In the context of the Azure Administrator Associate certification, configuring Public IP addresses is a critical component of managing virtual networking. A Public IP address in Azure is a standalone resource that enables inbound communication from the internet to Azure resources—such as Virtual Ma…In the context of the Azure Administrator Associate certification, configuring Public IP addresses is a critical component of managing virtual networking. A Public IP address in Azure is a standalone resource that enables inbound communication from the internet to Azure resources—such as Virtual Machines (VMs), Load Balancers, and VPN Gateways—and outbound connectivity to the internet.
When configuring a Public IP, the primary decision involves selecting the **SKU (Stock Keeping Unit)**, which determines capabilities:
1. **Basic SKU:** This legacy tier allows for both Dynamic and Static IP assignment. Dynamic IPs may change when a resource is stopped and started. Basic SKUs do not support Availability Zones and do not require a Network Security Group (NSG) by default, making them less secure.
2. **Standard SKU:** This is the production standard. It implies Static assignment (the IP never changes) and supports zone redundancy for high availability. Crucially, Standard IPs are 'secure by default,' meaning they act as a closed firewall until you explicitly associate an NSG to allow traffic.
Public IPs are not permanently bound to the hardware; they are associated via software configurations. For a VM, the Public IP connects to the Network Interface (NIC). For Load Balancers and Application Gateways, it acts as the frontend IP configuration.
Administrators can also configure **DNS name labels** (e.g., `myapp.eastus.cloudapp.azure.com`) for easier access or use **Public IP Prefixes** to reserve a contiguous range of addresses. Utilizing prefixes ensures you have a predictable block of IPs, simplifying firewall allow-list configurations for external partners.
Azure AZ-104 Guide: Implementing and Managing Public IP Addresses
What is a Public IP Address? In Azure, a Public IP address is an independent resource that allows Internet resources to communicate inbound to Azure resources. It also enables Azure resources to communicate outbound to the Internet and public-facing Azure services with an IP address assigned to that resource. The resource is not physically configured on the OS of the VM; rather, it is mapped to the network interface (NIC) or load balancer frontend by the Azure Software Defined Network (SDN).
Why is it Important? For the AZ-104 exam and real-world administration, understanding Public IPs is critical because they are the bridge between your private Virtual Network (VNet) and the outside world. They are essential for hosting web servers, configuring VPN gateways, and setting up public-facing Load Balancers.
How it Works: SKUs and Assignment When configuring Public IPs, the most critical decision is selecting the SKU (Stock Keeping Unit). Azure offers two primary SKUs:
1. Basic SKU: The legacy option. It supports both Dynamic and Static assignment methods. It does not support Availability Zones and is not secure by default (open to the internet unless restricted). 2. Standard SKU: The preferred, modern option. It supports Static assignment only (though utilizing zone-redundancy). It allows for Zone Redundancy (can be zonal or zone-redundant) and is secure by default, meaning no traffic can pass until you explicitly allow it via a Network Security Group (NSG).
IP Version: Azure supports both IPv4 and IPv6. You can configure a Dual Stack (both IPv4 and IPv6) for your networking.
How to Answer Questions on Configuring Public IP Addresses When facing AZ-104 scenario questions, follow this logic flow: 1. Identify the Requirement: Does the resource need to communicate with the internet directly? Does it need a DNS name label? 2. Check the Association: Is the IP being attached to a VM, a Load Balancer, a VPN Gateway, or an Application Gateway? 3. Check the Sizing/SKU: Does the scenario mention Availability Zones? If yes, you must choose Standard SKU.
Exam Tips: Answering Questions on Configure public IP addresses Preparing for configuration scenarios requires memorizing specific compatibility rules:
• The SKU Matching Rule: This is a high-probability exam topic. If you have a Standard Load Balancer, you must use Standard Public IP addresses for the backend instances. You cannot mix a Basic Load Balancer with Standard Public IPs or vice versa. • Dynamic vs. Static Assignment: If a question asks for a Public IP that ensures the address remains the same even if the VM is stopped (deallocated), you must configure Static assignment. Note that Standard SKUs are Static by default. • NSG Requirement: If a scenario involves a Standard Public IP and the connection fails, check if an NSG is associated. Unlike Basic IPs, Standard IPs require an NSG to allow traffic. • Dissociation: To delete a Public IP resource, it must first be dissociated from any NIC or Load Balancer. You cannot delete an IP that is currently in use. • Upgrade Path: You cannot change an existing Basic IP to a Standard IP directly. You would need to create a new Standard IP and associate it with the resource.