The course is part of this learning path
Azure Services for Security Engineers
Microsoft Azure Virtual Network
Network Security Groups
During this course, we will explore the primary components that are offered by Microsoft Azure Virtual Network under Microsoft Azure Resource Manager (ARM). This is sometimes known as IaaSv2. For the sake of clarity, this course does not cover IaaSv1, which is Microsoft Azure infrastructure services provisioned using the Azure Service Management (ASM) REST API. In addition to covering Azure Virtual Network concepts, we'll also demonstrate the deployment and management of these services using the Microsoft Azure Portal, Cross-Platform (xPlat) CLI Tool, and the Azure Resource Manager PowerShell module.
The components offered by Azure Virtual Network are:
Virtual Networks - Using Microsoft Azure Virtual Networks, you can deploy Azure services such as infrastrucutre Virtual Machine (IaaS), Redis Cache, and Web Apps. Each Virtual Network can have more than one overarching address space defined, and is subdivided into one or more subnets.
Network Security Groups - These are essentially Layer 4 (OSI model) firewall rules that allow you to limit the flow of network traffic at the Subnet and individual Network Interface layers. Each Network Security Group can contain up to 200 individual Network Security Rules, which allow or deny traffic, based on a variety of parameters, such as the source / destination IP address and ports, the network protocol, rule priority, and others. Network Security Groups must be created in the same Azure Region (Location) as the Virtual Network subnet that it will be associated with.
VPN Gateway - Using Microsoft Azure VPN Gateway, you can securely connect globally-distributed Virtual Networks together, as well as extending on-premises networks into the cloud. This scenario is known as Site-to-Site (S2S) connectivity, and is also commonly called "hybrid networking." You can also enable Point-to-Site (P2S) connectivity, where the "point" is a client device that connects directly to the Virtual Network, and and enables private access to network resources over a secure Virtual Private Network (VPN) connection. The P2S model is particularly useful for deploying lab environments in Microsoft Azure, that are only accessible through a private interface, or other cloud-based workloads that don't require public access.
Load Balancer - Using the Microsoft Azure Load Balancer, you can build and deploy geographically distributed, high performance, highly available applications. Load Balancers can be exposed publicly, through the use of a Public IP Address resource, or they can simply be deployed into a Virtual Network subnet for private, internal access. The Load Balancer health probe ensures the availability and health of the application, on each endpoint. Endpoints are dynamically added and removed from the Load Balancer's rotation.
Route Tables - Microsoft Azure Virtual Networks support custom Route Tables, allowing you to shape the flow of cloud-based network traffic. One of the more common use cases of custom Route Tables is to route all network traffic through a Virtual Appliance that is responsible for ensuring the security of network traffic. A Route Table can be created, by itself, directly inside an ARM Resource Group, but it must be associated with a Virtual Network subnet in order to take effect on network traffic.
Join us as we dive into Azure Virtual Network concepts, deployment, and management!
If you have thoughts or suggestions for this course, please contact Cloud Academy at email@example.com.
About the Author
Trevor Sullivan is a Microsoft MVP for Windows PowerShell, and enjoys working with cloud and automation technologies. As a strong, vocal veteran of the Microsoft-centric IT field since 2004, Trevor has developed open source projects, provided significant amounts of product feedback, authored a large variety of training resources, and presented at IT functions including worldwide user groups and conferences.