azure:az-500:july_2023:networking

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:july_2023:networking [2023/07/20 21:38] mmuzeazure:az-500:july_2023:networking [2023/07/21 16:35] (current) mmuze
Line 16: Line 16:
  
 ====== Application Gateway ====== ====== Application Gateway ======
-  * An AppGateway combines a  L7 load-balancer and WAF+  * An App Gateway combines a L7 load-balancer and WAF
   * Logs can be sent to EventHub, Log Analytics or Azure Storage   * Logs can be sent to EventHub, Log Analytics or Azure Storage
   * Alerts can be sent to Security Center   * Alerts can be sent to Security Center
Line 33: Line 33:
   * Know network security options for App Service, Functions, AKS and storage   * Know network security options for App Service, Functions, AKS and storage
  
-====== Service Enpoints/Private Endpoints ====== +====== Service Endpoints/Private Endpoints ====== 
-  * Service Endpoints limits access to all instances of a PaaS service to go over the Microsoft backbone network +  * Service Endpoints limits access to specified VNets for all instances of a PaaS service via the Microsoft backbone network (instead of the internet) 
-  * Private Endpoints limits access to specific instances of PaaS services to go over a private network integrated with a customer VNet+ 
 +>With service endpoints, service traffic switches to use virtual network private addresses as the source IP addresses when accessing the Azure service from a virtual network. This switch allows you to access the services without the need for reserved, public IP addresses used in IP firewalls. 
 + 
 +  * Private Endpoints (PEs) limits access to specific instances of PaaS services to go over a private network integrated with a customer VNet 
 +  * NSGs don't factor into PEs since the resource is mapped to an IP in the VNet. 
 +  * PEs include built-in data exfiltration protection 
 +  * SEs require the use of network virtual appliance or firewall to get data exfiltration protection 
 +  * Private Link is the Azure service provided by various PaaS services that enables Private Endpoints. There can be third-party Private Link services in an addition to the Azure provided ones. 
 +  * A Private Endpoint must be deployed in the same region and subscription as the VNet, but the Private Link service can be deployed in a different region and the VNet and PE 
 +  * You can enable Private Link for your own apps/services by putting them behind a Azure Load Balancer 
 +===== Exam Tip ===== 
 +  * Know the use cases for Private Endpoints 
 + 
 +====== Encryption in transit ====== 
 +===== Exam Tip ===== 
 +  * Walk through the App Service managed certificate configuration before exam
  • azure/az-500/july_2023/networking.1689889109.txt.gz
  • Last modified: 2023/07/20 21:38
  • by mmuze