azure:az-104_2024:azure_compute

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-104_2024:azure_compute [2024/10/03 18:22] – [Just-In-Time (JIT) VM access] mmuzeazure:az-104_2024:azure_compute [2024/10/04 20:38] (current) – [Customer Domain] mmuze
Line 23: Line 23:
   * When access is needed a user makes a request to access a VM. If the request is approved, Defender for Cloud configures the NSGs and Azure Firewall to allow inbound traffic to the selected ports from the relevant IP address (or range), for the amount of time that was specified.   * When access is needed a user makes a request to access a VM. If the request is approved, Defender for Cloud configures the NSGs and Azure Firewall to allow inbound traffic to the selected ports from the relevant IP address (or range), for the amount of time that was specified.
  
 +<callout type="warning">
 +JIT does not support VMs protected by Azure Firewalls controlled by Azure Firewall Manager. The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies.
 +</callout>
 ====== Bastion ====== ====== Bastion ======
   * [[https://learn.microsoft.com/en-us/azure/bastion/configuration-settings]]   * [[https://learn.microsoft.com/en-us/azure/bastion/configuration-settings]]
Line 30: Line 33:
 Downgrading a SKU is not supported. To downgrade, you must delete and recreate Azure Bastion. Downgrading a SKU is not supported. To downgrade, you must delete and recreate Azure Bastion.
 </callout> </callout>
 +
 +  * In addition to having a web client interface for RDP/SSH access Bastion supports using native/local RDP/SSH clients.
 +    * This requires the Standard SKU.
 ====== Availability Sets ====== ====== Availability Sets ======
   * [[https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview]]   * [[https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview]]
Line 53: Line 59:
 ====== App Service ====== ====== App Service ======
   * App Service <color :#fff200>plans that have no apps associated with them still incur charges</color> because they continue to reserve the configured VM instances.   * App Service <color :#fff200>plans that have no apps associated with them still incur charges</color> because they continue to reserve the configured VM instances.
 +    * Consequently, you should try to minimize the number of App Service Plans that are used.
  
-===== Customer Domain =====+===== Custom Domain =====
   * [[https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain]]   * [[https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain]]
   * If you want to map a root domain to an App Service name you have to use an ''A'' record for app IP address, because ''CNAME'' records are not support for root/apex domain records. If you want to map a subdomain name to an App Service name you should use a ''CNAME'' record.   * If you want to map a root domain to an App Service name you have to use an ''A'' record for app IP address, because ''CNAME'' records are not support for root/apex domain records. If you want to map a subdomain name to an App Service name you should use a ''CNAME'' record.
Line 80: Line 87:
  
 ====== Azure Kubernetes Service (AKS) ====== ====== Azure Kubernetes Service (AKS) ======
 +<callout type="warning">
 +I have discovered that the current AZ-104 exam does not include questions about AKS. But, for now, I'm leaving this info here.
 +</callout>
   * Microsoft Entra authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol.   * Microsoft Entra authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol.
 ===== Networking ===== ===== Networking =====
  • azure/az-104_2024/azure_compute.1727979778.txt.gz
  • Last modified: 2024/10/03 18:22
  • by mmuze