The Solution Architecture Map

• Zoom in on the Different Workload Types

• Zoom in on Containerization

• Solution Architecture Use Case

https://github.com/nehalineogi/azure-networking ***
https://github.com/kdakan/Azure-Architecture
https://github.com/MicrosoftDocs/architecture-center/blob/main/docs/guide/storage/
storage-start-here.md
https://github.com/microsoft/MTC_IL_WORKSHOP_Azure_Administrator ****
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/
fundamentals/infrastructure-integrity.md ****
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/
fundamentals/infrastructure-network.md

CNSHA18AS016

Hyderabad-1@12345$$

CN || Nagios Monitoring || VNHCM11GW019 [PROD] || CRITICAL - 172.16.77.19: Host

unreachable @ 10.133.220.18. rta nan, lost 100%

VNHCM11PSM043 [PROD] || CRITICAL - 172.16.77.43: Host unreachable @ 10.133.220.18.

rta nan, lost 100%

VNHCM11BK001 [PROD] || CRITICAL - 172.16.77.35: Host unreachable @ 10.133.220.18.

rta nan, lost 100%

VNHCM11GLM066 [PROD] || CRITICAL - 172.16.77.66: Host unreachable @ 10.133.220.18.

rta nan, lost 100%

VNHCM11AS020 [PROD] || CRITICAL - 172.16.77.20: Host unreachable @ 10.133.220.18.

rta nan, lost 100%

Luser_FTPS_WMACC

172.25.161.116

CH || Nagios Monitoring || egsad14as407 || CRITICAL - 172.18.11.3: Host unreachable

@ 10.133.225.37. rta nan, lost 100%

egsad14as409 || CRITICAL - 172.18.10.212: Host unreachable @ 10.133.225.37. rta

nan, lost 100%

egsad14psm001 || CRITICAL - 172.18.11.35: Host unreachable @ 10.133.225.37. rta

nan, lost 100%

egsad14as406 || CRITICAL - 172.18.11.4: Host unreachable @ 10.133.225.37. rta nan,

lost 100%

the below servers are up and running fine

egsad14as407
egsad14psm001
egsad14as406
the below servers are up and running fine not reporting to the nagios console
checking on this
egsad14as409

INC000005159572

Hyderabad-1@12345$$

usaws00is001

auto scaling
load balancing
scale set
av set
av zone
nsg,UDRs, and forced tunneling
Service endpoints
point to site x
site to site x
fault domain x
update domain x
hub and spoke
how many ways you can deploy vm
subscriptions x
rbac
storage x
key vault x
backup
resource group x
arm templates x
managed disk and unmanaged disk x
azure dignostics
What is Azure MFA? x
Azure Networking -- VNET,vnet peering,subnet,UDR
peer to peer
azure site recovery
pvt dns resolver
azure backup serivces, azure recovery services vault
backup policies
work load migration
azure monitor

What are Network Security Groups?

A *network security group (NSG)* contains a list of Access Control List (ACL) rules
that allow or deny network traffic to subnets, NICs, or both. NSGs can be
associated with either subnets or individual NICs connected to a subnet. When an
NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet.
In addition, traffic to an individual NIC can be restricted by associating an NSG
directly to a NIC.

NSG -- applied on virtual network subnet, network interface, or both.

Network Security Groups

You can use an Azure network security group to filter network traffic between Azure
resources in an Azure virtual network. A network security group contains security
rules that allow or deny inbound network traffic to, or outbound network traffic
from, several types of Azure resources. For each rule, you can specify source and
destination, port, and protocol.

Basic type of security level

Inbout rules / Outbound rules
Priority
Port No
Protocol
Source and Destination

What are virtual machine scale sets in Azure?

Virtual machine scale sets are Azure compute resource that you can use to deploy
and manage a set of identical VMs. With all the VMs configured the same, scale sets
are designed to support true autoscale, and no pre-provisioning of VMs is required.
So it’s easier to build large-scale services that target big compute, big data, and
containerized workloads.

How are Azure Marketplace subscriptions priced?

