AZ-305_Azure Solution Architect學習筆記_Azure compute and networking services
https://www.linkedin.com/pulse/azure-compute-services-sebastian-brukalo/
Azure Virtual Machines(虛擬機器)
Azure 虛擬機器(VMs)提供基礎設施即服務(IaaS),用於在雲端部署和管理虛擬化電腦。虛擬機器(VMs)讓您能完全控制作業系統和軟體,非常適合執行自訂的設定和應用程式。
Scaling VMs in Azure(Azure 中的虛擬機器擴展)
Azure 提供擴展虛擬機器(VMs)的能力,以提升可用性和冗餘性。
擴展集(scale sets)和可用性集(availability sets)是自動管理 VM 群組的功能,用以滿足變動的需求或提供容錯能力。
Virtual Machine Scale Sets(虛擬機器規模組合)
規模組合讓您能夠建立和管理相似且負載平衡的虛擬機器。Azure 根據需求自動調整規模,並透過自動負載平衡等功能維持資源效率。
Virtual Machine Availability Sets(虛擬機器可用性組合)
可用性組合透過將虛擬機器分類為更新域或故障域來提供高可用性。此配置透過排定更新和將虛擬機器分散在多個資源上,降低網路或電力故障的風險。
Update Domain 更新域
將可同時重新啟動的虛擬機群組在一起,確保在更新期間一次只有一組離線,且更新之間有 30 分鐘的恢復時間。
Fault Domain 故障域
依據共用電源和網路交換器將虛擬機群組分組,分散在最多三個故障域中,以防範電力或網路故障。
Moving to the Cloud with VMs
遷移至雲端的虛擬機
使用虛擬機(VM)可以簡單地將實體伺服器「搬移並轉移」到雲端,所需的變更非常少。您可以像管理實體伺服器一樣管理虛擬機,包括作業系統和已安裝的軟體。
VM Resources 虛擬機資源
建立虛擬機時,您可以選擇 CPU、記憶體、儲存空間(HDD、SSD)和網路等資源。這些資源可以根據特定工作負載需求進行客製化。
Azure Virtual Desktop (虛擬桌面)
使用 Azure 虛擬桌面,使用者可以從任何地方存取雲端託管的 Windows 版本。這是一項基於雲端的桌面和應用程式虛擬化服務。它支援所有裝置和作業系統,允許透過應用程式或現代瀏覽器進行遠端桌面存取。
Enhance Security 強化安全性
Azure 虛擬桌面透過 Microsoft Entra ID 和多重身份驗證提供集中式安全性,確保使用者登入安全。將資料和應用程式與本地裝置分離,降低機密資料遺失的風險。
Multi-Session Windows 10/11 deployment
多重工作階段部署
Azure Virtual Desktop 提供 Windows 10 或 11 Enterprise 的多重工作階段部署,允許多位使用者共用單一虛擬機器。它比基於 Windows Server 的作業系統提供更一致的使用者體驗和更多的應用程式支援。
Azure Containers (容器)
容器是一種輕量級的虛擬化環境,允許多個應用程式實例在單一實體或虛擬主機上執行。與虛擬機器不同,容器不需要管理作業系統,使其在快速部署和重啟方面更具彈性、可擴展性和效率。
Compare Virtual Machines to Containers
比較虛擬機器與容器
- Virtual Machines (VMs) are fully managed operating system instances, typically more resource-intensive.
虛擬機器(VMs)是完全管理的作業系統實例,通常資源消耗較大。 - Containers share the host's OS, making them more lightweight and dynamic, ideal for quick scaling and responses to changes.
容器共用主機的作業系統,使其更輕量且具動態性,適合快速擴展及應對變化。
Azure Container Instances (ACIs)
Azure Container Instances offer a simple and efficient solution to run containers in Azure. ACI is a Platform as a Service (PaaS) platform that manages container deployment without the requirement for virtual machines or other services.
