Azure Tutorials Series - Azure Networking

In this article, we will learn about Azure networking concepts such as architecture, microservices, virtual networks, VPNs, subnet, VPN gateways and most importantly Network Security Group(NSG). All these terms are to be understood if you appearing for AZ900 Microsoft Azure Fundamentals exam.

Azure Networking

  • In previous articles we have learnt about Micro- services and how they work, these are alos loosely coupled architecture. Some of the features includes
    • Independent components interact with each other with the help of queues
    • Can be updated and deployed independently
    • Highly scalable
    • Supports Asynchronous messaging

N-tier Architecture

Azure Networking
  • Supports loosely coupled architecture
  • Application divided into multiple tiers such that higher tier can access lower tier but not vice versa
  • Tiers are re-usable and can be updated or replaced easily without any hassle.
  • Three-tier in general
    • Web Tier(front end)
    • Application tier(back end)
    • Data tier(Storage)

Virtual Network

  • Isolated network shared by few groups if given access
  • Can be public or private network

Subnet

  • Virtual network can further be divided into multiple subnets
  • Subnets works according to the users.
  • Subnets cannot overlap
  • Subnets cannot be nested
  • Separating your application into multiple subnets allows you to have different NSG security rules for each subnet, which can make it harder for a hacker to get from one compromised server into another.

VPN Gateway

  • Also called Virtual Network Gateway
  • Mode of communication between the Azure virtual network and on premises location over internet
  • Need to install a software for virtual network and gateways
  • Used to setup a site-to-site VPN.

Network Security Group(NSG)

  • Controls or limits what traffic can flow through a virtual network. Can allow as well as deny incoming traffic
  • Used for communication between virtual machines.
  • Cloud-level firewall for your network
  • Limits the type of connections from the web servers to the database servers.
  • Filters out the traffic according to the source and destination IP address, port and protocol.
  • Could contain multiple inbound and outbound rules.
  • Configure a NSG to allow traffic from trusted IP networks
  • For example, SSH is configured on port 22 to connect to linux systems over SSH.
  • Responsible for inbound as well as outbound traffic
  • Communication between virtual machines takes place through NSG.
  • Used to protect an Azure virtual network subnet.

Firewall

  • Azure Firewall protects inbound and outbound traffic to the internet
  • You could customise Firewall rule
    • for Example, Ranges of IP addresses to allow access
    • typically includes network protocol and port information
  • Used for Non-HTTPS protocols.
  • Also considered as "Perimeter" layer of security.
  • When enabled, it will automatically block traffic to or from known malicious IP addresses and domains, with the option called Threat-intelligence option.
  • Firewall provides network traffic filtering across multiple Azure subscriptions and virtual networks. 

Azure Application Gateway

  • It is a load balancer that includes Web Application Firewall(WAF)
  • Protects websites from known vulnerabilities

Distributed Denial of Service(DDoS)

  • An attack attempted to overwhelm a network resource such that the resource becomes slow or unresponsive, even crashes out the resource
  • Microsoft provides Azure DDoS protection service to monitor your inbound traffic.
  • Can be
    • Basic
    • Standard
Network Integration
  • Integrate on premises networks <==> services in Azure
  • Different ways of network integration
    • VPN
    • ExpressRoute
Azure Express Route
  • Provides dedicated, private connection between your network(on-prem) and Azure
  • Let's you extend your on-premises network into the Microsoft cloud over a private connection

Few points to remember for Az-900
  • VPN Gateway allows to connect networking infrastructure to Azure.
  • Services which allows traffic distribution evenly
    • Azure Load Balancer - non-HTTP(non-web) traffic
    • Azure Application Gateway - used to HTTP(web) traffic
  • Azure CDN is a service used for caching and global distribution of web application content to minimise latency of delivery to customers.
  • Azure virtual network allows to replicate the on-premises network into cloud.
  • Azure Load Balancer is helpful in providing high availability for Azure Services
  • Outbound data transfer is charged at a normal rate while inbound data transfer is free.
  • One VM is created, you need to modify NSG to allow connections to TCP port 8080 on the virtual machine.


Hopefully it covered a lot of terminologies! Happy Learning!

Comments

  1. We have experts to handle the Devops Proxy Support call from India and a team of highly experienced IT professionals. We help you to improve your site rankings and solve various kinds of problems. Devops Proxy Support, Aws Proxy Support, Aws Interview Support, Azure Proxy Support, Azure Interview Support, Devops Interview Support, Devops Proxy Support, Aws Proxy Support, Devops Proxy Interview Support Provides DevOps Online Job Support From India and AWS DevOps, Azure DevOps Proxy Interview Support with experts. Contact Now! 7339826411

    ReplyDelete
  2. We have experts to handle the Devops Proxy Support call from India and a team of highly experienced IT professionals. We help you to improve your site rankings and solve various kinds of problems. Devops Proxy Support, Aws Proxy Support, Aws Interview Support, Azure Proxy Support, Azure Interview Support, Devops Interview Support, Devops Proxy Support, Aws Proxy Support, Devops Proxy Interview Support Provides DevOps Online Job Support From India and AWS DevOps, Azure DevOps Proxy Interview Support with experts. Contact Now! 7339826411

    ReplyDelete

Post a Comment

Popular posts from this blog

Testing in CI/CD

Azure Tutorials Series - IaaS vs PaaS vs SaaS