Pricing will vary based on product types. ISV software charges and Azure
infrastructure costs are charged separately through your Azure subscription.
Pricing models include:

* **BYOL Model**: Bring-your-own-license. You obtain outside of the Azure

Marketplace, the right to access or use the offering and are not charged Azure
Marketplace fees for use of the offering in the Azure Marketplace.

* **Free**: Free SKU. Customers are not charged Azure Marketplace fees for use of
the offering.

* **Free Software Trial**: Full-featured version of the offer that is promotionally

free for a limited period of time. You will not be charged Azure Marketplace fees
for use of the offering during a trial period. Upon expiration of the trial period,
customers will automatically be charged based on standard rates for use of the
offering.

* **Usage-Based**: You are charged or billed based on the extent of your use of the
offering. For Virtual Machines Images, you are charged an hourly Azure Marketplace
fee. For Data Services, Developer services, and APIs, you are charged per unit of
measurement as defined by the offering.

* **Monthly Fee**: You are charged or billed a fixed monthly fee for a subscription
to the offering (from the date of subscription start for that particular plan). The
monthly fee is not prorated for mid-month cancellations or unused services.

Azure supports two types of Point-to-site VPN options:

* Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-

based solution that can penetrate firewalls since most firewalls open the TCP port
that 443 SSL uses.
* IKEv2 VPN.

What Is Azure Key Vault?

Key Vault help you safeguard cryptographic keys and other secrets used by your
applications whenever they are On-Premise or in the cloud. More and more services
on Azure are now integrating Azure Key Vault as their secret/key source for things
like deployments, data or even disk encryption.

Explain the Azure ARM Templates

An Azure Resource Template is a JSON file used to deploy resources with Azure
Resource Manager. It defines:

Parameters
Variables
Resources - the actual resources that you are going to deploy or update
Outputs

What is Azure Blob Storage?

Azure Blob storage is Microsoft's object storage solution for the cloud. Blob
storage is optimized for storing massive amounts of unstructured data, such as text
or binary data. Azure Storage offers three types of blobs:

Block blobs store text and binary data, up to about 4.7 TB. Block blobs are made up
of blocks of data that can be managed individually.
Append blobs are made up of blocks like block blobs, but are optimized for append
operations. Append blobs are ideal for scenarios such as logging data from virtual
machines.
Page blobs store random access files up to 8 TB in size. Page blobs store the VHD
files that back VMs

**IaaS -- Infrastructure as a Service** -- a set of infrastructure

level capabilities such as an operating system, network
connectivity, etc. that are delivered as pay for use services and
can be used to **Host** applications.

Example, Azure VM, VNET.

**Fault domain** is a physical unit of failure. In simple form when your

computer is connected to power supply and if power supply is down then
your computer can not be operational. So computer itself connected to
power supply is a Fault domain.

**Definition** - So a fault domain is set of hardware components like

computers, switches that share single point of failure.
**What is single point of failure** -- is a part of the system, if it
fails, will stop the entire system from working.

*Upgrade Domain -**

when an upgrade of guest OS, host OS or
application update need to be performed then only one upgrade domain
based instances is updated

So at
any point of time during upgrade at least one instance is alive and
serving the users request hence you don't face the downtime of your
application.

It is a logical unit of grouping the role instances and it does not

exist physically. When we have 2 instances of role running then
automatically each of the deployment or instances are treated as
different upgrade domain. So when an upgrade of guest OS, host OS or
application update need to be performed then only one upgrade domain
based instances is updated while upgrade domain 2 based instance keep
serving the user's requests. Once upgrade of first instance is completed
then second upgrade domain based instance gets updated and so on. So at
any point of time during upgrade at least one instance is alive and
serving the users request hence you don't face the downtime of your
application.

For achieving high availability in case of Azure IaaS VMs --

Availability sets should be used along with at least 2 instances of VMs
and implement this redundancy at every web tier and DB tier.

high availability -- AV set

connecting single on premises DB machine

to Azure hosted application, Azure VNET based "Point to Site" can be
considered as correct choice
Site to Site and express route are other options for achieving cross
premises connectivity. Site to site to specifically use when you have
large number of resources to be connected

What is an Availability Set?

