This document provides an overview of Azure networking components and concepts that will be covered in Module 2, Lesson 1 of a Microsoft Azure training course. It defines Azure networking elements like virtual networks, subnets, network interface cards, IP addresses, network security groups, load balancers, and virtual network connectivity options. The lesson aims to explain the fundamentals and purpose of Azure networking so students understand how to implement and manage virtual networks and connectivity in Azure.
5. Module 2 – Lesson 1 – Overview of Azure networking
Azure Virtual Network (VNet)
• Serves the same purpose as on-premises network – The fundamentals are the same
• Azure VNets allow Azure resources to communicate (with each other + internet)
• Can use used for resource isolation
• VNets can be connected to other VNets
• Can be used to connect to on-premises network
• Have native cloud characteristics
• All Azure Virtual Machines deploy to VNets – VNets need to be configured first
• VNets support TCP/UDP & ICMP
SERVER1
(IP ADDRESSES)
VNet
Address Space
SERVER2
(IP ADDRESSES)
6. Module 2 – Lesson 1 – Overview of Azure networking
VNet Subnets
• Facilitate resource isolation/segmentation (remember vlans?)
• Each subnet contains a range of IP addresses (subset of VNet address space)
• Azure VNet subnets facilitate resources to communicate among each other
VNet
Address Space
(10.3.0.0/16)
VNet
Address Space
(10.3.0.0/16)
SERVER1
(10.3.1.5)
SERVER2
(10.3.1.6)
SERVER3
(10.3.2.5)
SERVER4
(10.3.2.6)
SERVER5
(10.3.3.5)
SERVER6
(10.3.3.6)
Subnet1: 10.3.1.0/24 Subnet2: 10.3.2.0/24 Subnet3: 10.3.3.0/24
7. Module 2 – Lesson 1 – Overview of Azure networking
Network Interface Card (NIC)
• Azure Virtual Machines use virtual network adapters
• Network adapters connect to VNet Subnets for network communication
• Multiple network adapters can connect to a virtual machine (depending on VM size)
8. Module 2 – Lesson 1 – Overview of Azure networking
Azure IP Addresses
• Azure provides unique IP addresses to network enabled devices
• 2 types of IP addresses are provided by Azure:
1. Private IP addresses – allows for internal network communications (sort of)
2. Public IP addresses – allows connectivity to the internet
a) Basic SKU – Support both dynamic and static allocation methods
b) Standard SKU – Supports only static allocation method
9. Module 2 – Lesson 1 – Overview of Azure networking
Network Security Groups (NSG)
• Used to filter inbound and outbound traffic to Azure resources
• Basically a collection of firewall rules that can be associated with a VNet
• Allows for creating subnet isolation
• Can be set on a VM NIC directly for granular controls
10. Module 2 – Lesson 1 – Overview of Azure networking
Azure VNet based DNS
• Built-in DNS support with Azure VNets
• Usually sufficient for some specific cases
• You still may need your own DNS server
Azure DNS
• Provides hosting for public DNS zones
• You own your domain name
11. Module 2 – Lesson 1 – Overview of Azure networking
Azure Load Balancer
• Used for creating high availability (HA)
• Network load balancer - Layer 3 capabilities
• Two types of Load Balancers in Azure
1. Public Load Balancer
2. Internal Load Balancer
• 2 SKUs – Basic (free) and Standard
12. Module 2 – Lesson 1 – Overview of Azure networking
Azure Application Gateway
• Used at the application layer
• Can be used to load balance services (Application load balancer)
• Beyond Azure’s load balancers – SSL offloading, URL path routing,
advanced affinity based on cookies
• Can be used as a WAF (Web Application Firewall)
protect web apps from vulnerabilities and exploits
13. Module 2 – Lesson 1 – Overview of Azure networking
Azure Traffic Manager
• DNS-based traffic load balancer that enables distribution of traffic to services across global Azure regions
• Global Load Balancer (GLB)
• Uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method
and the health of the endpoints
• Can load balance between Azure regions, on-premises datacenters, other cloud providers
14. Module 2 – Lesson 1 – Overview of Azure networking
Service endpoints
• Usually IaaS traffic to PaaS go over public network
• Allows to filter inbound and outbound traffic to Azure resources (primarily PaaS)
• Traffic from VNet to the Azure service always remains on the Microsoft Azure backbone network
• Improved security – Azure service resources are bound to VNet and public access to service
resource can be fully removed
15. Module 2 – Lesson 1 – Overview of Azure networking
Routing
• User Defined Routes (UDR) – Route tables with one or more routes altering the behavior of
default routes. Applied to VNet subnets.
• Border Gateway Protocol (BGP) configuration – Configure dynamic route updates between on-
premises networks and Azure VNets in a hybrid scenario.
Forced Tunneling
• Special UDR. Forces all traffic generated from Azure VNets to on-premises network
17. Training Site: http://www.cloudranger.net/azure-training
YouTube : https://www.youtube.com/c/CloudrangerNetwork
Slides : http://www.slideshare.net/shawnismail
Twitter : @shawnismail
GitHub : https://github.com/shawnismail/cloudranger
LinkedIn : https://www.linkedin.com/in/shawnismail
Nominate me as a Microsoft MVP!
https://mvp.microsoft.com/en-US/Nomination/nominate-an-mvp
Thank you for viewing and please the videos on
Module 2 – Lesson 1 – Overview of Azure Networking