Introduction xxv

Assessment Test xxxvii

Chapter 1 Getting Started with AZ-700 Certification for Azure Networking 1

Basics of Cloud Computing and Networking 2

The Need for Networking Infrastructure 3

The Need for the Cloud 3

Basics of Networking 6

Enterprise Cloud Networking 10

Microsoft Azure Overview 11

Azure Cloud Foundation 12

Azure Global Infrastructure 14

Azure Networking Terminology 20

Azure Networking Overview 21

Azure Networking Services 23

Azure Virtual Network 26

VNet Concepts and Best Practices 28

Deploying a Virtual Network with Azure PowerShell 35

Configure Public IP Services 37

Basic SKUs 38

Standard SKUs 39

Configure a Basic SKU Public IP 40

Configure a Standard SKU Public IP with Zones 40

Configuring Domain Name Services 40

Configure an Azure DNS Zone and Record Using Azure PowerShell 42

Configuring Cross-Virtual Network Connectivity with Peering 43

Configuring Peering between Two Virtual Networks in the Same Region 45

Configuring Virtual Network Traffic Routing 46

Using Forced Tunneling to Secure the VNet Route 52

Configuring Internet Access with Azure Virtual NAT 53

Deploy the NAT Gateway Using Azure PowerShell 54

Summary 56

Exam Essentials 56

Hands-On Lab: Design and Deploy a Virtual Network via the Azure Portal 57

Activity 1: Prepare the Network Schema 58

Activity 2: Build the Aviation Resource Group 60

Activity 3a: Build the CoreInfraVnet Virtual Network and Subnets 60

Activity 3b: Build the EngineeringVnet Virtual Network and Subnets 64

Activity 3c: Build the BranchofficeVnet Virtual Network and Subnets 66

Activity 4: Validate the Build of VNets and Subnets 68

Review Questions 70

Chapter 2 Design, Deploy, and Manage a Site-to-Site VPN Connection and Point-to-Site VPN Connection 75

Overview of Azure VPN Gateway 76

Designing an Azure VPN Connection 79

Design Pattern 1 86

Design Pattern 2 87

Design Pattern 3 88

Choosing a Virtual Network Gateway SKU for Site-to-Site VPN 89

Using Policy-Based VPNs vs. Route-Based VPNs 92

Building and Configuring a Virtual Network Gateway 94

Building and Configuring a Local Network Gateway 97

Building and Configuring an IPsec/IKE Policy 101

Configuration Workflow 104

Diagnosing and Resolving VPN Gateway Connectivity Issues 109

Choosing a VNet Gateway SKU for Point-to-Site VPNs 112

Configuring RADIUS, Certificate-Based, and Azure AD Authentication 116

Configuration Workflow for Native Azure Certification Authentication 117

Configuration Workflow for Native Azure Active Directory 124

Configuration Workflow for Windows Active Directory 127

Diagnosing and Resolving Client-Side and Authentication Issues 133

Summary 136

Exam Essentials 136

Review Questions 140

Chapter 3 Design, Deploy, and Manage Azure ExpressRoute 145

Getting Started with Azure ExpressRoute 146

Key Use Case for ExpressRoute 151

ExpressRoute Deployment Model 151

Choosing Between the Network Service Provider and ExpressRoute Direct 153

Designing and Deploying Azure Cross-Region Connectivity between Multiple ExpressRoute Locations 156

Selecting ExpressRoute Circuit SKUs 156

Estimating Price Based on ExpressRoute SKU 156

Select a Peering Location 157

Select the Proper ExpressRoute Circuit 157

Select a Billing Model 159

Select a High Availability Design 159

Pick a Business Continuity and Disaster Recovery Design Pattern 162

Choosing an Appropriate ExpressRoute SKU and Tier 169

Designing and Deploying ExpressRoute Global Reach 171

Deploying ExpressRoute Global Reach 173

Use Case 1: Enabling Circuits in the Same Region 173

Use Case 2: Enabling Circuits in Different Regions 174

Designing and Deploying ExpressRoute FastPath 175

Evaluate Private Peering Only, Microsoft Peering Only, or Both 176

Setting Up Private Peering 178

Setting Up Microsoft Peering 181

Building and Configuring an ExpressRoute Gateway 182

Connect a Virtual Network to an ExpressRoute Circuit 186

Recommend a Route Advertisement Configuration 190

Configure Encryption over ExpressRoute 191

Deploy Bidirectional Forwarding Detection 192

Diagnose and Resolve ExpressRoute Connection Issues 193

Summary 196

Exam Essentials 196

Review Questions 199

Chapter 4 Design and Deploy Core Networking Infrastructure: Private IP and DNS 203

