SlideShare ist ein Scribd-Unternehmen logo

CCI2019 - Architecting and Implementing Azure Networking

W
walk2talk srl

Una conoscenza approfondita dei vari aspetti legati al networking di Azure è fondamentale per implementare cloud ibridi in modo sicuro e allo stesso tempo funzionale. In questa sessione saranno esplorati a 360° gli elementi chiave da tenere in considerazione per realizzare architetture di rete ibride, sfruttando al meglio i vari servizi offerti dalla piattaforma Azure, al fine di realizzare la miglior integrazione con l’ambiente on-premises, senza mai trascurare la sicurezza. Durante l’intervento si scenderà nel dettaglio di architetture di rete ibride avanzate, mostrando esempi reali, frutto di un'esperienza diretta sul campo. By Francesco Molfese

Technologie
1 von 41
CLOUD CONFERENCE ITALIA 2019
SPONSOR
ARCHITECTING AND IMPLEMENTING AZURE NETWORKING Francesco Molfese
WHO AM I? Francesco Molfese Senior Consultant presso Progel Spa, Microsoft MVP Cloud and Datacenter Management Francesco Molfese francesco.molfese@progel.it Linkedin: francescomolfese Twitter: @FrancescoMolf Microsoft MVP, MCT
ZERO TRUST ARCHITECTURE Devices Security Policy Enforcement Identities Visibility and Analytics Automation Data Apps Infrastructure Network 1 2 3
ZERO TRUST NETWORKING MATURITY MODEL Security Enforcement ty and Analytics utomation Data Apps Infrastructure Network Network
Segment Prevent lateral movement and data exfiltration Protect Secure network with threat intelligence Deploy securely across DevOps process AZURE NETWORK SECURITY Connect Embrace distributed connectivity
ACHIEVING ZERO TRUST WITH AZURE NETWORKING Cloud-Native Network Security Services Networking Partner Solutions Defense-in-Depth + Software Defined Network (SDN) Virtual Networks Network Security Groups User Defined Routes Load Balancer Azure Firewall Azure DDoS Protection Azure Web Application Firewall Azure PrivateLink
NETWORK SEGMENTATION
NETWORK SEGMENTATION Web Application Firewall Virtual Network Network Security Group Azure FirewallSubscription
NETWORK AND APPLICATION SECURITY GROUPS Network Security Groups  Protects your workloads with distributed ACLs  Simplified configuration with augmented security rules  Enforced at every host, applied on multiple subnets Application Security Groups  Micro-segmentation for dynamic workloads  Named monikers for groups of VMs  Removes management of IP addresses Service Tags  Named monikers for Azure service IPs  Many Services tagged including AzureCloud Logging and troubleshooting  NSG flow logs for traffic monitoring  Integrated with Network Watcher  JIT access policies with Azure Security Center
Monitoring VMs App Servers Database Servers Log Servers Web Servers Domain Servers Quarantine VMs Domain Clients Network Security Group (NSG) Action Name Source Destination Port Deny QurantineVMs Any QurantineVMs Any Allow AllowInternetToWebServers Internet WebServers 80,443(HTTP) Allow AllowWebToApp WebServers AppServers 443 (HTTPS) Allow AllowAppToDb AppServers DatabaseServers 1443 (MSSQL) Allow AllowAppToLogServers AppServers LogServers 8089 Allow AllowOnPrem 10.10.0.0/16 192.168.10.0/24 MonitoingVMs 80 (HTTP) Deny DenyAllInbound Any Any Any NETWORK SECURITY FOR YOUR VNET TRAFFIC
AZURE PRIVATE LINK HIGHLY SECURE AND PRIVATE CONNECTIVITY SOLUTION FOR AZURE PLATFORM Private endpoint Storage 10.0.0.5 SQL DWSQL Private Link Service Deny Internet Deny Internet ER Gateway On-premises Private Link Customer owned services Azure PaaS services Marketplace services Virtual Network (10.0.0.0/16) ER Private Peering Private access from Virtual Network resources, peered networks and on-premise networks In-built Data Exfiltration Protection Predictable private IP addresses for PaaS resources Unified experience across PaaS, Customer Owned and marketplace Services
