You're reading from Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond Design secure and reliable solutions for the real world in Microsoft Azure

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781800566934

Length 520 pages

Edition 1st Edition

Languages

SQL

Tools

Azure

Concepts

Cloud Computing

Author (1):

Brett Hargreaves

View More author details

Table of Contents (30) Chapters

Preface

1. Section 1: Exploring Modern Architecture

2. Chapter 1: Architecture for the Cloud FREE CHAPTER

3. Chapter 2: Principles of Modern Architecture

4. Section 2: Identity and Security

5. Chapter 3: Understanding User Authentication

6. Chapter 4: Managing User Authorization

7. Chapter 5: Ensuring Platform Governance

8. Chapter 6: Building Application Security

9. Section 3: Infrastructure and Storage Components

10. Chapter 7: Designing Compute Solutions

11. Chapter 8: Network Connectivity and Security

12. Chapter 9: Exploring Storage Solutions

13. Chapter 10: Migrating Workloads to Azure

14. Section 4: Applications and Databases

15. Chapter 11: Comparing Application Components

16. Chapter 12: Creating Scalable and Secure Databases

17. Chapter 13: Options for Data Integration

18. Chapter 14: High Availability and Redundancy Concepts

19. Section 5: Operations and Monitoring

20. Chapter 15: Designing for Logging and Monitoring

21. Chapter 16: Developing Business Continuity

22. Chapter 17: Scripted Deployments and DevOps Automation

23. Section 6: Beyond the Exam

24. Chapter 18: Engaging with Real-World Customers

25. Chapter 19: Enterprise Design Considerations

26. Mock Exam

27. Mock Answers

28. Assessments

29. Other Books You May Enjoy

Chapter 8

One potential solution to the MegaCorp Inc. requirements would be to use an ExpressRoute connection into Azure as this helps provide a stable but resilient connection.

To control internet traffic from solutions built in Azure, Azure Firewall could be built on a central VNET that all other VNETs will be peered to. That VNET can also contain the ExpressRoute's gateway VNET. In other words, a hub-spoke model will be used.

Each peered VNET will have two custom routes set up. One route will send traffic for on-premises IP ranges to the ExpressRoute gateway subnet and the other route will send other traffic to the central firewall's IP address.

NSGs will be set to allow outbound HTTPS and HTTP traffic to the firewall VNET and standard ports for DNS resolution to on-premises DNS servers. VNETs will be set up to use on-premises DNS servers as the primary servers with the Azure DNS (168.63.129.16) as the secondary.