Differences

This shows you the differences between two versions of the page.

--- azure:az-104_2024:azure_compute [2024/10/03 13:35] – ↷ Page moved from azure:az-104:azure_compute to azure:az-104_2024:azure_compute mmuze
+++ azure:az-104_2024:azure_compute [2024/10/04 20:38] (current) – [Customer Domain] mmuze
@@ Line 19: / Line 19: @@
   * For VM ARM templates the //offer// attribute is the general server type (e.g. WindowsServer, LinuxServer) and the //SKU// attribute is the specific OS (e.g. 18.04-LTS, 2019-Datacenter).
+====== Just-In-Time (JIT) VM access ======
+  * When JIT access is enabled NSG or Azure Firewall rules are added to block inbound access for specific management ports (e.g. 3389, 22 etc).
+  * When access is needed a user makes a request to access a VM. If the request is approved, Defender for Cloud configures the NSGs and Azure Firewall to allow inbound traffic to the selected ports from the relevant IP address (or range), for the amount of time that was specified.
+<callout type="warning">
+JIT does not support VMs protected by Azure Firewalls controlled by Azure Firewall Manager. The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies.
+</callout>
+====== Bastion ======
+  * [[https://learn.microsoft.com/en-us/azure/bastion/configuration-settings]]
+  * [[https://learn.microsoft.com/en-us/azure/bastion/configuration-settings#skus]]
-====== Availability and Scale Sets ======
+<callout type="info">
+Downgrading a SKU is not supported. To downgrade, you must delete and recreate Azure Bastion.
+</callout>
+  * In addition to having a web client interface for RDP/SSH access Bastion supports using native/local RDP/SSH clients.
+    * This requires the Standard SKU.
+====== Availability Sets ======
   * [[https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview]]
@@ Line 31: / Line 46: @@
     * **Update domains** indicate groups of virtual machines and underlying physical hardware that can be rebooted at the same time.
   * If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set.
+====== Scale Sets ======
+===== Orchestration Mode =====
+  * [[https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes]]
+  * The orchestration mode is defined when you create the scale set and cannot be changed or updated later.
+  * **Uniform** - Optimized for large-scale stateless workloads with identical instances.
+  * **Flexible** - Achieve high availability at scale with identical or multiple virtual machine types.
+    * Flexible orchestration offers high availability guarantees (up to 1000 VMs) by spreading VMs across fault domains in a region or within an Availability Zone. This enables you to scale out your application while maintaining fault domain isolation that is essential to run quorum-based or stateful workloads.
 ====== App Service ======
   * App Service <color :#fff200>plans that have no apps associated with them still incur charges</color> because they continue to reserve the configured VM instances.
+    * Consequently, you should try to minimize the number of App Service Plans that are used.
-===== Customer Domain =====
+===== Custom Domain =====
   * [[https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain]]
-  * If you want to map a root domain to an App Service name you have to use an ''A'' record. If you want to map a subdomain name to an App Service name you should use a ''CNAME'' record.
+  * If you want to map a root domain to an App Service name you have to use an ''A'' record for app IP address, because ''CNAME'' records are not support for root/apex domain records. If you want to map a subdomain name to an App Service name you should use a ''CNAME'' record.
 ====== Azure Containers ======
-  * //Container Groups// can only be created from the CLI.
   * In Azure there is a continuum of container related services:
     * Container Instances/Container Groups
@@ Line 47: / Line 72: @@
   * There is a trade-off of the ease-of-use and capabilities of these technologies, so you can use the one that best matches the needs of your use case.
+  * A container group is a collection of containers that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It's similar in concept to a pod in Kubernetes.
+  * //Container Groups// can only be created from the CLI.
+<callout type="info">
+Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single container instance.
+</callout>
 ====== Azure Container Registry ======
   * There are three tiers for Azure Container Registry:
@@ Line 56: / Line 87: @@
 ====== Azure Kubernetes Service (AKS) ======
+<callout type="warning">
+I have discovered that the current AZ-104 exam does not include questions about AKS. But, for now, I'm leaving this info here.
+</callout>
   * Microsoft Entra authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol.
 ===== Networking =====