An availability set is a logical grouping of VMs that allows Azure to understand
how your application is built to provide redundancy and availability. It is
recommended that two or more VMs are created within an availability set to provide
for a highly available application and to meet the 99.95% Azure SLA. When a single
VM is used with Azure Premium Storage, the Azure SLA applies for unplanned
maintenance events

What are virtual machine scale sets in Azure?

Virtual machine scale sets are Azure compute resource that you can use to deploy
and manage a set of identical VMs. With all the VMs configured the same, scale sets
are designed to support true autoscale, and no pre-provisioning of VMs is required.
So it’s easier to build large-scale services that target big compute, big data, and
containerized workloads.

What is Azure MFA?

Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification
solution. It delivers strong authentication via a range of verification methods,
including phone call, text message, or mobile app verification.

Do scale sets work with Azure availability sets?

Yes.

What is key vault in Azure?

Microsoft Azure Key Vault is a cloud-hosted management service that allows users to
encrypt keys and small secrets by using keys that are protected by hardware
security modules (HSMs). Small secrets are data less than 10 KB like passwords
and .PFX files.

Explain the Azure ARM Templates

An Azure Resource Template is a JSON file used to deploy resources with Azure
Resource Manager. It defines:

Parameters
Variables
Resources - the actual resources that you are going to deploy or update
Outputs

What is Azure ARM?

The Azure Resource Manager (ARM) is the service used to provision resources in your
Azure subscription. It was first announced at Build 2014 when the new Azure portal
( portal.azure.com) was announced and provides a new set of API's that are used to
provision resources. The ARM is:

Azure Managed Disks are the new and recommended disk storage offerings for use with
Azure Virtual Machines for persistent storage of data. You can use multiple Managed
Disks with each Virtual Machine. Managed Disks offer two types of durable storage
options: Premium and Standard Managed Disks.

Azure storage accounts can also provide storage for the operating system disk and
any data disks. Each disk is a .vhd file stored as a page blob.

What is Azure VPN?

A VPN gateway is a specific type of virtual network gateway that is used to send
encrypted traffic between an Azure virtual network and an on-premises location over
the public Internet. You can also use a VPN gateway to send encrypted traffic
between Azure virtual networks over the Microsoft network.

Azure Monitor
Azure Monitor helps you maximize the availability and performance of your
applications and services. It delivers a comprehensive solution for collecting,
analyzing, and acting on telemetry from your cloud and on-premises environments.
This information helps you understand how your applications are performing and
proactively identify issues that affect them and the resources they depend on.

A few examples of what you can do with Azure Monitor include:

Detect and diagnose issues across applications and dependencies with Application
Insights.
Correlate infrastructure issues with VM insights and Container insights.
Drill into your monitoring data with Log Analytics for troubleshooting and deep
diagnostics.
Support operations at scale with automated actions.
Create visualizations with Azure dashboards and workbooks.
Collect data from monitored resources by using Azure Monitor Metrics.
Investigate change data for routine monitoring or for triaging incidents by using
Change Analysis

azure_monitor
Metrics for Azure resources
CPU Usage
Disk Metricts
Network Stats
Alerts
Activity Logs
Control Plane activities
When a virtual machine is stopped
When a virtual machine is created
Log Analytics Workspace
Central Solution for all of your logs
Application Insights
Performance
Management system for your live applications

Azure backup

The Azure Backup service provides simple, secure, and cost-effective solutions to
back up your data and recover it from the Microsoft Azure cloud.

What can I back up?

On-premises - Back up files, folders, system state using the Microsoft Azure
Recovery Services (MARS) agent. Or use the DPM or Azure Backup Server (MABS) agent
to protect on-premises VMs(Hyper-V and VMware) and other on-premises workloads
Azure VMs - Back up entire Windows/Linux VMs (using backup extensions) or back up
files, folders, and system state using the MARS agent.
Azure Managed Disks - Back up Azure Managed Disks
Azure Files shares - Back up Azure File shares to a storage account
SQL Server in Azure VMs - Back up SQL Server databases running on Azure VMs
SAP HANA databases in Azure VMs - Backup SAP HANA databases running on Azure VMs
Azure Database for PostgreSQL servers - Back up Azure PostgreSQL databases and
retain the backups for up to 10 years
Azure Blobs - Overview of operational backup for Azure Blobs

azure backup for virtual machines

Provides access to data on the VM of something happens to the original VM
The backup gets written to a Recovery Service Vault

Application Insights
Application Insights is an extension of Azure Monitor and provides Application
Performance Monitoring (also known as “APM”) features. APM tools are useful to
monitor applications from development, through test, and into production in the
following ways:

Proactively understand how an application is performing.

