Microsoft Azure supports a variety of options for both internal and external networking. In this course, you will learn how to design a network implementation using the appropriate Azure services.
Some of the highlights include:
- Configuring virtual networks to connect Azure resources to each other
- Deploying public and private load balancers to distribute incoming traffic to a pool of backend VMs
- Load balancing across multiple regions using Azure Traffic Manager
- Connecting on-premises networks to Azure either directly using ExpressRoute or over the internet through a site-to-site or point-to-site VPN
- Overriding system default routes to meet your own custom routing needs
- Protecting your applications from attacks with a web application firewall
- Using network security groups to create a demilitarized zone (DMZ)
- Building hybrid applications that include both Azure and on-premises resources using Azure Relay
- Copying on-premises data to Azure using Data Factory, the Self-hosted Integration Runtime, and the On-Premises Data Gateway
Learning Objectives
- Design Azure virtual networks
- Design external connectivity for Azure virtual networks
- Design network security strategies for Azure
- Design connectivity for hybrid Azure applications
Intended Audience
- People who want to become Azure cloud architects
- People preparing for a Microsoft Azure certification exam
Prerequisites
- General knowledge of IT infrastructure and networking
As soon as you deploy more than one virtual machine in Azure, you’ll probably have to get them to communicate with each other. You can do that easily by putting them in the same Azure virtual network (or vnet). You can put lots of other Azure services in vnets, too, such as Service Fabric, Kubernetes Service, and HDInsight. You can also create multiple vnets and they will all be isolated from each other.
When you create a virtual network, you specify what IP address space to use. You also need to create at least one subnet that uses a portion of the vnet’s IP address space. Then an Azure DHCP server will assign addresses from that subnet’s IP address range to the network interfaces on the VMs.
If you need name resolution so the VMs in a virtual network can communicate with each other more easily, then the easiest solution is to use Azure-provided name resolution, which doesn’t require any configuration. If you need additional capabilities, such as name resolution for your on-premises servers, then you can provision your own DNS server in the vnet. You can still let Azure take care of the name resolution for your VMs by having your DNS server forward those types of queries to Azure.
If you want to use custom domain names or if you need name resolution between virtual networks, then one option is to use the Private Zones feature of Azure DNS. It’s specifically designed for these scenarios.
By default, all resources in a virtual network can send outbound requests to the internet. If you need any of your resources to accept inbound connections from the internet, then you can assign public IP addresses to them. Bear in mind that there’s an hourly charge for reserving public IP addresses, whether you’re using them or not.
Not every type of Azure service can reside in a virtual network, particularly storage and databases. You can get a secure connection between those services and your vnets, though, by using a virtual network service endpoint. This lets you extend the address space in your vnet to the other service and it ensures that the traffic between them stays on the Azure backbone network. Service endpoints are configured on specific subnets. The services supported by service endpoints are Azure Storage, SQL Database, Cosmos DB, and SQL Data Warehouse.
And that’s it for virtual network design.
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).