Load Balancer vs. Application Gateway: Load balancers distribute incoming network traffic across multiple servers to ensure no single server becomes overwhelmed, improving overall performance and reliability. Application Gateways include load balancing functions but also provide application-level routing, SSL termination, and Web Application Firewall capabilities.
Network Security Groups (NSGs): In Azure, NSGs are used to filter network traffic to and from Azure resources. They contain security rules that allow or deny inbound and outbound traffic, based on source, destination IP addresses, ports, and protocols.
Troubleshooting a Failing Azure VM: To troubleshoot:
Check the VM's status and recent activity logs.
Verify network connectivity and configuration.
Ensure there’s no issue with the VM’s operating system or application.
Review metrics and logs in Azure Monitor for resource constraints or errors.
Kubernetes Ingress Controller: It manages external access to services in a Kubernetes cluster, typically via HTTP/HTTPS. It routes traffic to the appropriate services based on rules defined in Ingress resources.
Service Mesh: A service mesh is a dedicated infrastructure layer that controls service-to-service communication within a microservices architecture. It provides features like traffic management, observability, security, and resilience without altering application code.
Implementing CI/CD for Containerized Application:
Use Docker to containerize the application.
Set up a CI/CD pipeline using Jenkins, GitHub Actions, or other tools to build, test, and deploy containers.
Push the container images to a registry like Docker Hub or Azure Container Registry.
Use Kubernetes or similar orchestration tools to deploy and manage containerized applications.
Azure Functions in Serverless Architecture: Azure Functions are event-driven compute services that let you run code without provisioning or managing servers. They enable a pay-per-execution model and automatically scale to meet demand.
Securing Data in Kubernetes:
Use Kubernetes Secrets to manage sensitive data.
Enable Role-Based Access Control (RBAC) to limit permissions.
Implement network policies to control traffic.
Encrypt data at rest and in transit.
ARM Templates vs. Terraform: Both are IaC tools. ARM templates are Azure-native and define resources using JSON. Terraform, a multi-cloud tool, uses HCL for a more flexible, modular approach and can manage resources across different providers.
Managing Secrets in Azure DevOps: Use Azure Key Vault to store secrets securely. In pipelines, retrieve secrets from Key Vault using the Azure DevOps Key Vault task or Variable Groups linked to Key Vault.
Infrastructure as Code (IaC): IaC involves managing and provisioning computing resources through machine-readable configuration files rather than physical hardware configuration. This allows for version control, consistent deployment, and automation.
Types of Azure Storage Accounts:
General-purpose v2: Supports all storage types and is the default option.
General-purpose v1: Older version, supports blobs, files, queues, and tables.
Blob Storage: Optimized for storing unstructured data as blobs.
Monitoring Azure Applications: Use Azure Monitor to collect and analyze telemetry data. Set up Application Insights for detailed performance monitoring and diagnostics.
Public vs. Private IP Addresses: Public IP addresses are accessible over the internet, while private IP addresses are used within a virtual network for internal communication.
Scaling an AKS Cluster: You can manually scale the number of nodes in your AKS cluster or configure autoscaling to adjust the node count based on resource usage.
Blue-Green Deployment: This strategy involves maintaining two production environments: one active (Blue) and one idle (Green). Deploy updates to the idle environment and switch traffic to it once verified.
Best Practices for Securing Azure Resources:
Use strong authentication and access control.
Implement network security groups and firewalls.
Regularly monitor and audit resources.
Encrypt sensitive data.
Rollback in Azure DevOps: Use release pipelines to configure a rollback stage that redeploys the previous stable version or triggers a custom rollback script.
Vertical vs. Horizontal Scaling: Vertical scaling involves adding more power (CPU, RAM) to an existing machine, while horizontal scaling adds more machines to handle the load.
Tagging for Cost Management: Use tags to categorize resources by purpose, owner, environment, etc. This helps in tracking and managing costs effectively.
Azure Blob vs. File vs. Queue vs. Table Storage:
Blob: For storing unstructured data like images and documents.
File: Managed file shares for cloud or on-premises use.
Queue: Messaging service for decoupling application components.
Table: NoSQL storage for structured data.
Managing Load Balancers in Azure: Use the Azure portal, CLI, or PowerShell to configure load balancer settings, add backend pools, and set health probes and rules.
Azure DevOps Project Structure: It includes boards for project management, repos for source control, pipelines for CI/CD, test plans for testing, and artifacts for package management.
Implementing Auto-Scaling in Azure: Use Azure Monitor metrics and configure auto-scale settings to adjust resources like VMs or app services based on demand.
Azure SQL Database Tiers:
Basic: For small databases with light workloads.
Standard: Mid-range performance for a variety of workloads.
Premium: High performance for mission-critical workloads.
Migrating a Web Application to Azure:
Assess and plan the migration.
Use Azure Migrate to discover and assess on-premises applications.
Choose the right migration strategy (e.g., lift and shift, re-architecture).
Execute the migration and test.
Azure Active Directory vs. On-Premises Active Directory: Azure AD is a cloud-based identity and access management service, whereas on-prem AD manages local network resources. Azure AD integrates with cloud apps and services.
Using Azure Policies for Governance: Azure Policies enforce standards and compliance by evaluating resources and ensuring they adhere to your rules.
Virtual Network Gateway: This is a specific type of virtual network gateway used to send encrypted traffic between an Azure virtual network and an on-premises location or another Azure virtual network.
Azure Logic Apps: These are cloud services that help you automate workflows and integrate apps, data, services, and systems across enterprises or organizations.
Setting Up a VPN Connection to Azure:
Create a virtual network and a VPN gateway.
Configure the local network gateway.
Set up the VPN connection in your on-premises network device.
Purpose of Azure Monitor: Azure Monitor collects, analyzes, and acts on telemetry data from your Azure and on-premises environments. It helps understand performance, maintain availability, and identify trends.
No comments:
Post a Comment