Azure Container Instances 提供了一個簡單且高效的解決方案來在 Azure 中執行容器。ACI 是一個平台即服務(PaaS)平台,管理容器部署,無需虛擬機或其他服務。
Azure Container Applications
Similar to ACI, Azure Container Apps provide extra features like scaling and load balancing. These additional capabilities make Container Apps more elastic and suitable for applications that require dynamic resource allocation.
類似於 ACI,Azure Container Apps 提供額外的功能,如擴展和負載平衡。這些附加功能使 Container Apps 更具彈性,適合需要動態資源分配的應用程式。
Azure Kubernetes Services (AKS)
AKS is a container orchestration service that helps manage the container lifecycle. It makes fleet management easier, allowing you to deploy and manage a large number of containers efficiently.
AKS 是一個容器編排服務,有助於管理容器的生命週期。它使群組管理更簡單,讓您能有效地部署和管理大量容器。
Azure Functions
Azure Functions is a serverless, event-driven computation service that eliminates the need for virtual machines (VMs) and containers. Unlike standard applications which require VMs or containers to be constantly running, Azure Functions only activates when an event occurs, allowing resources to remain unprovisioned during inactivity. This approach optimizes the use of resources while cost reduction.
Azure Functions 是一個無伺服器、事件驅動的運算服務,免除了虛擬機(VM)和容器的需求。與需要持續運行 VM 或容器的標準應用程式不同,Azure Functions 僅在事件發生時啟動,讓資源在閒置期間不被配置。此方法優化了資源使用並降低成本。
Benefits of Azure Functions
- Event-driven execution: Runs code in response to events, such as REST requests or messages, without managing infrastructure.
事件驅動執行:根據事件(如 REST 請求或訊息)執行程式碼,無需管理基礎設施。 - Automatic scaling: Scales based on demand, making it ideal for variable workloads.
自動擴展:根據需求進行擴展,非常適合變動的工作負載。 - Cost-efficient: Charges only for the CPU time used while the function runs, reducing costs when idle.
成本效益高:僅針對函式執行時所使用的 CPU 時間收費,閒置時可降低成本。 - Stateless or stateful: Supports both stateless (default) and stateful (Durable Functions) modes for flexible function behavior.
無狀態或有狀態:支援無狀態(預設)及有狀態(Durable Functions)模式,提供彈性的函式行為。 - Serverless computing: Reduces the need for managing servers, simplifying development and deployment.
無伺服器運算:減少管理伺服器的需求,簡化開發與部署。 - Flexibility: Can be deployed in non-serverless environments for more control over scaling and isolation when needed.
彈性:可部署於非無伺服器環境,當需要時可更好地控制擴展與隔離。
Azure App Service
Azure App Service is a fully managed platform that allows you to build, deploy, and scale web apps, REST APIs, and mobile backends without managing infrastructure. It supports multiple programming languages, offers automatic scaling, and integrates with GitHub, Azure DevOps, or other Git repos for continuous deployment.
Azure App Service 是一個完全受管理的平台,讓您能夠建立、部署及擴展網頁應用程式、REST API 及行動後端,而無需管理基礎架構。它支援多種程式語言,提供自動擴展功能,並可與 GitHub、Azure DevOps 或其他 Git 儲存庫整合,實現持續部署。
Types of Azure App Services
Azure 應用服務類型
- Web Apps: Host web applications using languages like .NET, Java, Python, Node.js, PHP, and Ruby, on Windows or Linux.
Web 應用程式:使用 .NET、Java、Python、Node.js、PHP 和 Ruby 等語言,在 Windows 或 Linux 上託管網頁應用程式。 - API Apps: Build and host RESTful APIs, with Swagger support and easy integration for external clients.
API 應用程式:建立並託管 RESTful API,支援 Swagger 並方便外部客戶端整合。 - WebJobs: Run background tasks or scripts in the same context as web or API apps, with scheduling and triggers.
WebJobs:在與網頁或 API 應用程式相同的環境中執行背景工作或腳本,支援排程與觸發器。 - Mobile Apps: Quickly build backends for iOS and Android apps, supporting features like authentication, push notifications, and data storage.
