# Describe Azure Compute and Networking Services
Objectives
* Compare compute types: containers, VMs, and functions
* Describe VM options
* Describe resources required for VMs
* Describe application hosting options: Azure Web Apps, containers, and VMs
* Describe virtual networking: Azure Virutal NEtworks, Azure Virtual Subnets, peering, Azure DNS, VPN Gateway, and ExpressRoute
* Define public and private endpoints

### Describe Azure VMs
VMs provide IaaS in the form of a virtualized server. They are ideal for 
* Total control over the OS
* The ability to run custom software
* To use custom hosting configurations

**Scale VMs in Azure**
You can group VMs together to provide high availability, scalability, and redundancy. Azure can manage these groups with features such as scale sets and availability sets.
* **Scale Sets**: Let you create an manage a group of identical, load-balanced VMs. This allows Azure to automate the work of configuration and network routing between VMs
* **Availibility Sets**: Designed to ensure that VMs stagger updates and have varied power and network connectivity so that one failure won't lose all VMs
    * *Update Domain*: Groups VMs that can be rebooted at the same time
    * *Fault Domain*: Groups VMs by common power source and network switch.

### When to use VMs
* During testing and development
* When running applications in the cloud
* When extending your datacenter to the cloud
* During Disaster recovery

When provisioning a VM you pick
* Size (Purpose, number of processor cores, RAM)
* Storage disks (Hard disk drives, solid state drives)
* Networking (Virtual network, public IP address, and port configuration)

### Describe Azure Virtual Desktop
Is a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location. 

It provides centralized security management for users' desktops with Microsoft Entra ID with optional multifactor authentication. The data and apps are seperated from the local hardware. 

### Describe Azure Contains
VMs are limited to a single OS per VM. If you want to run multiple instances of an application on a single host, containers are an excellent choice

**What are containers**

Containers are a virutalization environment. Much like running multiple VMs on a single physical host, you can run multiple containers on a single physical or virtual host.

You do not manage the OS for a container. VMs appear to be an instance of an OS that you can connect to and manage

**Azure Container Instances**: The fastest and simplest way to run a container in Azure. Offered as PaaS.

**Azure Container Apps**: Similar to an instance. They allow you to get up and running quickly. They remove the container management piece and are a PaaS. They also allow load balancing and scaling

**Azure Kubernetes Service**(AKS): Is a container orchestration service. It manages the lifecycle of containers.

Containers are often used for microservice architecture.


### Describe Azure Functions
Is an event-drive, serverless compute option that doesn't require maintaining VMs or containers. If you build an app using VMs or containers, those resources must be "running" in order for you app to function. With Azure functions, an event wakes the function, alleviating the need to keep resource provisioned when there are no events.

Benefits of Azure Functions
* Ideal when concerned about code running your services and not the underlying platform/infrastructure. 
* Commonly used when you need to perform work in response to an event (often via a REST request), timer, or message, that can be completed quickly
* Scale automatically based on demand
* Runs your code when triggered then deallocates
* Can be stateless or stateful (run new or remember prevous context)

### Describe Application Hosting Options
Aside from VMs and containers, you can host apps with 

**Azure App Service**

Enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. It supports Windows and Linux. It enables automated deployments from GitHub, Azure DevOps, or any Git repo

**Types of App Services**
* Web apps
* API Apps
* WebJobs
* Mobil Apps

Azure App Service handles the following infrastructure decisions
* Deployment and management are integrated into the platform
* Endpoints can be secured
* Sites can be scaled quickly to handle high traffic loads
* The built-in load balancing and traffic manager provides high availability

### Describe Azure Virtual Networking
Azure virtual networks and virtual subnets enable Azure resources, such as VMs, web apps, and databases to communicate with each other, with users on the internet, and with your on-prem client computers. They provide the following capabilities:
* Isolation and segmentation
* Internet communications
* Communicate between Azure resources
* Communicate with on-prem resourece
* Route network traffic
* Filter network traffic
* Connect virtual networks

