |
|
|
|
159 | (1) |
|
Select a High Availability Design |
|
|
159 | (3) |
|
Pick a Business Continuity and Disaster Recovery Design Pattern |
|
|
162 | (7) |
|
Choosing an Appropriate ExpressRoute SKU and Tier |
|
|
169 | (2) |
|
Designing and Deploying ExpressRoute Global Reach |
|
|
171 | (2) |
|
Deploying ExpressRoute Global Reach |
|
|
173 | (1) |
|
Use Case 1 Enabling Circuits in the Same Region |
|
|
173 | (1) |
|
Use Case 2 Enabling Circuits in Different Regions |
|
|
174 | (1) |
|
Designing and Deploying ExpressRoute FastPath |
|
|
175 | (1) |
|
Evaluate Private Peering Only, Microsoft Peering Only, or Both |
|
|
176 | (2) |
|
Setting Up Private Peering |
|
|
178 | (3) |
|
Setting Up Microsoft Peering |
|
|
181 | (1) |
|
Building and Configuring an ExpressRoute Gateway |
|
|
182 | (4) |
|
Connect a Virtual Network to an ExpressRoute Circuit |
|
|
186 | (4) |
|
Recommend a Route Advertisement Configuration |
|
|
190 | (1) |
|
Configure Encryption over ExpressRoute |
|
|
191 | (1) |
|
Deploy Bidirectional Forwarding Detection |
|
|
192 | (1) |
|
Diagnose and Resolve ExpressRoute Connection Issues |
|
|
193 | (3) |
|
|
|
196 | (1) |
|
|
|
196 | (3) |
|
|
|
199 | (4) |
|
Chapter 4 Design and Deploy Core Networking Infrastructure: Private IP and DNS |
|
|
203 | (52) |
|
Designing Private IP Addressing for VNets |
|
|
204 | (6) |
|
|
|
210 | (3) |
|
Preparing Subnetting for Services |
|
|
213 | (1) |
|
Subnetting Design Considerations |
|
|
214 | (4) |
|
Example Case Study: Preparing Subnetting for Services |
|
|
218 | (2) |
|
Configuring Subnetting for Services |
|
|
220 | (3) |
|
Preparing and Configuring a Subnet Delegation |
|
|
223 | (2) |
|
Configure Subnet Delegation |
|
|
225 | (1) |
|
Planning and Configuring Subnetting for Azure Route Server |
|
|
226 | (5) |
|
Designing and Configuring Public DNS Zones |
|
|
231 | (2) |
|
Creating an Azure DNS Zone and Record Using PowerShell |
|
|
233 | (2) |
|
Designing and Configuring Private DNS Zones |
|
|
235 | (3) |
|
Creating a Private DNS Zone and Record Using PowerShell |
|
|
238 | (2) |
|
Designing Name Resolution Inside a VNet |
|
|
240 | (3) |
|
|
|
243 | (1) |
|
|
|
243 | (2) |
|
Linking a Private DNS Zone to a VNet |
|
|
245 | (3) |
|
|
|
248 | (1) |
|
|
|
249 | (2) |
|
|
|
251 | (4) |
|
Chapter 5 Design and Deploy Core Networking Infrastructure and Virtual WANs |
|
|
255 | (62) |
|
Overview of Virtual Network Peering, Service Chaining, and Gateway Transit |
|
|
256 | (2) |
|
Configure VPN Gateway Transit for Virtual Network Peering |
|
|
258 | (5) |
|
Design VPN Connectivity between VNets |
|
|
263 | (3) |
|
|
|
266 | (1) |
|
Deployment Model 1 Running in the Same Azure Subscription and Deployed Using Azure Resource Manager |
|
|
267 | (3) |
|
Deployment Model 2 Running in Different Subscriptions and Deploying Using Resource Manager |
|
|
270 | (3) |
|
Deployment Model 3 Running in the Same Subscription and Deploying One VNet Using Resource Manager and Another Using the Classic Model |
|
|
273 | (2) |
|
Deployment Model 4 Running in Different Subscriptions and Deploying One VNet Using Resource Manager and Another Using the Classic Model |
|
|
275 | (2) |
|
Design an Azure Virtual WAN Architecture |
|
|
277 | (12) |
|
Choosing SKUs and Services for Virtual WANs |
|
|
289 | (2) |
|
Connect a VNet Gateway to an Azure Virtual WAN and Build a Hub in a Virtual WAN |
|
|
291 | (8) |
|
Build a Virtual Network Appliance (NVA) in a Virtual Hub |
|
|
299 | (5) |
|
Set Up Virtual Hub Routing |
|
|
304 | (2) |
|
|
|
306 | (3) |
|
|
|
309 | (1) |
|
|
|
310 | (2) |
|
|
|
312 | (5) |
|
Chapter 6 Design and Deploy VNet Routing and Azure Load Balancer |
|
|
317 | (64) |
|
Design and Deploy User-Defined Routes |
|
|
318 | (1) |
|
|
|
318 | (3) |
|
|
|
321 | (7) |
|