行動應用程式:快速為 iOS 和 Android 應用程式建立後端,支援身份驗證、推播通知和資料儲存等功能。
Azure Virtual Networking Azure 虛擬網路
Azure Virtual Networking enables Azure resources to connect securely in the cloud, with on-premises networks, and over the internet. It works as an extension of your on-premises network, providing flexibility and isolation.
Azure 虛擬網路使 Azure 資源能夠在雲端、內部部署網路以及透過網際網路安全連接。它作為您內部部署網路的延伸,提供彈性與隔離。
Isolation and Segmentation(隔離與分段)
Azure supports the building of isolated virtual networks with private IP address ranges. Subnets can be defined, allowing for network segmentation and secure communication among resources.
Azure 支援建立具有私有 IP 位址範圍的隔離虛擬網路。可以定義子網路,允許網路分段及資源間的安全通訊。
Internet Communications 網際網路通訊
Public IP addresses can be allocated to Azure resources, allowing inbound internet connections. Resources can also be routed through public load balancers for better management.
可以為 Azure 資源分配公共 IP 位址,允許來自網際網路的連線。資源也可以透過公共負載平衡器進行路由,以便更好的管理。
Communication between Azure resources(資源之間的通訊)
Azure resources, such as VMs and App Services, can communicate securely across a virtual network. Service endpoints connect services such as Azure SQL and storage accounts to virtual networks.
Azure 資源,如虛擬機(VM)和應用服務(App Services),可以在虛擬網路中安全地互相通訊。服務端點(Service endpoints)將 Azure SQL 和儲存帳戶等服務連接到虛擬網路。
Communication with on-premises resources
與本地資源的通訊
Azure allows efficient communication with on-premises networks via Point-to-Site & Site-to-Site VPNs, as well as ExpressRoute for dedicated private connectivity.
Azure 允許透過點對站(Point-to-Site)和站對站(Site-to-Site)VPN,以及專用私有連線的 ExpressRoute,有效地與本地網路通訊。
Routing Network Traffic 路由網路流量
Azure automatically directs network traffic across subnets, virtual networks, and the internet. Custom route tables and BGP can be used to provide more accurate traffic flow control.
Azure 會自動將網路流量導向子網路、虛擬網路及網際網路。可使用自訂路由表和 BGP 來提供更精確的流量控制。
Filtering Network Traffic(篩選網路流量)
Traffic between subnets can be filtered using Network Security Groups (NSGs) to establish inbound/outbound security rules, or using network virtual appliances such as firewalls.
子網路之間的流量可以使用網路安全群組(NSGs)來篩選,以建立入站/出站的安全規則,或使用網路虛擬設備如防火牆。
Connecting Virtual Networks(連接虛擬網路)
Virtual network peering securely connects various virtual networks using Azure's private backbone, allowing resources from different regions to communicate privately. User-defined routes provide extra traffic control.
虛擬網路對等連接使用 Azure 的私有骨幹網路安全地連接各種虛擬網路,允許來自不同區域的資源進行私密通訊。使用者定義路由則提供額外的流量控制。
Azure Virtual Private Network (VPN虛擬私人網路
A VPN connects trusted private networks across an untrusted network, such as the Internet, by forming an encrypted tunnel within another. Encrypting communication guarantees that critical information is shared securely and privately.
VPN 透過在另一個網路中建立加密通道,連接跨越不受信任網路(如網際網路)的受信任私人網路。加密通訊確保重要資訊能安全且私密地共享。
VPN gateways (閘道)
A virtual network gateway (VPN) connects on-premises data centers, individual devices, or virtual networks. It allows site-to-site, point-to-site, & network-to-network connections, as well as encrypted data transfer via the Internet.
虛擬網路閘道 (VPN) 連接本地資料中心、個別裝置或虛擬網路。它允許站點對站點、點對站點及網路對網路的連接,並透過網際網路進行加密資料傳輸。
Types of VPN Gateways (閘道類型)
- Policy-based VPN Gateways: Encrypt specific packets based on statically defined IP addresses. Each packet is evaluated to determine which tunnel it should pass through.
