Azure Interview Questions Part #7


Questions : 
Q #1 What all RBAC roles does ASR provide for the management.

 Q #2 Can I use a guest OS server license on Azure?

 Q #3 Pre-requisite of ASR on Azure ?

 Q #4 What access to VMware VM’s does Site Recovery need ?

 Q  #5  What are the components of ASR ?

 Q #6 Is replication data sent to Site Recovery?

 Q #7 What is mobility agent or service ?

 Q #8 Where can I find the Mobility service installers?

 Q #9 ASR replicated machine says unable to take app consistent snapshot hence health is critical 

 Q #10 What happens when you hit enable replication on recovery service ?

 Q #11 How do I install the Mobility service?

 Q #12  what is asrseeddisk ?


************************Answers************************ 

Q #1 What all RBAC roles does ASR provide for the management.

 ASR provides 3 basic roles to perform the various ASR related tasks ans these are :

 Site Recovery Contributor -  This role has all permissions required to manage Azure Site Recovery operations in a Recovery Services vault. A user with this role, however, can't create or delete a Recovery Services vault or assign access rights to other users.
Site Recovery Operator - This role has permissions to execute and manage Failover and Failback operations. A user with this role can't enable or disable replication, create or delete vaults, register new infrastructure or assign access rights to other users.
Site Recovery Reader - This role has permissions to view all Site Recovery management operations. 
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-role-based-linked-access-control#permissions-required-to-enable-replication-for-new-virtual-machines
Q #2 Can I use a guest OS server license on Azure?

Yes, Microsoft Software Assurance customers can use Azure Hybrid Benefit to save on licensing costs for Windows Server machines that are migrated to Azure, or to use Azure for disaster recovery.
Q #3 Pre-requisite of ASR on Azure ?

 Azure recovery vault - A vault holds metadata and configuration information for VMs, and other replication components.
Azure virtual network - When Azure VMs are created after failover, they're joined to this network.
Storage account - Holds the replication logs
Q #4 What access to VMware VM’s does Site Recovery need ?

  • To replicate , a VMware VM must have the site recovery Mobility service installed and running.
  • VM’s communicate with config server on HTTPS port 443 for replication management.
  • VM’s send replication data to the process server on HTTPS port 9443 (can be modified)
  • If you enable the multi-VM consistency , VM communicate with each other over port 2004.
Q  #5  What are the components of ASR ?

 Configuration server
Process server
Mobility service 
Master Target Server
https://youtu.be/v3oGAgclojw
Q #6 Is replication data sent to Site Recovery?
No, Site Recovery doesn't intercept replicated data and doesn't have any information about what's running on your VMs. Replication data is exchanged between VMware hypervisors and Azure Storage. Site Recovery has no ability to intercept that data. Only the metadata needed to orchestrate replication and failover is sent to the Site Recovery service.

Q #7 What is mobility agent or service ?
Mobility agent is responsible for the data replication and needed to be installed on all the VM’s that you are protecting. Replication of data is block level and near continuous using Mobility service.
Mobility agent is pushed by the process server on VM’s you want to replicate.

Mobility agent coordinates communications between your protected machine, configuration server/scale-out process server and manages data replication. 
Q #8 Where can I find the Mobility service installers?

The installers are in the %ProgramData%\ASR\home\svsystems\pushinstallsvc\repository folder on the configuration server.

You can also download it from internet and install but to register you need config servers IP address and Passphrase
Q #9 ASR replicated machine says unable to take app consistent snapshot hence health is critical ?
Azure Site Recovery VSS provider is required on the source machine to generate application consistency points. If the installation of the provider didn't succeed through push installation, follow the below given guidelines to install it manually.
1.      Open admin cmd window.
2.      Navigate to the mobility service installation location. (Eg - C:\Program Files (x86)\Microsoft Azure Site Recovery\agent)
3.      Run the script InMageVSSProvider_Uninstall.cmd . This will uninstall the service if it already exists.

4.      Run the script InMageVSSProvider_Install.cmd to install the VSS provider manually.


Q #10 What happens when you hit enable replication on recovery service ?
Site Recovery will install the Mobility service when replication is enabled &  initial replication to Azure storage begins

 Q #11 How do I install the Mobility service?

 Push installation by Process server
Manuall installation by the installer on config server and registration required where we need to provide the config server IP address and passphrase.
Deploy by tool like SCCM
Q #12  what is asrseeddisk ?
It is prefix of Azure managed disk where recovery point created.
For every source disk, data is replicated to a managed disk in Azure. This disk has the prefix of asrseeddisk. It stores the copy of the source disk and all the recovery point snapshots.