Virutal networks support both public and private endpoints to enable comunication between external or internal resources with other ineternal resources
* Public endpoints have a public IP address and can be accessed from anywhere in the world.
* Private endpoints exist within a virtual network and have a private IP address from within the address space of that virtual network

### Describe Azure Virtual Private Networks
A virtual private network (VPN) uses an encrypted tunnel within another network. VPNs are typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically public internet). Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping

### VPN Gateways

A VPN Gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed in a dedicated subnet of the virutal network and enable the following
* Connect on-prem datacenters to virtual networks through site-to-site connection
* Connect individual devices to virtual networks through a point-to-site connection
* Connect virtual networks to other virtual networks through network-to-network connection

All data transfer is encryped inside a private tunnel as it crosses the internet. You can deploy only one VPN gateway in each virtual network. However, you can use one gateway to connect to multiple locations, which includes other virtual networks or on-premises datacenters.

When setting up a VPN gateway, you must specify the type of VPN - either policy-based or route-based. 
* Policy based: specify statically the IP address of packets that should be encrypted through each tunnel
* Route-based gateways, IPSec tunnels are modeled as a network interface or virtual tunnel interface.

VPN gateways are good for 
* Connections between virtual networks
* Point-to-site connections
* Multisite connections
* Coexistence with an Azure ExpressRoute gateway

### High-availability Scenarios
**Active/Standby**: By default, VPN gateways are deployed as two instances in active/standby configuration, event if you only see one VPN resource in Azure. When disruptions affects the active instance the standby takes over.

**Active/Active**: With the introduction of support for the BGP routing protocol, you can also deploy VPN gateways in active/active configuration. In this configuration, you assign a unique public IP address to each instance. Then seperate tunnels from on-prem device to each IP-address.

**ExpressRoute Failover**: Configure a VPN gateway as a secure failover path for ExpressRoute connections, which have resiliency built in. Can provision a VPN gateway that uses the internect as a backup in case there are problems with the physical ExpressRoute.

**Zone-Redundant Gateways**: In regions that support availability zones, VPN gateways and ExpressRoute gateways can be deployed in zone-redundant configuration. This confugration brings resiliency, scalability, and higher availability o the virutal network gateways.

### Describe Azure ExpressRoute
Lets you extend your on-prem networks into the microsoft cloud over a private connection, with the help of a connectivity provider called ExpressRoute Circuit. These connections are not through the internet and offer more reliability, faster speeds, consisten latencies, and higher security than typical connections. 

Features and Benefits
* Connectivity to Microsoft cloud services across all regions in the geopolitical region
* Global connectivity to Microsof services across all regions with the ExpressRoute Global Reach.
* Dynamic Routing between your network and Microsoft via border gateway protocol (BGP)
* Built in redundancy in eavery peering location for higher reliability

**Connectivity to Microsoft Cloud Services**: ExpressRoute enables direct access to the following
* Office 365
* Dynamics 365
* Azure compute services, i.e Azure VMs
* Azure cloud services: such as Cosmos DB and Azure Storage

**Global Connectivity**: Can enable ExpressRoute Global Reach to exhcnage data across your on-prem sites by connecting your ExpressRoute circuits.

**Dyanmic Routing**: ExpressRoute uses the BGP. BGP is used to exchange routes between on-prem networks and resources running in Azure.

**Built-in Redundancy**: Each provider uses redundant devies to ensure high availability.

**ExpressRoute Connectivity Models**
* Cloud Exchange colocation: when the datacenter, office, or other facility is co-located at a cloud exchange
* Point-to-point Ethernet connection: Uses point-to-point connection to connect your facility to the cloud
* Any-to-any connection: Can integrate with your Wide area Network (WAN) with Azure by providing connections to your offices and datacenters
* Directly from ExpressRoute Sites: Can connection directly into the Microsofts global network at a peering location

### Describe Azure DNS
Is a hosting servie for DNS domains that provides name resoultion by using Microsoft Azure infrastructure.

Benefits 
* Reliability and Performance: DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers, providing high resiliency and high availability.
* Security
    * Azure role-based access control
    * Activity Logs
    * Resource locking
* ease of use
* Customizable Virtual Networks: Also supports private NDS domains
* Alias Records