基於策略的 VPN 閘道:根據靜態定義的 IP 位址加密特定封包。每個封包都會被評估以決定應通過哪個隧道。 - Route-based VPN Gateways: Use IP routing to decide which tunnel interface to use for each packet, offering more resilience to changes in network topology. Preferred for on-premises devices.
基於路由的 VPN 閘道:使用 IP 路由來決定每個封包應使用哪個隧道介面,對網路拓撲變化具有更高的彈性。適合本地設備使用。
High Availability Configurations for VPN Gateways
VPN 閘道的高可用性配置
Azure VPN gateways provide high availability using active/standby or active/active setups. Active/standby automatically switches to a standby instance during disruptions, whereas active/active uses multiple instances for durability.
Azure VPN 閘道透過主動/待命或主動/主動配置提供高可用性。主動/待命會在中斷時自動切換到待命實例,而主動/主動則使用多個實例以提升耐用性。
ExpressRoute FailOver ExpressRoute 故障轉移
A VPN gateway can act as a failover path for ExpressRoute connections, ensuring continuous connectivity to virtual networks in case of physical difficulties or failures on the ExpressRoute circuit.
VPN 閘道可以作為 ExpressRoute 連線的故障轉移路徑,確保在 ExpressRoute 電路發生物理問題或故障時,虛擬網路的連線持續不中斷。
Zone-Redundant Gateways 區域冗餘閘道
In regions with availability zones, VPN and ExpressRoute gateways can be installed in a zone-redundant configuration. This configuration improves resiliency and availability by segregating gateways within a region to prevent zone-level failures.
在具有可用性區域的區域中,VPN 和 ExpressRoute 閘道可以安裝為區域冗餘配置。此配置透過將閘道在區域內分隔,以防止區域層級的故障,從而提升彈性和可用性。
Azure ExpressRoute
Azure ExpressRoute provides private and secure connectivity between on-premises networks & Microsoft cloud services. This connection, also known as an ExpressRoute Circuit, passes through the public internet, resulting in increased speed and reliability.
Azure ExpressRoute 提供本地網路與 Microsoft 雲端服務之間的私有且安全連接。此連接,也稱為 ExpressRoute 電路,不經由公共網際網路,從而提升速度與可靠性。
Features of Azure ExpressRoute
- Private, secure connections between on-premises networks and the Microsoft cloud, eliminating the internet for increased reliability.
本地網路與 Microsoft 雲端之間的私有且安全連接,排除網際網路以提升可靠性。 - Direct access to Microsoft services, such as Office 365 and Azure VMs.
直接存取 Microsoft 服務,如 Office 365 與 Azure 虛擬機。 - Uses BGP to facilitate data transmission between networks and Azure.
使用 BGP 促進網路與 Azure 之間的資料傳輸。 - High availability is obtained by redundant devices and configurable circuits.
透過冗餘設備和可配置的電路來實現高可用性。 - This includes CloudExchange colocation, point-to-point Ethernet, and any-to-any networks.
這包括 CloudExchange 共同設置、點對點乙太網路以及任意對任意網路。 - Private connection with decreased internet exposure, yet some traffic remains on the public internet.
私有連線降低了對網際網路的暴露,但部分流量仍會經由公共網際網路。
Connectivity to Microsoft cloud services
連接至 Microsoft 雲端服務
ExpressRoute enables direct access to services like Office 365, Dynamics 365, Azure Virtual Machines, and Azure Storage. It enables private connections to Microsoft Cloud services in every region.
ExpressRoute 使您能直接存取 Office 365、Dynamics 365、Azure 虛擬機器及 Azure 儲存體等服務。它在每個區域提供與 Microsoft 雲端服務的私人連線。
Global connectivity 全球連接性
ExpressRoute Global Reach allows you to connect numerous on-premises sites worldwide and securely exchange data, bypassing the public internet and assuring a faster and more stable connection.
ExpressRoute Global Reach 允許您連接全球多個本地端點,並安全地交換資料,繞過公共網際網路,確保更快速且更穩定的連線。
Dynamic Routing 動態路由
ExpressRoute provides dynamic routing between your network and Azure via Border Gateway Protocol (BGP), assuring uninterrupted data flow and better network efficiency.
