Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking

Microsoft Azure Training
2018
Shawn Ismail
http://www.cloudranger.net

Shawn Ismail
Microsoft Azure MVP
Module 2 – Implementing and managing Azure
networking
Lesson 1 – Overview of Azure networking
Twitter: @shawnismail | Blog: http://www.cloudranger.net | LinkedIn: https://www.linkedin.com/in/shawnismail
YouTube: https://www.youtube.com/c/CloudrangerNetwork
GitHub: https://github.com/shawnismail/cloudranger | Slides: http://www.slideshare.net/shawnismail

Module 2 – Lesson 1 – Overview of Azure networking
Overview of Module 3
• Overview of Azure networking
• Implementing and managing virtual networks
• Configuring an Azure virtual network
• Configuring virtual network connectivity

Azure networking components
• Virtual networks (VNet)
• Subnets
• Network Interface Cards (NICs)
• IP Address (Public and Private)
• Network Security Groups
• VNet DNS
• Azure DNS
• Azure Load Balancers
• Azure Application Gateway
• Azure Traffic Manager
• Routing
• Virtual Network Connectivity
• Virtual Network Gateway

Azure Virtual Network (VNet)
• Serves the same purpose as on-premises network – The fundamentals are the same
• Azure VNets allow Azure resources to communicate (with each other + internet)
• Can use used for resource isolation
• VNets can be connected to other VNets
• Can be used to connect to on-premises network
• Have native cloud characteristics
• All Azure Virtual Machines deploy to VNets – VNets need to be configured first
• VNets support TCP/UDP & ICMP
SERVER1
(IP ADDRESSES)
VNet
Address Space
SERVER2
(IP ADDRESSES)

VNet Subnets
• Facilitate resource isolation/segmentation (remember vlans?)
• Each subnet contains a range of IP addresses (subset of VNet address space)
• Azure VNet subnets facilitate resources to communicate among each other
VNet
Address Space
(10.3.0.0/16)
VNet
Address Space
(10.3.0.0/16)
SERVER1
(10.3.1.5)
SERVER2
(10.3.1.6)
SERVER3
(10.3.2.5)
SERVER4
(10.3.2.6)
SERVER5
(10.3.3.5)
SERVER6
(10.3.3.6)
Subnet1: 10.3.1.0/24 Subnet2: 10.3.2.0/24 Subnet3: 10.3.3.0/24

Network Interface Card (NIC)
• Azure Virtual Machines use virtual network adapters
• Network adapters connect to VNet Subnets for network communication
• Multiple network adapters can connect to a virtual machine (depending on VM size)

Azure IP Addresses
• Azure provides unique IP addresses to network enabled devices
• 2 types of IP addresses are provided by Azure:
1. Private IP addresses – allows for internal network communications (sort of)
2. Public IP addresses – allows connectivity to the internet
a) Basic SKU – Support both dynamic and static allocation methods
b) Standard SKU – Supports only static allocation method

Network Security Groups (NSG)
• Used to filter inbound and outbound traffic to Azure resources
• Basically a collection of firewall rules that can be associated with a VNet
• Allows for creating subnet isolation
• Can be set on a VM NIC directly for granular controls

Azure VNet based DNS
• Built-in DNS support with Azure VNets
• Usually sufficient for some specific cases
• You still may need your own DNS server
Azure DNS
• Provides hosting for public DNS zones
• You own your domain name

Azure Load Balancer
• Used for creating high availability (HA)
• Network load balancer - Layer 3 capabilities
• Two types of Load Balancers in Azure
1. Public Load Balancer
2. Internal Load Balancer
• 2 SKUs – Basic (free) and Standard

Azure Application Gateway
• Used at the application layer
• Can be used to load balance services (Application load balancer)
• Beyond Azure’s load balancers – SSL offloading, URL path routing,
advanced affinity based on cookies
• Can be used as a WAF (Web Application Firewall)
protect web apps from vulnerabilities and exploits

Azure Traffic Manager
• DNS-based traffic load balancer that enables distribution of traffic to services across global Azure regions
• Global Load Balancer (GLB)
• Uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method
and the health of the endpoints
• Can load balance between Azure regions, on-premises datacenters, other cloud providers

Service endpoints
• Usually IaaS traffic to PaaS go over public network
• Allows to filter inbound and outbound traffic to Azure resources (primarily PaaS)
• Traffic from VNet to the Azure service always remains on the Microsoft Azure backbone network
• Improved security – Azure service resources are bound to VNet and public access to service
resource can be fully removed

Routing
• User Defined Routes (UDR) – Route tables with one or more routes altering the behavior of
default routes. Applied to VNet subnets.
• Border Gateway Protocol (BGP) configuration – Configure dynamic route updates between on-
premises networks and Azure VNets in a hybrid scenario.
Forced Tunneling
• Special UDR. Forces all traffic generated from Azure VNets to on-premises network

Virtual Network Connectivity
• Connectivity to Azure VNets from outside Azure network
• Point-to-site VPN
• Site-to-site VPN
• Azure ExpressRoute
• VNet Peering
• VNet-to-VNet connection
Azure virtual network gateway

Training Site: http://www.cloudranger.net/azure-training
YouTube : https://www.youtube.com/c/CloudrangerNetwork
Slides : http://www.slideshare.net/shawnismail
Twitter : @shawnismail
GitHub : https://github.com/shawnismail/cloudranger
LinkedIn : https://www.linkedin.com/in/shawnismail
Nominate me as a Microsoft MVP!
https://mvp.microsoft.com/en-US/Nomination/nominate-an-mvp
Thank you for viewing and please the videos on
Module 2 – Lesson 1 – Overview of Azure Networking

Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking

More Related Content

What's hot (20)

Similar to Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking (20)

More from Shawn Ismail (10)

Recently uploaded (20)

Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking