- RG, NSGs, SA, AS, Routing Tables, IPs, NICs, LBs, DNS
- vnet (virtual network) => Logical collection of subnets => Complete Isolation of IP addresses, dns settings, security policies, routing table
- no cost charged for using it
- different VNets can have same IP addresses (CIDR address blocks – Classless Inter-Domain Routing notation) across dev / testing & production environments.
- It can have it’s own DNS server and configure VNet to use that DNS=> generally it is managed by ISP (Internet Service Provider who provided internet)
- We can use DNS server of Azure => so that we wud have everything in one place
- It can connect to on-prem data centers => we have to use side by side VPN or express connection
- subnet – logical collection of VMs (range of IP addresses) in a VNet
- Mainly for better organization & security No additional configuration needed for resources communication between 2 subnets of a VNet.
- We can also configure route tables & NSGs to a subnet
- Based on no.of machines in a network, a subnet mask will be set
- vm – virtual machine
- All IaaS VMs & PaaS role instances in a VNet can access public internet by default. Access can be controlled using NSGs.
- Access between VMs within same VNets of same or different subnets can happen using Private IPs
- Access between VMs across VNets need to happen using Public IPs
- Internal name resolution been provided by Azure within VNet
- Before setup VMs VNet arch + subnets need to be planned
- nsg – network security group => plays the role of firewall providing security => define rules to control inbound/outbound traffic => create/associate with subnets
- Rules can be defined to control the traffic at NICs, VMs & SubNet + VNets
- Rules are based on source IP + port <=> destination IP + port
- pip – public ip / VPN gateway
- Assigned to VM
- nic – network interface card
- VMs communicate with other VMs / resources on network using Virtual NICs
- Virtual NICs configure VMs with private/optional public IP address
- VMs can have one or more NICs for different network configurations
- lb – load balancer (public facing / internal)
- External load balancer => to provide high availability for public internet
- Internal load balancer => for within network
- Need to configure availability set
- azure dns => an Azure’s hosting service => enables clients to resolve user-friendly FQDNs to IP address
- Hosts our own domains with Azure apps
- We can manage our DNS records through Azure subscription
- DNS zone => hosts the dns records for a particular domain => (first we need to buy the domain name from domain providers like godaddy.com)
- Ex: For domain xyz.com => mail.xyz.com, www.xyz.com are the dns records
- The name of the zone must be unique within the resource group
- Same zone name can be reused in different resource groups or in different azure subscriptions
- When multiple zones share same name, each instance will be assigned different name server addresses & only one instance can be delegated from the parent domain.
- rg – resource group
- as – availability set
- High availability set
- sa – storage account
- Virtual disk storage account
- rs – record set (domain name record set)
- azure storage account – provides 3 types of storage services Blobs, Files, Tables & Queues. One per customer + provides isolation of the data between customers + 500 TB storage per storage account
- azure files – for shared file system between app servers
- As shared filesystem =>one per campaign cell thru autofs framework. No SFTP any more.
- azure storage explorer – access mech for clients to put/get files to be used in Adobe Campaign
- azure os disks – prepared vhd blobs as OS disks.
- azure data disks – linux raid/md (aggregate multiple individual disks in a logical single disk to distribute the load). Provisioned via LVM for on the fly easy future expansion
- azure managed disk – new feature that simplifies the provisioning of VMs + simplifies implementation of HA policies for resources.
- Create VNet with CIDR (IP Address) + default subnet with IP masks + new resource group
- Create more subnets with IP masks
- Create NSGs and associate them to subnets
- Create VM by selecting Virtual Machine based on OS (windows/linux/centos)
- configuration (CPU/Memory)
- virtual hard drive -> stored as Blob in a storage account
- IP – dynamic/static – For web servers dynamic is fine as users will be accessing load balancer based IPs. For backend servers select None.\
- For db server ex: sql server, select options like authentication type, admin uid/pwd, automatic patching, backup, Azure Key Vault integration, R services for advanced analytics
- For web server: after installing configure IIS
- Since IP is dynamic you can get to see it and you can access it from browser.
- You can configure the DNS name instead of using IP from the web server configuration option – change DNS name label to <app name>.eastus.cloudapp.azure.com
- Do not create NSG (select None) .. .default it takes subnet based NSGs
- Configure hight availability set (with update – 10/fault domains – 3)
- Monitoring / guest OS monitoring selections
- dns
- Buy domain name from sites like godaddy.com
- Create dns zone
- Get the nam server address from azure and configure it on control panel of the register like console panel of godaddy.com
- Name server resolves domain name to the underlying IP configured with domain name record set.
- Create record set in azure => record set maps domain to the azure resource IP.