- 3 comments:

Azure Interview Questions Part #6


Questions

Q #1 How could you reserve the IPs in Azure public and private if you can ?

Q #2 What are the different types of Load Balancers provided by Azure and talk about there usage as regional and Global.

 Q #3 How many IPs are reserved in a private subnet or how many are usable if for subnet 10.0.1.0/24.

 Q #4 Can I replicate the ON-prem VM’s over a site to site VPN to azure if No then Why ?

 Q #5 If i replicate to Azure via ASR , what kind of storage account or managed disk do i need ?

 Q #6 Can I exclude specific disks from replication of on-prem machines to azure via ASR if yes then how ?

 Q #7  Can i throttle the bandwidth allotted for replication traffic ?

 Q #8 How can i access the Azure VM after fail-over or what all preparation needed ?

 Q #9 If i am replicating between 2 data centers what happens if my primary datacenter experienced an unexpected outage ?

 Q #10 What all permissions needed for successful replication and failover via ASR ?


Lets check the Answers :)

Q -> How could you reserve the IPs in Azure public and private if you can ?
Yes you can for public IP you can have Public IP Prefix if you want to use , You can also create Static Public IP. For private IP there are 5 reserved IP already first 4 and last IP apart from these you can save by creating NIC and assigning IPs to it.

Q-> What are the different types of Load Balancers provided by Azure and talk about there usage as regional and Global.

Azure provides 5 Load balancers :
3 Regional – Basic LB, Standard LB and Application Gateway.
2 Global – Traffic manager & Front Door.

For regional non-http or non-https traffic or if you want load balancing on L-4 you can choose Basic or Standard LB or If you want to load balanced on Application layer or http and https then App gateway which also provide other features like WAF, SSL offload, Path based routing.

For global if you want not necessary http or https  type traffic or DNS based load balancing then Traffic manager But for L-7 global point of presence you need Front Door.
https://www.youtube.com/watch?v=ypwgU2bKkB4&t=382s
https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview


Q  How many IPs are reserved in a private subnet or how many are usable if for subnet 10.0.1.0/24.

Azure reserves 5 IP addresses within each subnet. These are x.x.x.0-x.x.x.3 and the last address of the subnet. x.x.x.1-x.x.x.3 is reserved in each subnet for Azure services.

x.x.x.0: Network address
x.x.x.1: Reserved by Azure for the default gateway
x.x.x.2, x.x.x.3: Reserved by Azure to map the Azure DNS IPs to the VNet space
x.x.x.255: Network broadcast address.

In case of 10.0.1.0/24 we have only 251 ips to use where first IP will be x.x.x.4 and last x.x.x.255


Q  Can I replicate the ON-prem VM’s over a site to site VPN to azure if NO then Why ?
No We cant replicate over Site to Site because replication traffic reaches the public endpoints of an Azure Storage. Thus you can only replicate over the public internet or via ExpressRoute that too Public/MS peering.

Q If I replicate to Azure, what kind of storage account or managed disk do I need ?

You need an LRS or GRS storage. We recommend GRS so that data is resilient if a regional outage occurs, or if the primary region can't be recovered. The account must be in the same region as the Recovery Services vault. Managed disks only support LRS.

 Q Can I exclude specific disks from replication of on-prem machine to Azure via ASR if yes then how?

Yes you can during enable replication step you can uncheck the disk that you don’t want to replicate.

Q Can I throttle bandwidth allotted for replication traffic?                                                                                                                                                                  Yes that can be done from Config server. On config server desktop we have Azure Backup shortcut , we need to open it and go to the change properties from where we can enable the throttling.

Q How do you access the Azure VM after fail-over or what all preparation is needed ?                                                                                                                    You can access over internet, Site to Site connection, express route or Azure bastion. You need to take care of RDP port in NSG.

Q If I'm replicating between two datacenters what happens if my primary datacenter experiences an unexpected outage?                                                  You can trigger an unplanned failover from the secondary site. Site Recovery doesn't need connectivity from the primary site to perform the failover.


Q What permissions needed for successful replication and failover via ASR

Usually Administrator does that who has all the permissions or contributor atleast however to be precise you need permissions to take below actions –
·        Permission to create a virtual machine in the selected resource group
·        Permission to create a virtual machine in the selected virtual network
·        Permission to write to the selected Storage account


https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-role-based-linked-access-control#permissions-required-to-enable-replication-for-new-virtual-machines


- 2 comments:

Azure Interview Questions Part #5



Q #1 What are Azure disk reservations?

Q #2 Difference between Basic and Standard Public IP.

Q #3 Can we re-store the azure VM on a different region if yes how ? what are the prerequisite.