Designing Private IP Addressing for VNets 204

Deploying a VNet 210

Preparing Subnetting for Services 213

Subnetting Design Considerations 214

Example Case Study: Preparing Subnetting for Services 218

Configuring Subnetting for Services 220

Preparing and Configuring a Subnet Delegation 223

Configure Subnet Delegation 225

Planning and Configuring Subnetting for Azure Route Server 226

Designing and Configuring Public DNS Zones 231

Creating an Azure DNS Zone and Record Using PowerShell 233

Designing and Configuring Private DNS Zones 235

Creating a Private DNS Zone and Record Using PowerShell 238

Designing Name Resolution Inside a VNet 240

VMs and Role Instances 243

Web Apps 243

Linking a Private DNS Zone to a VNet 245

Summary 248

Exam Essentials 249

Review Questions 251

Chapter 5 Design and Deploy Core Networking Infrastructure and Virtual WANs 255

Overview of Virtual Network Peering, Service Chaining, and Gateway Transit 256

Configure VPN Gateway Transit for Virtual Network Peering 258

Design VPN Connectivity between VNets 263

Deploy VNet Peering 266

Deployment Model 1: Running in the Same Azure Subscription and Deployed Using Azure Resource Manager 267

Deployment Model 2: Running in Different Subscriptions and Deploying Using Resource Manager 270

Deployment Model 3: Running in the Same Subscription and Deploying One VNet Using Resource Manager and Another Using the Classic Model 273

Deployment Model 4: Running in Different Subscriptions and Deploying One VNet Using Resource Manager and Another Using the Classic Model 275

Design an Azure Virtual WAN Architecture 277

Choosing SKUs and Services for Virtual WANs 289

Connect a VNet Gateway to an Azure Virtual WAN and Build a Hub in a Virtual WAN 291

Build a Virtual Network Appliance (NVA) in a Virtual Hub 299

Set Up Virtual Hub Routing 304

Build a Connection Unit 306

Summary 309

Exam Essentials 310

Review Questions 312

Chapter 6 Design and Deploy VNet Routing and Azure Load Balancer 317

Design and Deploy User-Defined Routes 318

Basic Routing Concepts 318

Azure Routes 321

Associate a Route Table with a Subnet 328

Set Up Forced Tunneling 329

Diagnose and Resolve Routing Issues 334

Design and Deploy Azure Route Server 336

Route Server Design Pattern 1 338

Route Server Design Pattern 2 339

Choosing an Azure Load Balancer SKU 344

Choosing Between Public and Internal Load Balancers 349

Build and Configure an Azure Load Balancer (Including Cross-Region) 353

Build and Configure Cross-Region Load Balancer Resources 361

Deploy a Load Balancing Rule 366

Build and Configure Inbound NAT Rules 370

Build Explicit Outbound Rules for a Load Balancer 371

Summary 374

Exam Essentials 375

Review Questions 377

Chapter 7 Design and Deploy Azure application gateway, Azure front door, and Virtual NAT 381

Azure Application Gateway Overview 383

How Application Gateway Works 385

Scaling Options for Application Gateway and WAF 389

Overview of Application Gateway Deployment 390

Front-End Setup 390

Back-End Setup 390

Health Probes Setup 391

Configuring Listeners 393

Redirection Overview 394

Application Gateway Request Routing Rules 395

Redirection Setting 397

Application Gateway Rewrite Policies 397

Features and Capabilities of Azure Front Door SKUs 409

Health Probe Characteristics and Operation 411

Secure Front Door with SSL 412

Front Door for Web Applications with a High-Availability Design Pattern 413

SSL Termination and End-to-End SSL Encryption 421

Multisite Listeners 423

Back-Ends, Back-End Pools, Back-End Host Headers, and Back-End Health Probes 424

Routing and Routing Rules 426

URL Redirection and URL Rewriting in Front Door Standard and Premium 427

Design and Deploy Traffic Manager Profiles 429

How Traffic Manager Works 430

Traffic Manager Routing Methods 432

Priority-Based Traffic Routing 433

Weighted-Based Traffic Routing 433

Performance-Based Traffic Routing 435

Geographic-Based Traffic Routing 436

Multivalue-Based Traffic Routing 437

Subnet-Based Traffic Routing 437

Building a Traffic Manager Profile 438

Virtual Network NAT 442

Using a Virtual Network NAT 443

Allocate Public IP or Public IP Prefixes for a NAT Gateway 445

Associate a Virtual Network NAT with a Subnet 447

Summary 451

Exam Essentials 451

Review Questions 455

Chapter 8 Design, Deploy, and Manage Azure Firewall and Network Security Groups 459

Azure Firewall and Firewall Manager Features 460

How Azure Firewall Manager Works 467

How Azure Firewall and Firewall Manager Protect VNets 468

Build and...