Azure Virtual Network Peering
Question
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.AE
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named 'GatewaySubnet'.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-networkTo enable the client computers on your on-premises network to communicate with Azure virtual machines, you need to create a connection between your on-premises network and Azure virtual network.
The following Azure resources need to be created for the planned solution:
A Virtual Network (VNet) - A VNet is a representation of your own network in the cloud. It is the fundamental building block for your private network in Azure. You can create one or more subnets within a VNet to isolate network traffic.
A Virtual Network Gateway - A Virtual Network Gateway is used to create a secure cross-premises connection. The gateway is the entry and exit point for network traffic. You can configure a Virtual Network Gateway to use a VPN or ExpressRoute connection to connect your on-premises network to the VNet. The gateway also provides other features such as VNet-to-VNet connections and point-to-site connections.
Optionally, if you want to provide high availability for your virtual machines or distribute traffic across multiple virtual machines, you can add a Load Balancer to the solution. A Load Balancer can distribute inbound traffic to backend virtual machines across multiple Availability Zones, availability sets, or virtual machine scale sets.
Additionally, an Application Gateway can be used to provide layer 7 load balancing for HTTP/HTTPS traffic, SSL offloading, and web application firewall (WAF) capabilities.
A Gateway Subnet is a subnet that is used by the Virtual Network Gateway. It is a best practice to create a separate subnet for the Virtual Network Gateway to isolate network traffic.
Therefore, the correct answers for the exam question are:
- A Virtual Network Gateway
- A Virtual Network
Note that a Gateway Subnet is not one of the required resources, but it is a best practice to create one. The Load Balancer and Application Gateway are not required but can be added for additional functionality.