Reactively review application execution data to determine the cause of an incident

The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for
the compute, data, and service layers of your environment:

Microsoft Defender for Servers

Microsoft Defender for Storage
Microsoft Defender for SQL
Microsoft Defender for Containers
Microsoft Defender for App Service
Microsoft Defender for Key Vault
Microsoft Defender for Resource Manager
Microsoft Defender for DNS
Microsoft Defender for open-source relational databases
Microsoft Defender for Azure Cosmos DB
Defender Cloud Security Posture Management (CSPM)
Security governance and regulatory compliance
Cloud security explorer
Attack path analysis
Agentless scanning for machines
Defender for DevOps

Azure Policies
Azure Policy helps to enforce organizational standards and to assess compliance at-
scale. Through its compliance dashboard, it provides an aggregated view to evaluate
the overall state of the environment, with the ability to drill down to the per-
resource, per-policy granularity. It also helps to bring your resources to
compliance through bulk remediation for existing resources and automatic
remediation for new resources.

Common use cases for Azure Policy include implementing governance for resource
consistency, regulatory compliance, security, cost, and management. Policy
definitions for these common use cases are already available in your Azure
environment as built-ins to help you get started.

Specifically, some useful governance actions you can enforce with Azure Policy
include:

Ensuring your team deploys Azure resources only to allowed regions

Enforcing the consistent application of taxonomic tags
Requiring resources to send diagnostic logs to a Log Analytics workspace
Costing in Azure
Azure has many ways to tackle costs
Cost analysis as part of your subscription
Here you can see the current spending
See spending per resource
See your forecasts
See you spending history
See the spending based on tags, resource types etc
Azure Advisor

Role Base Access Control

Contributor - Grants full access to manage all resources, but does not allow you to
assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image
galleries.
Owner - Grants full access to manage all resources, including the ability to assign
roles in Azure RBAC.
Reader - View all resources, but does not allow you to make any changes.
User Access Administrator - Lets you manage user access to Azure resources.
Full List - click here
Custom Roles - We can create a custom role based on existing roles

Reference list of Azure domains (not comprehensive)

This page is a partial list of the Azure domains in use. Some of them are REST API
endpoints.

Service Subdomain
Azure Access Control Service (retired) *.accesscontrol.windows.net
Microsoft Entra ID *.graph.windows.net / *.onmicrosoft.com
Azure API Management *.azure-api.net
Azure BizTalk Services (retired) *.biztalk.windows.net
Azure Blob storage *.blob.core.windows.net
Azure Cloud Services and Azure Virtual Machines *.cloudapp.net
Azure Cloud Services and Azure Virtual Machines *.cloudapp.azure.com
Azure Container Registry *.azurecr.io
Azure Container Service (deprecated) *.azurecontainer.io
Azure Content Delivery Network (CDN) *.vo.msecnd.net
Azure Cosmos DB *.cosmos.azure.com
Azure Cosmos DB *.documents.azure.com
Azure Files *.file.core.windows.net
Azure Front Door *.azurefd.net
Azure Key Vault *.vault.azure.net
Azure Kubernetes Service *.azmk8s.io
Azure Management Services *.management.core.windows.net
Azure Media Services *.origin.mediaservices.windows.net
Azure Mobile Apps *.azure-mobile.net
Azure Queue Storage *.queue.core.windows.net
Azure Service Bus *.servicebus.windows.net
Azure SQL Database *.database.windows.net
Azure Stack Edge and Azure IoT Edge *.azureedge.net
Azure Table Storage *.table.core.windows.net
Azure Traffic Manager *.trafficmanager.net
Azure Websites *.azurewebsites.net
GitHub Codespaces *.visualstudio.com

Optimize uptime and performance

If a service is down, information can't be accessed. If performance is so poor that
the data is unusable, you can consider the data to be inaccessible. From a security
perspective, you need to do whatever you can to make sure that your services have
optimal uptime and performance.