Q #4 What is TCP Idle Timeout for a Load Balancer.

Q #5 How can we change the TCP timeout ?

Q #6 What you think happen to the backend pool VM of a LB lost internet.

Q #7 What is the fix of above situation?

Q #8 What changed in the instance restore and how does it impact your costing.

Q #9 What RBAC role is needed for AD sync configuration.

Q #10 Is there any Port blocked by Azure globally if yes which one.



Q #1 What are Azure disk reservations?

Disk reservation is the option to purchase one year of disk storage in advance, reducing your total cost.
Azure disk reservation provides the option to purchase Premium SSDs in the specified SKUs from P30 (1 TiB) up to P80 (32 TiB) for a one-year term. There is no limitation on the minimum amount of disks necessary to purchase a disk reservation. Additionally, you can choose to pay with a single, upfront payment or monthly payments. There is no additional transactional cost applied for Premium SSD Managed Disks. Reservations are made in the form of disks, not capacity.
https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/understand-disk-reservations


 Q #2 Difference between Basic and Standard Public IP

Standard IP is the new and started with the introduction of IP SKU before that all were Basic. Standard IP provides more facility as compare to basic and allocation method is Static only unlike Basic where its both dynamic and static.
Standard IP is secure by default means you need to explicitly whitelist IP but for Basic its open for all if NSG is not applied.
Standard IP is Zone redundant and used by standard load balancers unlike Basic which cant be used in case of Zones.
https://www.youtube.com/watch?v=g0i89fODBCU
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm


 Q #3 Can we re-store the azure VM on a different region if yes how ? what are the prerequisite.

 Cross Region Restore (CRR) allows you to restore Azure VMs in a secondary region, which is an Azure paired region. This option allows you to restore the VM or its disk if there's a disaster in the primary region.
To choose this feature, select Enable Cross Region Restore from the Backup Configuration blade
Pre-requisite – Vault must be created as GRS redundancy. This is in pre-view but soon be GA.
https://www.youtube.com/watch?v=pRGQ0jcJB5w&t=422s

Q #4 What is TCP Idle Timeout for a Load Balancer

In its default configuration, Azure Load Balancer has an idle timeout setting of 4 minutes. If a period of inactivity is longer than the timeout value, there's no guarantee that the TCP or HTTP session is maintained between the client and your cloud service.
When the connection is closed, your client application may receive the following error message: "The underlying connection was closed: A connection that was expected to be kept alive was closed by the server."
A common practice is to use a TCP keep-alive.
TCP keep-alive works for scenarios where battery life isn't a constraint. It isn't recommended for mobile applications. Using a TCP keep-alive in a mobile application can drain the device battery faster.


Q #5 How can we change the TCP timeout ?

We can configure the TCP Timeout on instance level Pubilc IP or on Load balancer
On lB we can change it under load balancing rule and on Public IP we can change under Configuration , by default it is  4min and it could be upto 30 mins.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-tcp-idle-timeout


Q #6 What you think happen to the backend pool VM of a LB lost internet.

LB must be internal Standard LB. This is a known situation because incase of internal std LB , outbound NAT is not available until outbound connectivity defined explicitly.


Q #7 What is the fix for above situation?

You can define outbound connectivity using an outbound rule to create outbound connectivity for VMs behind an internal Standard Load Balancer with these steps:
Create a public Standard Load Balancer.
Create a backend pool and place the VMs into a backend pool of the public Load Balancer in addition to the internal Load Balancer.
Configure an outbound rule on the public Load Balancer to program outbound NAT for these VMs.
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-rules-overview


Q #8 What changed in the instance restore and how does it impact your costing.

Instance restore doesn’t restore in seconds but quite fast as compare to usual way restore its because snapshot stays in the storage account for 2 days by default and you can change it upto 5 days so time saved in rehydration or data transferring from vault to storage account. You would be charged for the extra data (snapshot) stored in storage account. To be precise earlier recovery point created when snapshot transferred to the vault but now with this feature or upgrade recovery point created as soon as snapshot is finished and can be used to restore.
https://www.youtube.com/watch?v=SUyPqwGP1jk&t=21s
https://docs.microsoft.com/en-us/azure/backup/backup-instant-restore-capability?source=docs#whats-new-in-this-feature


Q #9 What RBAC role is needed for AD sync configuration.
Global Admin

Q #10 Is there any Port blocked by Azure globally if yes which one.

Yes there is Port 25 is blocked globally for security reasons but you can open request to MS

- 1 comment:

Azure Interview Questions Part #4


Q #1 When you open portal on the VM you see public IP address and when you try to RDP with the help of Public IP address it didn’t work and you have been through NSG and all still not working ?

 Q #2 What is Accelerated networking and how it helps application ?

 Q #3 Is there any restriction or have you face any issue while adding machine to existing AV-set ?

 Q #4 Could you define the recovery process of Azure VM in case of VM stuck due to windows update or system file check or on please wait screen or anything like that.

 Q #5 For a standard managed disk, will I be charged for the actual size of the data on the disk or for the provisioned capacity of the disk?

 Q #6 Can I take an incremental snapshot of a managed disk?

 Q #7  Can VMs in an availability set consist of a combination of managed and unmanaged disks?

 Q #8 What kind of Role-Based Access Control support is available for Managed Disks?

 Q #9 Can I create a copy of my managed disk?

 Q #10 Can I use GPT partitioning on an Azure Disk?

******************** Answers and relevant links for read*************************


Q #1 When you open portal on the VM you see public IP address and when you try to RDP with the help of Public IP address it didn’t work and you have been through NSG and all still not working ?

Well if you mean all settings are good and IP should work for RDP but still not working then for sure this IP is not associated to NIC of the VM but to the LB and that’s why prompting on the VN overview. We need to check if any NAT rule is defined for port forwarding and use that for RDP.


Q #2 What is Accelerated networking and how it helps application ?

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.
https://youtu.be/s2MvpRG9bQo -
Q #3 Is there any restriction or have you face any issue while adding machine to existing AV-set ?

All other series could not be in the same availability set because they require a specific hardware. A8/A9 VM size can't be mixed due to requirement on dedicated RDMA backend network.
You can add more VMs to the availability set later, but you need to know what VM sizes are available on the hardware. Use Get-AzVMSize to list all the available sizes on the hardware cluster for the availability set.
Get-AzVMSize `
   -ResourceGroupName "myResourceGroupAvailability" `
   -AvailabilitySetName "myAvailabilitySet"

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets


 Q #4 Could you define the recovery process of Azure VM in case of VM stuck due to windows update or system file check or on please wait screen or anything like that.

1.      Stop the affected VM.
2.      Create a snapshot for the OS disk of the VM.
3.      Create a virtual hard disk from the snapshot.
4.      Attach and mount the virtual hard disk to another Windows VM for troubleshooting purposes.
5.      Connect to the troubleshooting VM. Edit files or run any tools to fix issues on the original virtual hard disk.
6.      Unmount and detach the virtual hard disk from the troubleshooting VM.
7.      Swap the OS disk for the VM.
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-stuck-updating-boot-error


Q #5 For a standard managed disk, will I be charged for the actual size of the data on the disk or for the provisioned capacity of the disk?

You're charged based on the provisioned capacity of the disk.
https://azure.microsoft.com/en-in/pricing/details/managed-disks/


Q #6 Can I take an incremental snapshot of a managed disk?
No. The current snapshot capability makes a full copy of a managed disk however incremental is in preview and available in few regions only.
https://azure.microsoft.com/en-in/blog/introducing-cost-effective-increment-snapshots-of-azure-managed-disks-in-preview/


 Q #7  Can VMs in an availability set consist of a combination of managed and unmanaged disks?

No. The VMs in an availability set must use either all managed disks or all unmanaged disks. When you create an availability set, you can choose which type of disks you want to use.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability


 Q #8 What kind of Role-Based Access Control support is available for Managed Disks?

Managed Disks supports three key default roles:
·        Owner: Can manage everything, including access
·        Contributor: Can manage everything except access
·        Reader: Can view everything, but can't make changes
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq-for-disks


 Q #9 Can I create a copy of my managed disk?

No we cannot but we can take a snapshot of their managed disks and then use the snapshot to create another managed disk.


Q #10 Can I use GPT partitioning on an Azure Disk?

Generation 1 images can only use GPT partitioning on data disks, not OS disks. OS disks must use the MBR partition style.


Stay Tuned for more !!!!
- 6 comments:
Subscribe to: Posts (Atom)

Risk Vs Constraints

 The distinction between risks and constraints lies in their nature and impact on the project. Here's how they differ: 1. Nature Risks...

  • Define Budget & Configure Cost center quotas - Azure
    There are several types of quotas that are applicable to subscriptions, including resource quotas and spending quotas. We can easily see al...
  • Azure VM Disk Caching
    Azure VM Disk types : there are 3 types of disk used with Azure VM's OS Disk - azure automatically attaches a vhd for the OS when...
  • Terraform - random_id
    This is a great resource type which you can utilize for the resources names which require unique name or strings for .e.g Storage account o...