Exam AZ-303 topic 1 question 69 discussion

1 1 2 1 Public IP at Azure end (since there is one Gateway, one public IP is enough) 1 Virtual Network Gateway (By default, it's active-standby with less than 2 mins downtime. In this case, one gateway is enough.) 2 Local Network (2 network needed at remote end. One for each VPN Device)

I believe it should be 3-1-2. If we check the minimum requirements accordingly with provided infrastructure. The datacenter has two VPN Devices (2 local gateways) so 2 PIP 1 Azure VNET(1 Virtual Network Gateway) so 1 PIP, when you deploy 1 Virtual Network in fact you have two instances running (Active - Passive), if the active instance goes down it will take more or less 90s to switch so it will be under the 2min requirement. I believe this will be the minimum if we compare it with the provided infrastructure. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#multiple-on-premises-vpn-devices

From the Azure side only for active/active 2 2 2

In today's exam. Score 900+ Correct answer. 2 2 2

It's a bit of a vague question. I think it depends on how you define 'Public IP' here, the local on prem VPN endpoints do require public IP addresses, so there's four internet IPs needed in total (assuming Active Active which I believe is the case as Active Passive failover can take 3 mins and < 2 is the requirement), and you do even enter those 'on prem' public IP addresses in the config of the Local Network Gateways in Azure, however I'd tend to read it as asking how many Azure Public IP Addresses are required (as in the resource type called Public IP Addresses in Azure Portal), and there'd only be two of them. Also whether you are using Active Passive or Active Active Virtual Network Gateways, there's actually two of them, but defined under a single Azure resource, so you could make an argument for either case. I think of it as two however, particularly in Active Active mode. So I think the answer is 2-2-2

Answer given is correct 4-2-2 1) Each Azure gateway instance will have a unique public IP address. Same for local gateway instance. Therefore 4 IP addresses. If you see logically, Question 2 should be about Azure's side, while Question-3 must be about On-premise's side, so with that understanding: 2) By default, each Azure VPN gateway consists of two instances in an active-standby configuration. But we want a active-active configuration. So, 2 Virtual Network gateways. 3) Multiple on-premises VPN devices therefore two local network gateways. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable

To me should be: 2 Public Ips, 2 Virtual Gateways 2 LocalNetworksGateways I don't understand why there should be 2 public IPs access for the vNets, that's just creating a security flag.

Would like to try to share my thoughts on this: SITUATION: We have 1 datacenter (1 on-prem site) with 2 VPN devices. REQUIREMENTS: (1) We must have a downtime of not longer than 2 minutes We cannot use the active-standby setup here because as stated by Microsoft "The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case." SOLUTION: (1) To achieve Active-Active setup, we would need 2 Virtual Network Gateways. (2) If we will have 2 Virtual Network Gateways, then it follows that we will have 2 Public IP's since each gateway needs 1 IP. (3) Since we only have 1 site with 2 VPN devices, we will most likely need to connect to at least 1 of those devices, which means we will need to setup 1 Local Network Gateway and specify the site name and IP address of the on-premises VPN device. Unless, they require to connect to both for just 1 datacenter / site.

I say 2-1-2, as a Virtual Network Gateway will have two instances, but we only deploy one Gateway. You can add the second public IP if you enable the Active-Active mode

active-active VPN s2s working with 2 Public IPs and 1 Virtual Network GW un this GW there 2 Local Network GW So correct answer should be 2,1,2 .

2,2,2. The switch over will cause a brief interruption. For planned maintenance, the connectivity should be restored within 10 to 15 seconds. For unplanned issues, the connection recovery will be longer, about 1 to 3 minutes in the worst case. So it needs to be Active-Active to keep it within 2 mins. Also the number is in Azure side only. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks

Based on that description: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell and fact there are 2 on-prem VPN devices I would say answer is: 2 public IP addresses (required by active-active virtual network) 1 virtual network (technically we are create only 1 VN even though 2 will be created behind the hood) 2 local network gateways (1 for each VPN device)

Based on that description: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell I would say answer is: 2 1 1

Each Azure VPN gateway consists of two instances in an active and standby configuration. For any planned maintenance or unplanned outages that occur on the active instance, the standby instance must automatically take over (fail over) and resume VPN S2S or VNet connections with VNet. The exchange will cause a brief interruption. For planned maintenance, connectivity should be restored within 10-15 seconds. For unplanned issues, connection recovery will take longer, approximately 1 to 3 minutes in the worst case. It clearly says 1 -3 mins where the question says under 2 mins so it is active -active config . thats leaves us with 4,2,2

2 2 2 ---

I would go for 2 2 2 1. must include two on-prem VPN devices (see 'a single VPN device fails' requirement) 2. must be active-active Azure VPN gateway ( see '2 minutes requirement') https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable Since it's on Azure side as per the question, 2 Public IP is needed; one for each gateway

It should be 4,2,2