A popular and effective method for enhancing availability and performance is load
balancing. Load balancing is a method of distributing network traffic across
servers that are part of a service. For example, if you have front-end web servers
as part of your service, you can use load balancing to distribute the traffic
across your multiple front-end web servers.

This distribution of traffic increases availability because if one of the web

servers becomes unavailable, the load balancer stops sending traffic to that server
and redirects it to the servers that are still online. Load balancing also helps
performance, because the processor, network, and memory overhead for serving
requests is distributed across all the load-balanced servers.

We recommend that you employ load balancing whenever you can, and as appropriate
for your services. Following are scenarios at both the Azure virtual network level
and the global level, along with load-balancing options for each.

Scenario: You have an application that:

Requires requests from the same user/client session to reach the same back-end
virtual machine. Examples of this are shopping cart apps and web mail servers.
Accepts only a secure connection, so unencrypted communication to the server isn't
an acceptable option.
Requires multiple HTTP requests on the same long-running TCP connection to be
routed or load balanced to different back-end servers.
Load-balancing option: Use Azure Application Gateway, an HTTP web traffic load
balancer. Application Gateway supports end-to-end TLS encryption and TLS
termination at the gateway. Web servers can then be unburdened from encryption and
decryption overhead and traffic flowing unencrypted to the back-end servers.

Scenario: You need to load balance incoming connections from the internet among
your servers located in an Azure virtual network. Scenarios are when you:

Have stateless applications that accept incoming requests from the internet.
Don't require sticky sessions or TLS offload. Sticky sessions is a method used with
Application Load Balancing, to achieve server-affinity.
Load-balancing option: Use the Azure portal to create an external load balancer
that spreads incoming requests across multiple VMs to provide a higher level of
availability.

Scenario: You need to load balance connections from VMs that are not on the
internet. In most cases, the connections that are accepted for load balancing are
initiated by devices on an Azure virtual network, such as SQL Server instances or
internal web servers.
Load-balancing option: Use the Azure portal to create an internal load balancer
that spreads incoming requests across multiple VMs to provide a higher level of
availability.

Scenario: You need global load balancing because you:

Have a cloud solution that is widely distributed across multiple regions and
requires the highest level of uptime (availability) possible.
Need the highest level of uptime possible to make sure that your service is
available even if an entire datacenter becomes unavailable.
Load-balancing option: Use Azure Traffic Manager. Traffic Manager makes it possible
to load balance connections to your services based on the location of the user.

For example, if the user makes a request to your service from the EU, the
connection is directed to your services located in an EU datacenter. This part of
Traffic Manager global load balancing helps to improve performance because
connecting to the nearest datacenter is faster than connecting to datacenters that
are far away.

What are the key components of the Azure Resource Manager (ARM)?
Azure Resource Manager (ARM) is an Azure resources deployment and management
service. The key components of ARM include:

Resource groups: A logical container for resources that are deployed within an
Azure subscription.
ARM templates: JSON files that define the resources, configurations, and
dependencies for an Azure deployment.
ARM API: A RESTful API for managing Azure resources programmatically.
Role-based access control (RBAC): A mechanism for controlling access to Azure
resources based on user roles and permissions.

Can you explain the difference between Azure Service Bus, Event Hubs, and Event
Grid?
Azure Service Bus is a fully managed enterprise integration message broker that
supports both point-to-point and publish-subscribe communication patterns. It is
designed for high-throughput, low-latency messaging scenarios.

Azure Event Hubs is a big data streaming platform and event ingestion service that
can process millions of events per second. It is designed for real-time data
processing and analytics.

Azure Event Grid is a fully managed event routing service that enables event-
driven, reactive programming. It connects event sources with event handlers using a
publish-subscribe model and supports filtering and routing based on event types and
data.

6. What is Azure Active Directory (AAD), and how does it differ from an on-premises
active directory?
Azure Active Directory (AAD), now Microsoft Entra ID, is a cloud-based identity and
access management service that provides single sign-on (SSO), multi-factor
authentication, and identity protection for applications and services.