ExpressRoute 透過邊界閘道協定(BGP)在您的網路與 Azure 之間提供動態路由,確保資料流不中斷並提升網路效率。
Built-In Redundancy 內建冗餘設計
ExpressRoute includes built-in redundancy, which ensures excellent connection availability. You can set up numerous circuits for increased reliability across peering locations.
ExpressRoute 具備內建冗餘,確保連線的高可用性。您可以設定多條迴路,以提升跨對等位置的可靠性。
ExpressRoute Connectivity Models (連線模型)
ExpressRoute offers several models, including CloudExchange colocation, point-to-point Ethernet, and any-to-any connectivity. These models provide flexibility in how you connect to Microsoft cloud services.
ExpressRoute 提供多種模式,包括 CloudExchange 共同設置、點對點乙太網路,以及任意對任意連接。這些模式在您連接至 Microsoft 雲端服務時提供了彈性。
Cloud Exchange Colocation(共同設置)
Colocation is the physical location of your facility at a cloud exchange, which allows for secure and efficient data transfer via a virtual cross-connect to Microsoft's cloud services.
共同設置是指您設施在雲端交換中心的實體位置,透過虛擬交叉連接,能安全且高效地傳輸資料至 Microsoft 的雲端服務。
Point-to-Point Ethernet Connection(點對點乙太網路連接)
A point-to-point Ethernet connection creates a direct link between your facility and the Microsoft cloud, providing a secure and dedicated communication path.
點對點乙太網路連接在您的設施與微軟雲端之間建立直接連結,提供安全且專屬的通訊路徑。
Any-to-Any Networks 任意對任意網路
With any-to-any connectivity, you can integrate your wide area network (WAN) with Azure, allowing for effortless interaction across branch offices, datacenters, and Microsoft cloud services.
透過任意對任意的連接,您可以將您的廣域網路(WAN)與 Azure 整合,實現分支機構、資料中心與 Microsoft 雲端服務之間的輕鬆互動。
Directly from ExpressRoute sites
直接來自 ExpressRoute 站點
ExpressRoute Direct provides high-speed connections (100 Gbps or 10 Gbps) directly to Microsoft's global network at peering points, allowing for large-scale, active-active communication.
ExpressRoute Direct 提供高速連接(100 Gbps 或 10 Gbps),直接連接至 Microsoft 在全球的網路對等點,支援大規模的主動-主動通訊。
Azure DNS
Azure DNS is a DNS domain hosting service that uses the Microsoft Azure infrastructure to resolve names. Hosting your domains in Azure allows you to manage your DNS records using the same credentials, APIs, tools, and pricing as your other Azure services.
Azure DNS 是一項使用 Microsoft Azure 基礎架構來解析名稱的 DNS 網域託管服務。將您的網域託管在 Azure 中,讓您可以使用與其他 Azure 服務相同的憑證、API、工具和價格來管理您的 DNS 紀錄。
Benefits of Azure DNS
- Reliability and Performance: Hosted on Azure’s global network, ensuring fast DNS query responses and high availability through anycast networking.
可靠性與效能:託管於 Azure 的全球網路,透過 anycast 網路確保快速的 DNS 查詢回應與高可用性。 - Security: Offers Azure RBAC for access control, activity logs for monitoring, and resource locking to prevent accidental changes.
安全性:提供 Azure RBAC 進行存取控制、活動記錄以便監控,以及資源鎖定以防止意外變更。 - Ease of Use: Manage DNS records for Azure and external resources via the Azure portal, PowerShell, CLI, and API.
易於使用:透過 Azure 入口網站、PowerShell、CLI 及 API 管理 Azure 及外部資源的 DNS 紀錄。 - Customizable Virtual Networks: Supports private DNS domains for custom domain names in private virtual networks.
可自訂的虛擬網路:支援私有虛擬網路中自訂網域名稱的私有 DNS 網域。 - Alias Records: Allows alias records for Azure resources, automatically updating when IP addresses change.
別名記錄:允許 Azure 資源的別名記錄,當 IP 位址變更時會自動更新。
留言
張貼留言