Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:july_2023:networking [2023/07/20 22:19] – [Service Endpoints/Private Endpoints] mmuze | azure:az-500:july_2023:networking [2023/07/21 16:35] (current) – mmuze | ||
|---|---|---|---|
| Line 16: | Line 16: | ||
| ====== Application Gateway ====== | ====== Application Gateway ====== | ||
| - | * An AppGateway | + | * An App Gateway |
| * Logs can be sent to EventHub, Log Analytics or Azure Storage | * Logs can be sent to EventHub, Log Analytics or Azure Storage | ||
| * Alerts can be sent to Security Center | * Alerts can be sent to Security Center | ||
| Line 35: | Line 35: | ||
| ====== Service Endpoints/ | ====== Service Endpoints/ | ||
| * Service Endpoints limits access to specified VNets for all instances of a PaaS service via the Microsoft backbone network (instead of the internet) | * Service Endpoints limits access to specified VNets for all instances of a PaaS service via the Microsoft backbone network (instead of the internet) | ||
| + | |||
| + | >With service endpoints, service traffic switches to use virtual network private addresses as the source IP addresses when accessing the Azure service from a virtual network. This switch allows you to access the services without the need for reserved, public IP addresses used in IP firewalls. | ||
| + | |||
| * Private Endpoints (PEs) limits access to specific instances of PaaS services to go over a private network integrated with a customer VNet | * Private Endpoints (PEs) limits access to specific instances of PaaS services to go over a private network integrated with a customer VNet | ||
| * NSGs don't factor into PEs since the resource is mapped to an IP in the VNet. | * NSGs don't factor into PEs since the resource is mapped to an IP in the VNet. | ||
| Line 40: | Line 43: | ||
| * SEs require the use of network virtual appliance or firewall to get data exfiltration protection | * SEs require the use of network virtual appliance or firewall to get data exfiltration protection | ||
| * Private Link is the Azure service provided by various PaaS services that enables Private Endpoints. There can be third-party Private Link services in an addition to the Azure provided ones. | * Private Link is the Azure service provided by various PaaS services that enables Private Endpoints. There can be third-party Private Link services in an addition to the Azure provided ones. | ||
| + | * A Private Endpoint must be deployed in the same region and subscription as the VNet, but the Private Link service can be deployed in a different region and the VNet and PE | ||
| + | * You can enable Private Link for your own apps/ | ||
| + | ===== Exam Tip ===== | ||
| + | * Know the use cases for Private Endpoints | ||
| + | |||
| + | ====== Encryption in transit ====== | ||
| + | ===== Exam Tip ===== | ||
| + | * Walk through the App Service managed certificate configuration before exam | ||