AAD differs from an on-premises active directory in several ways:

AAD is a cloud-based service, while an on-premises active directory is hosted on

your infrastructure.
AAD supports modern authentication protocols like OAuth 2.0 and OpenID Connect,
while an on-premises active directory primarily uses Kerberos and NTLM.
AAD provides built-in integration with other Azure services and third-party
applications, while an on-premises active directory requires additional
configuration and integration.

What are Azure Virtual Machines (VMs), and how do they differ from other computing
options in Azure?
Azure Virtual Machines (VMs) are Infrastructure-as-a-Service (IaaS) offerings that
provide on-demand, scalable compute resources in the cloud. VMs differ from other
compute options in Azure, such as Web Apps and Functions, in that they provide more
control over the underlying infrastructure, including the operating system,
networking, and storage. This makes VMs suitable for workloads that require custom
configurations or need to run specific software that is not supported by other
Azure compute services.

----------------------------------------------------------------------------------

What is the role and key responsibilities of an Azure administrator?

An Azure Administrator manages and maintains Azure cloud infrastructure, services,
and resources. Their key responsibilities include:

Provisioning, configuring, and monitoring Azure resources and services.

Implementing and managing storage, compute, and networking components.
Ensuring high availability, scalability, and performance of Azure infrastructure.
Managing and monitoring security, identity, and access control.
Troubleshooting and resolving issues related to Azure services and resources.

How do you ensure high availability and disaster recovery for Azure Virtual
Machines (VMs)?
To ensure high availability for Azure VMs, you can:

Deploy VMs in an Availability Set, which distributes VMs across multiple fault
domains and update domains within a data center.
Use Azure Virtual Machine Scale Sets to automatically scale the number of VM
instances based on demand or a predefined schedule.
Deploy VMs in multiple Azure regions and use Azure Traffic Manager or Azure Front
Door to distribute traffic across regions.
For disaster recovery, you can:

Use Azure Site Recovery to replicate VMs to a secondary Azure region and enable
failover in case of a disaster.
Regularly back up VMs using Azure Backup and restore them to a new VM in case of
data loss or corruption.

What is Azure Storage Service Encryption (SSE), and how does it help protect data?
Azure Storage Service Encryption (SSE) is a feature that automatically encrypts
data at rest in Azure Blob Storage, File Storage, Table Storage, and Queue Storage.
SSE uses Azure-managed encryption keys or customer-managed keys to encrypt data
before it is written to storage and decrypts it when it is read. This helps protect
data from unauthorized access and ensures compliance with data security and privacy
regulations.

How do you monitor and optimize the performance of Azure resources?

To monitor and optimize the performance of Azure resources, you can:

Use Azure Monitor to collect, analyze, and visualize performance metrics and logs
from Azure resources.
Set up alerts and notifications based on performance thresholds or specific events.
Use Azure Advisor to get personalized recommendations for optimizing resource
performance, cost, security, and reliability.
Implement autoscaling for compute resources, such as VMs and App Services, to
adjust capacity based on demand.
Use Azure CDN and Azure Traffic Manager to optimize content delivery and network
performance.

What is Azure Virtual Network (VNet), and what are its key features?
Azure Virtual Network (VNet) is a logically isolated network within the Azure cloud
that enables you to connect Azure resources and on-premises networks securely. Key
features of Azure VNet include:

Private IP address space and DNS settings for resources within the VNet.
Subnets for organizing and segmenting resources based on security and network
requirements.
Network Security Groups (NSGs) for controlling inbound and outbound traffic to
resources.
Virtual Network Gateway for connecting VNets to on-premises networks using VPN or
ExpressRoute.
VNet peering for connecting VNets within the same or different Azure regions.

What is Azure Load Balancer, and how does it help distribute traffic to Azure
resources?
Azure Load Balancer is a network service that distributes incoming network traffic
across multiple resources, such as VMs, to ensure high availability, scalability,
and low latency. Azure Load Balancer supports both Layer 4 (TCP/UDP) and Layer 7
(HTTP/HTTPS) traffic and provides features such as:

Health probes for monitoring the availability and responsiveness of resources.

