Azure Tutorials Series - Azure Networking

-
In this article, we will learn about Azure networking concepts such as architecture, microservices, virtual networks, VPNs, subnet, VPN gateways and most importantly Network Security Group(NSG). All these terms are to be understood if you appearing for AZ900 Microsoft Azure Fundamentals exam.

Azure Networking

  • In previous articles we have learnt about Micro- services and how they work, these are alos loosely coupled architecture. Some of the features includes
    • Independent components interact with each other with the help of queues
    • Can be updated and deployed independently
    • Highly scalable
    • Supports Asynchronous messaging

N-tier Architecture

Azure Networking
  • Supports loosely coupled architecture
  • Application divided into multiple tiers such that higher tier can access lower tier but not vice versa
  • Tiers are re-usable and can be updated or replaced easily without any hassle.
  • Three-tier in general
    • Web Tier(front end)
    • Application tier(back end)
    • Data tier(Storage)

Virtual Network

  • Isolated network shared by few groups if given access
  • Can be public or private network

Subnet

  • Virtual network can further be divided into multiple subnets
  • Subnets works according to the users.
  • Subnets cannot overlap
  • Subnets cannot be nested
  • Separating your application into multiple subnets allows you to have different NSG security rules for each subnet, which can make it harder for a hacker to get from one compromised server into another.

VPN Gateway

  • Also called Virtual Network Gateway
  • Mode of communication between the Azure virtual network and on premises location over internet
  • Need to install a software for virtual network and gateways
  • Used to setup a site-to-site VPN.

Network Security Group(NSG)

  • Controls or limits what traffic can flow through a virtual network. Can allow as well as deny incoming traffic
  • Used for communication between virtual machines.
  • Cloud-level firewall for your network
  • Limits the type of connections from the web servers to the database servers.
  • Filters out the traffic according to the source and destination IP address, port and protocol.
  • Could contain multiple inbound and outbound rules.
  • Configure a NSG to allow traffic from trusted IP networks
  • For example, SSH is configured on port 22 to connect to linux systems over SSH.
  • Responsible for inbound as well as outbound traffic
  • Communication between virtual machines takes place through NSG.
  • Used to protect an Azure virtual network subnet.

Firewall

  • Azure Firewall protects inbound and outbound traffic to the internet
  • You could customise Firewall rule
    • for Example, Ranges of IP addresses to allow access
    • typically includes network protocol and port information
  • Used for Non-HTTPS protocols.
  • Also considered as "Perimeter" layer of security.
  • When enabled, it will automatically block traffic to or from known malicious IP addresses and domains, with the option called Threat-intelligence option.
  • Firewall provides network traffic filtering across multiple Azure subscriptions and virtual networks. 

Azure Application Gateway

  • It is a load balancer that includes Web Application Firewall(WAF)
  • Protects websites from known vulnerabilities

Distributed Denial of Service(DDoS)

  • An attack attempted to overwhelm a network resource such that the resource becomes slow or unresponsive, even crashes out the resource
  • Microsoft provides Azure DDoS protection service to monitor your inbound traffic.
  • Can be
    • Basic
    • Standard
Network Integration
  • Integrate on premises networks <==> services in Azure
  • Different ways of network integration
    • VPN
    • ExpressRoute
Azure Express Route
  • Provides dedicated, private connection between your network(on-prem) and Azure
  • Let's you extend your on-premises network into the Microsoft cloud over a private connection

Few points to remember for Az-900
  • VPN Gateway allows to connect networking infrastructure to Azure.
  • Services which allows traffic distribution evenly
    • Azure Load Balancer - non-HTTP(non-web) traffic
    • Azure Application Gateway - used to HTTP(web) traffic
  • Azure CDN is a service used for caching and global distribution of web application content to minimise latency of delivery to customers.
  • Azure virtual network allows to replicate the on-premises network into cloud.
  • Azure Load Balancer is helpful in providing high availability for Azure Services
  • Outbound data transfer is charged at a normal rate while inbound data transfer is free.
  • One VM is created, you need to modify NSG to allow connections to TCP port 8080 on the virtual machine.


Hopefully it covered a lot of terminologies! Happy Learning!

Comments

Post a Comment

Popular posts from this blog

Coforge Interview Questions | Automation Testing profile

-
Image
In this article we will cover recent Coforge Interview questions asked for testing profile.  Date of Interview - 19th December 2020 Mode of Interview - Web conference through TEAMS Interviewer - Rahul Sharma Round - L1 Coforge Interview Questions | Automation testing profile Round L1 Tell me about your project I have been working as a QA for XYZ company from 5.4 years, during this tenure,  I have learnt about Manual testing, Selenium, Database testing, TestNg, framework designing and API testing. What is a webdriver? A webdriver is a an automation framework that allows executing our tests in different browsers. It also supports headless execution using HtmlUnit driver. What are hooks? @Before and @After are called Hooks, they are used before and after any test scenario. How would you like your automation framework to be designed? How can you use data properties in Test NG framework? Explain Access specifiers? Access modifiers define the visibility of the class. There are four different
Read more

Testing in CI/CD

-
If you are part of testing fraternity you would have heard CI/CD numerous times by now. It's the talk of the software testing town. In this article, we will cover the basics of CI/CD, what actually it is and how it is implemented in software testing. What is continuous integration? In simple terms, development teams can integrate their code into a shared repository. This helps in maintaining code quality and identifying potential issues with the local version of the code at an early stage. What is continuous delivery? Everything that is being continuously merged by the development team, is continuously deployed to the live environment. Continuous delivery is often coined as ‘Continuous Deployment’ as well. Since most developers work in parallel, continuously integrating their code into one repository would mean that the master branch is continuously updated with new features. In order to ensure that there is no compromise in the code quality with so many changes
Read more