Azure Network Services

Rumman Ansari Software Engineer 2024-07-10 09:39:59 56 Share
Subject Syllabus Details Subject Details

☰ TContent

☰Fullscreen

Table of Content:

Azure Network Services

Microsoft Azure Network Services offer the foundation for developing hybrid cloud solutions with the help of following essential resources.

Azure Virtual Network: Isolated network within the Microsoft Azure cloud.
Azure Traffic Manager: Controls how user traffic is distributed between geographies in cloud services.
Name Resolution Service: For internal hostname resolution within a cloud service.
Azure ExpressRoute: Extend on-premises networks into the virtual network over a dedicated private connection facilitated by a connectivity provider.
Application Gateway: works at the application layer and acts as a reverse-proxy service, terminating the client connection and forwarding requests to back-end endpoints.

What is Virtual Network?

Virtual Network, also known as a VNet constitutes a logical boundary defined by a private IP address space that you designate. You can distribute IP address space into one or more subnets. This makes it functionally equivalent to on-premises networks.

VNets are similar to AWS VPC (Virtual Private Cloud), offering various networking features like the ability to customize inter-VM connectivity, Virtual Private Networks (VPN), access control, DNS, routing, and DHCP blocks.

Why Virtual Network?

Azure Virtual Network allows to securely connect cloud infrastructure to your on-premises datacenter.

Virtual Networks allow to set up a virtual lab in the cloud by enabling connectivity to on-premises resources with the help of Point-To-Site and Site-to-Site VPN connections.
Virtual Network also acts as a DHCP server, which allows configuring a DNS server to be leased out when a virtual machine is a spin up in the cloud.

VNet Capabilities

Isolation - VNets are isolated from one another. One can create separate VNets for development, testing, and production that use the same CIDR address blocks.
Internet Connectivity - By default, all Azure Virtual Machines (VM) and Cloud Services role instances are connected to a VNet and have access to the Internet.
VNet Connectivity - VNet to VNet gateway needs to be configured to establish a connection between VNets.
On-premises Connectivity - VNets can be connected to on-premises networks through point to site, site to site.

VNet Capabilities...

Azure Resource Connectivity - Azure resources such as Cloud Services and VMs can be connected to the same VNet. These resources can connect to each other using private IP addresses, even if they are on separate subnets.

Azure offers default routing between subnets, VNets, and on-premises networks, thus avoiding the need to configure and manage routes.

Traffic Filtering - VM and Cloud Services role instance network traffic can be filtered outbound and inbound by destination IP address and port, source IP address and port, and protocol.
Routing - Azure allows User-defined routes and BGP routes.
Load balancing and traffic direction - Load balances traffic to servers.

VNet Components - Subnets

A subnet is a range of IP addresses in the VNet. We can divide a VNet into multiple subnets for organization and security.

Additionally, we can configure VNet routing tables and Network Security Groups (NSG) to a subnet.

VNet Components - IP Addresses

There are two types of IP addresses that can be assigned to an Azure resource:

Public IP Address is used for internet/public-facing communication.
Private IP Address is used for communication within a VNet, and when using VPN gateway or ExpressRoute.

Both Public and Private IP Address can be assigned through DHCP (Dynamic Host Configuration Protocol).

Dynamic IP is allocated by default to the VM from the subnet via DHCP. When VM is started/stopped, the IP may be released/renewed based on the DHCP lease.
Static IP can be allocated to a VM, which is only released when the VM is deleted.

VNet Components - NSGs

Network Security Groups (NSGs) allow or deny traffic (through a rule base), to either a network interface or a subnet. By default the outbound and inbound rules include an implied deny all .

NSGs are stateful, meaning that the TCP sequence numbers are checked in addition to checking if the connection is already established.

Network Services - Load balancing

Azure provides three different load balancing solutions:

Azure Traffic Manager: DNS is used to direct traffic to the necessary destination. There are three destination selection methods - failover, performance or round robin.
Azure Load Balancer: Performs L4 load balancing within a Virtual Network. Currently only supports round robin distribution.
Azure Application Gateway: Performs L7 load balancing. Supports HTTP request based load balancing, SSL Termination, and cookie-based persistence.

Network Services - DNS and Routing Tables

DNS name resolution - Built-in (default) and support for custom (customer-owned) DNS.
Routing Tables - Azure provides user defined routes and forced tunneling methods.

Intersite Connectivity - Methods

There are two types of gateways.

VPN - Traffic is encrypted within the endpoints by the following modes:
- Site-to-Site - Traffic is secured using IPSEC/IKE between two VPN gateways, for example between Azure and an on-premise firewall.
- Point-to-Point - Via a VPN client, a user connects to Azure, and traffic is encrypted using TLS (Transport Layer Security).
- VNet-to-VNet - Traffic is secured between two Virtual Networks using IPSEC/IKE.
Express Route - It provides a dedicated peered connection into Azure.

Intersite Connectivity Detailed

VNet to VNet Connectivity - VPN can be used to connect two or more Azure VNets. Such connections are termed VNet-to-VNet VPNs.
A Point-to-Site VPN - connects a single computer to a VNet. To create this connection, you must configure each on-premises computer that you want to use, with the resources in the VNet.
A Site-to-Site VPN - connects an on-premises network and all its computers to a VNet. To create this connection, you must configure a gateway and IP routing in the on-premises network. But it is not necessary to configure individual on-premises computers.
ExpressRoute Connectivity - An ExpressRoute connection is a dedicated server that does not connect to the public Internet. By using ExpressRoute, you can increase security, reliability, and bandwidth.

Stay Ahead of the Curve! Check out these trending topics and sharpen your skills.

Introduction: Highlighted the importance of Azure certifications for beginners and cloud professionals.
Course Overview: Provided detailed insights into the topics covered, such as Azure cloud services, pricing, support, and core cloud concepts.
Target Audience: The course is ideal for students, IT professionals, and individuals looking to start a cloud computing career.
Practice Tests: Offer sample practice questions and mock exams to simulate the AZ-900 test experience.
Benefits: Get benefits of getting Azure certified, including career opportunities and the growth of cloud computing.