Load balancing rules for distributing traffic based on source and destination IP
addresses, ports, and protocols.
Session persistence for maintaining client connections to the same resource during
a session.
Integration with Azure Availability Sets and Virtual Machine Scale Sets for
distributing traffic across fault domains and update domains.

What is Azure ExpressRoute, and when should you use it?

Azure ExpressRoute is a dedicated, private network connection between your on-
premises infrastructure and Azure data centers. ExpressRoute provides faster, more
reliable, and more secure connectivity compared to a standard internet-based VPN
connection. You should use ExpressRoute when:

You require low-latency, high-bandwidth connectivity between your on-premises and

Azure environments.
You need to transfer large amounts of data between your on-premises and Azure
environments.
You have strict security and compliance requirements that mandate a private
connection to Azure.

What is Azure Backup, and how does it help protect Azure resources?
Azure Backup is a cloud-based backup service that enables you to back up and
restore Azure resources, such as VMs, databases, and file shares. Azure Backup
helps protect Azure resources by:

Providing a centralized, scalable, and cost-effective solution for backing up data

and applications.
Supporting incremental backups, which reduce storage and network costs by only
backing up changed data.
Encrypting backup data at rest and in transit for security and compliance.
Offering flexible retention policies and recovery options to meet your business
continuity and disaster recovery requirements.

What is Azure site recovery, and how does it help with disaster recovery in Azure?
Azure Site Recovery is a cloud-based disaster recovery service that enables you to
replicate, failover, and recover Azure resources and on-premises workloads in case
of a disaster or outage. Azure Site Recovery helps with disaster recovery in Azure
by:

Providing a simple, automated, and cost-effective solution for replicating and

recovering resources across Azure regions or between on-premises and Azure
environments.
Supporting various replication technologies, such as Hyper-V Replica, Azure VM
replication, and VMware vSphere replication.
Offering customizable recovery plans, including failover, failback, and testing
capabilities.
Integrating with Azure Monitor and Azure Automation for monitoring and
orchestrating disaster recovery processes.

What is Azure cost management, and how does it help control and optimize Azure
spending?
Azure Cost Management is a suite of tools and services that help you monitor,
analyze, and optimize your Azure spending. Azure Cost Management provides:

Cost analysis reports and dashboards for visualizing and understanding your Azure
spending patterns.
Budgets and alerts for tracking and controlling spending against predefined limits.
Cost recommendations based on your usage patterns and Azure best practices.
Integration with Azure Policy for enforcing cost-related policies and compliance.

What are some best practices for securing Azure resources and data?
Some best practices for securing Azure resources and data include:

Implementing the principle of least privilege by granting users and applications

the minimum permissions necessary to perform their tasks.
Using Azure Active Directory and Role-Based Access Control (RBAC) for managing
access to resources and services.
Encrypting data at rest and in transit using Azure Storage Service Encryption (SSE)
and Azure Disk Encryption.
Regularly monitoring and auditing resource activity using Azure Monitor, Azure
Security Center, and Azure Policy.
Implementing network security best practices, such as using Network Security Groups
(NSGs), Azure Firewall, and Azure Private Link.
Regularly backing up resources and implementing disaster recovery plans using Azure
Backup and Azure Site Recovery.
Source: DEGRZ99DHPLC01-172.25.158.202 Workstation Management
degrz11d3bd1643-172.25.81.24 Workstation Management
DEGRZ99DELPRO02-172.25.158.197 Workstation Management
degrz11d3bd1609-172.25.81.23 Workstation Management
degrz11d3d3cc5b-172.25.81.13 Workstation Management
DEGRZ99D2LAB145-172.25.159.83 Workstation Management
degrz11d3d3ca69-172.25.81.12 Workstation Management
degrz11d3f1ff7c-172.25.81.7 Workstation Management
Destination: chsis66as976-172.25.145.71 UNSUCCESSFUL-LOGINS. not found
Site: 642_Grenzach
Signature: SIGN:MULTIPLE-UNSUCCESSFUL-LOGINS.
Destination port: 80