1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Designing an Azure Network Implementation

Azure Virtual Networks

Contents

keyboard_tab
Azure Network Implementation
1
Introduction
PREVIEW1m 30s

The course is part of these learning paths

Microsoft Azure for Solution Architects
course-steps
28
certification
5
lab-steps
14
AZ-304 Exam Preparation: Designing a Microsoft Azure Architecture
course-steps
17
certification
5
lab-steps
8
description
1
AZ-303 Exam Preparation: Technologies for Microsoft Azure Architects
course-steps
28
certification
4
lab-steps
13
description
1
Architecting Microsoft Azure Solutions
course-steps
8
certification
5
lab-steps
5
Azure Services for Security Engineers
course-steps
7
certification
3
lab-steps
3
more_horizSee 2 more
play-arrow
Azure Virtual Networks
Overview
DifficultyBeginner
Duration38m
Students3262
Ratings
4.6/5
starstarstarstarstar-half

Description

Microsoft Azure supports a variety of options for both internal and external networking. In this course, you will learn how to design a network implementation using the appropriate Azure services.

Some of the highlights include:

  • Configuring virtual networks to connect Azure resources to each other
  • Deploying public and private load balancers to distribute incoming traffic to a pool of backend VMs
  • Load balancing across multiple regions using Azure Traffic Manager
  • Connecting on-premises networks to Azure either directly using ExpressRoute or over the internet through a site-to-site or point-to-site VPN
  • Overriding system default routes to meet your own custom routing needs
  • Protecting your applications from attacks with a web application firewall
  • Using network security groups to create a demilitarized zone (DMZ)
  • Building hybrid applications that include both Azure and on-premises resources using Azure Relay
  • Copying on-premises data to Azure using Data Factory, the Self-hosted Integration Runtime, and the On-Premises Data Gateway

Learning Objectives

  • Design Azure virtual networks
  • Design external connectivity for Azure virtual networks
  • Design network security strategies for Azure
  • Design connectivity for hybrid Azure applications

Intended Audience

  • People who want to become Azure cloud architects
  • People preparing for a Microsoft Azure certification exam

Prerequisites

  • General knowledge of IT infrastructure and networking

Transcript

As soon as you deploy more than one virtual machine in Azure, you’ll probably have to get them to communicate with each other. You can do that easily by putting them in the same Azure virtual network (or vnet). You can put lots of other Azure services in vnets, too, such as Service Fabric, Kubernetes Service, and HDInsight. You can also create multiple vnets and they will all be isolated from each other.

 

When you create a virtual network, you specify what IP address space to use. You also need to create at least one subnet that uses a portion of the vnet’s IP address space. Then an Azure DHCP server will assign addresses from that subnet’s IP address range to the network interfaces on the VMs.

 

If you need name resolution so the VMs in a virtual network can communicate with each other more easily, then the easiest solution is to use Azure-provided name resolution, which doesn’t require any configuration. If you need additional capabilities, such as name resolution for your on-premises servers, then you can provision your own DNS server in the vnet. You can still let Azure take care of the name resolution for your VMs by having your DNS server forward those types of queries to Azure.

 

If you want to use custom domain names or if you need name resolution between virtual networks, then one option is to use the Private Zones feature of Azure DNS. It’s specifically designed for these scenarios.

 

By default, all resources in a virtual network can send outbound requests to the internet. If you need any of your resources to accept inbound connections from the internet, then you can assign public IP addresses to them. Bear in mind that there’s an hourly charge for reserving public IP addresses, whether you’re using them or not.

 

Not every type of Azure service can reside in a virtual network, particularly storage and databases. You can get a secure connection between those services and your vnets, though, by using a virtual network service endpoint. This lets you extend the address space in your vnet to the other service and it ensures that the traffic between them stays on the Azure backbone network. Service endpoints are configured on specific subnets. The services supported by service endpoints are Azure Storage, SQL Database, Cosmos DB, and SQL Data Warehouse.

 

And that’s it for virtual network design.

About the Author
Students60175
Courses62
Learning paths65

Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).