Associate a Route Table with a Subnet |
|
|
328 | (1) |
|
|
|
329 | (5) |
|
Diagnose and Resolve Routing Issues |
|
|
334 | (2) |
|
Design and Deploy Azure Route Server |
|
|
336 | (2) |
|
Route Server Design Pattern 1 |
|
|
338 | (1) |
|
Route Server Design Pattern 2 |
|
|
339 | (5) |
|
Choosing an Azure Load Balancer SKU |
|
|
344 | (5) |
|
Choosing Between Public and Internal Load Balancers |
|
|
349 | (4) |
|
Build and Configure an Azure Load Balancer (Including Cross-Region) |
|
|
353 | (8) |
|
Build and Configure Cross-Region Load Balancer Resources |
|
|
361 | (5) |
|
Deploy a Load Balancing Rule |
|
|
366 | (4) |
|
Build and Configure Inbound NAT Rules |
|
|
370 | (1) |
|
Build Explicit Outbound Rules for a Load Balancer |
|
|
371 | (3) |
|
|
|
374 | (1) |
|
|
|
375 | (2) |
|
|
|
377 | (4) |
|
Chapter 7 Design and Deploy Azure application gateway. Azure front door, and Virtual NAT |
|
|
381 | (78) |
|
Azure Application Gateway Overview |
|
|
383 | (2) |
|
How Application Gateway Works |
|
|
385 | (4) |
|
Scaling Options for Application Gateway and WAF |
|
|
389 | (1) |
|
Overview of Application Gateway Deployment |
|
|
390 | (1) |
|
|
|
390 | (1) |
|
|
|
390 | (1) |
|
|
|
391 | (2) |
|
|
|
393 | (1) |
|
|
|
394 | (1) |
|
Application Gateway Request Routing Rules |
|
|
395 | (2) |
|
|
|
397 | (1) |
|
Application Gateway Rewrite Policies |
|
|
397 | (12) |
|
Features and Capabilities of Azure Front Door SKUs |
|
|
409 | (2) |
|
Health Probe Characteristics and Operation |
|
|
411 | (1) |
|
Secure Front Door with SSL |
|
|
412 | (1) |
|
Front Door for Web Applications with a High-Availability Design Pattern |
|
|
413 | (8) |
|
SSL Termination and End-to-End SSL Encryption |
|
|
421 | (2) |
|
|
|
423 | (1) |
|
Back-Ends, Back-End Pools, Back-End Host Headers, and Back-End Health Probes |
|
|
424 | (2) |
|
Routing and Routing Rules |
|
|
426 | (1) |
|
URL Redirection and URL Rewriting in Front Door Standard and Premium |
|
|
427 | (2) |
|
Design and Deploy Traffic Manager Profiles |
|
|
429 | (1) |
|
How Traffic Manager Works |
|
|
430 | (2) |
|
Traffic Manager Routing Methods |
|
|
432 | (1) |
|
Priority-Based Traffic Routing |
|
|
433 | (1) |
|
Weighted-Based Traffic Routing |
|
|
433 | (2) |
|
Performance-Based Traffic Routing |
|
|
435 | (1) |
|
Geographic-Based Traffic Routing |
|
|
436 | (1) |
|
Multivalue-Based Traffic Routing |
|
|
437 | (1) |
|
Subnet-Based Traffic Routing |
|
|
437 | (1) |
|
Building a Traffic Manager Profile |
|
|
438 | (4) |
|
|
|
442 | (1) |
|
Using a Virtual Network NAT |
|
|
443 | (2) |
|
Allocate Public IP or Public IP Prefixes for a NAT Gateway |
|
|
445 | (2) |
|
Associate a Virtual Network NAT with a Subnet |
|
|
447 | (4) |
|
|
|
451 | (1) |
|
|
|
451 | (4) |
|
|
|
455 | (4) |
|
Chapter 8 Design, Deploy, and Manage Azure Firewall and Network Security Groups |
|
|
459 | (84) |
|
Azure Firewall and Firewall Manager Features |
|
|
460 | (7) |
|
How Azure Firewall Manager Works |
|
|
467 | (1) |
|
How Azure Firewall and Firewall Manager Protect VNets |
|
|
468 | (8) |
|
Build and Configure an Azure Firewall Deployment |
|
|
476 | (19) |
|
|
|
495 | (6) |
|
Build and Configure a Secure Hub within an Azure Virtual WAN Hub |
|
|
501 | (2) |
|
Build and Configure a Secure Hub within an Azure Virtual WAN Hub Using Azure PowerShell |
|
|
503 | (4) |
|
Integrate an Azure Virtual WAN Hub with a Third-Party Network Virtual Appliance |
|
|
507 | (1) |
|
High-Level Use Case for Network Virtual Appliances |
|
|
508 | (1) |
|
Create and Attach a Network Security Group to a Resource |
|
|
509 | (10) |
|
Create an Application Security Group and Attach It to a NIC |
|
|
519 | (5) |
|
Create and Configure NSG Rules and Read Network Security Group Flow Logs |
|
|
524 | (7) |
|
|
|
531 | (3) |
|
|
|
534 | (2) |
|
|
|
536 | (1) |
|
|
|
536 | (3) |
|
|
|
539 | (4) |
|
Chapter 9 Design and Deploy Azure Web Application Firewall and Monitor Networks |
|
|
543 | (72) |
|
Azure Web Application Firewall Functions and Features |
|
|
544 | (3) |
|
WAF on Application Gateway |
|
|
547 | (2) |
|
|
|
549 | (1) |
|
WAF on Azure CDN from Microsoft |
|
|
550 | (1) |
|
Set Up Detection or Prevention Mode |
|
|
551 | (2) |
|
Azure Front Door WAF Policy Rule Sets |
|
|
553 | (2) |
|
|
|
555 | (3) |
|
|
|
558 | (2) |
|
|
|
560 | (6) |
|
Application Gateway WAF Policy Rule Sets |
|
|
566 | (2) |
|
|
|
568 | (1) |
|
|
|
568 | (1) |
|
|
|
568 | (4) |
|
|
|
572 | (1) |
|
|
|
573 | (7) |
|
Deploy and Attach WAF Policies |
|
|
580 | (2) |
|
Set Up Network Health Alerts and Logging Using Azure Monitor |
|
|
582 | (9) |
|
Build and Configure Azure Network Watcher |
|
|
591 | (4) |
|
Build and Configure a Connection Monitor Instance |
|
|
595 | (5) |
|
Build, Configure, and Use Traffic Analytics |
|
|
600 | (4) |
|
Build and Configure NSG Flow Logs |
|
|
604 | (3) |
|
Enable and Set Up Diagnostic Logging |
|
|
607 | (1) |
|
Enabling Diagnostic Logging |
|
|
608 | (1) |
|
|
|
609 | (1) |
|
|
|
609 | (2) |
|
|
|
611 | (4) |
|
Chapter 10 Design and Deploy Private Access to Azure Services |
|
|
615 | (64) |
|
Overview of Private Link Services and Private Endpoints |
|
|
616 | (2) |
|
Key Benefits of Private Link |
|
|
618 | (1) |
|
How Private Link Integrates into an Azure Virtual Network |
|
|
619 | (1) |
|
How Azure Private Endpoint Works |
|
|
619 | (9) |
|
|
|
628 | (4) |
|
Configure Access to Private Endpoints |
|
|
632 | (2) |
|
Azure Private Link RBAC Permissions |
|
|
634 | (1) |
|
Integrate Private Link with DNS and Private Link Services with On-Premises Clients |
|
|
634 | (1) |
|
Use Case 1 Workloads on Virtual Networks without a Custom DNS Server |
|
|
635 | (2) |
|
Use Case 2 Workloads That Use a DNS Forwarder On-Premises |
|
|
637 | (3) |
|
Use Case 3 Using a DNS Forwarder for Virtual Network Workloads and On-Premises Workloads |
|
|
640 | (2) |
|
Set Up Service Endpoints and Configure Service Endpoint Policies |
|
|
642 | (4) |
|
Overview of Service Tags and Access to Service Endpoints |
|
|
646 | (5) |
|
Configure Access to Service Endpoints |
|
|
651 | (6) |
|
Integrating App Services into Regional VNets |
|
|
657 | (1) |
|
Azure Regional VNet Integration |
|
|
658 | (1) |
|
How Azure Regional VNet Integration Works |
|
|
659 | (1) |
|
|
|
660 | (1) |
|
|
|
661 | (1) |
|
|
|
661 | (1) |
|
Application Route Management |
|
|
662 | (3) |
|
Configure Azure Kubernetes Service (AKS) for Regional VNet Integration |
|
|
665 | (5) |
|
Configure Clients to Access the App Service Environment |
|
|
670 | (3) |
|
|
|
673 | (1) |
|
|
|
673 | (2) |
|
|
|
675 | (4) |
|
Appendix Answers to Review Questions |
|
|
679 | (18) |
|
Chapter 1 Getting Started with AZ-700 Certification for Azure Networking |
|
|
680 | (1) |
|
Chapter 2 Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection |
|
|
681 | (2) |
|
Chapter 3 Design, Deploy, and Manage Azure ExpressRoute |
|
|
683 | (2) |
|
Chapter 4 Design and Deploy Core Networking Infrastructure: Private IP and DNS |
|
|
685 | (1) |
|
Chapter 5 Design and Deploy Core Networking Infrastructure and Virtual WANs |
|
|
686 | (2) |
|
Chapter 6 Design and Deploy VNet Routing and Azure Load Balancer |
|
|
688 | (2) |
|
Chapter 7 Design and Deploy Azure application gateway, Azure front door, and Virtual NAT |
|
|
690 | (1) |
|
Chapter 8 Design, Deploy, and Manage Azure Firewall and Network Security Groups |
|
|
691 | (2) |
|
Chapter 9 Design and Deploy Azure Web Application Firewall and Monitor Networks |
|
|
693 | (1) |
|
Chapter 10 Design and Deploy Private Access to Azure Services |
|
|
694 | (3) |
| Index |
|
697 | |