CONNECT
HYBRID CONNECTIVITY OPTIONS Secure site-to-site VPN connectivity • Connect to Azure compute from on-premises or another Azure region Secure point-to-site connectivity • POC Efforts • Small scale deployments • Connect from anywhere ExpressRoute connectivity • Connectivity from your on- premises data center to Azure virtual networks and PaaS Services VNet Peering • VNet-to-VNet connectivity • Direct VM-to-VM connectivity • Peer VNets for routing and transit
SKUs Aggregate throughput P2S connections IKEv1/v2 VpnGw1 650 Mbps 250 IKEv1+IKEv2 VpnGw2 1 Gbps 500 IKEv1+IKEv2 VpnGw3 2.5 Gbps 1000 IKEv1+IKEv2 VpnGw4 5 Gbps 5,000 IKEv1+IKEv2 VpnGw5 10 Gbps 10,000 IKEv1+IKEv2 VPN PREVIEW PREVIEW P2S AAD auth + MFA Azure VPN Client (Windows App)  OpenVPN protocol  Native AAD authentication with MFA  Client-side Diagnostics, Logs, & Metrics S2S High throughput VPN – 10Gbps  New Azure VPN gateways – VpnGw3/4/5  Up to 10 Gbps aggregate  Up to 10,000 P2S connections IKEv1 + IKEv2 on VpnGw1-5  IKEv1 on new VpnGw SKUs (1 ~ 5)  Multiple IKEv1 S2S tunnels  IKEv1 and IKEv2 on the same VPN gateway VPN gateway packet capture  With 5-tuple packet filter  ETW or PCAP formats Custom IKE traffic selectors PREVIEW GA GA COMING SOON
AZURE VPN CLIENT Supports • OpenVPN protocol • Native Azure Active Directory authentication • Conditional access through Azure AD • Multi-factor authentication • Diagnostic Tool • Logs • Metrics (Preview)
HUB & SPOKE ARCHITECTURE
HUB-SPOKE BENEFITS  Cost savings by centralizing services that can be shared by multiple workloads, such as network virtual appliances (NVAs) and DNS servers, in a single location.  Overcome subscriptions limits by peering VNets from different subscriptions to the central hub.  Separation of concerns between central IT (SecOps, InfraOps) and workloads (DevOps).
Region 1 Private WAN THE BEGINNING….  Branch Office  HQ/Bigger Office  Users  Private WAN  Shared Services
Region 1 Private WAN Region 2 Region 3  More…Branch Office  More…HQ/Bigger Office  More….Users  Private WAN  Shared Services MORE………..
Region 1 Private WAN Region 2 Region 3 GETTING ADVANCED…
Region 1 Private WAN Region 2 Region 3 GETTING ADVANCED… • Need to simplify network • Need ease of use • Need operational savings
AZURE VIRTUAL WAN Region 2 Region 1 Region 3 Datacenter Point-to-site VPN ExpressRoute VNet VNet VNet Corp HQ Branch Branch Branch Branch VNet  ExpressRoute Integration  Point to site VPN Integration  Path selection from branch GA PREVIEW  Hub/Any-to-any connectivity  Azure Firewall integration Managed Hub-and-Spoke Architecture  Public (VPN) and Private (ExpressRoute) Connectivity Global Scale  20 Gbps S2S VPN + 20 Gbps ER + 20 Gbps User VPN (P2S)  10K Users per hub  1000 sites per hub Transit Routing
Region 1 Private WAN Region 2 Region 3  Simplified network  Ease of use  Operational savings Region 1 Region 2 Region 3 Global Transit Architecture with Azure Virtual WAN  Branch to Azure  Branch to Branch  VNet to VNet  VPN<->ER  Full mesh hubs Any-to-any connectivity  User VPN<->Site
AZURE VIRTUAL WAN DEMO
CUSTOMER X SCENARIO Challenges  Scale issues  Routing complexity  Costs  4 Regions  8 VNETs  15 VNET Peering  1 ExpressRoute  4 VPN Gateway
CUSTOMER TOPOLOGY WITH VIRTUAL
PROTECT APPLICATIONS
PROTECTION SERVICES ENABLING ZERO TRUST Azure FirewallDDoS protection Web Application Firewall Network Security Groups VNET Integration Application protection Segmentation
AZURE FIREWALL Central governance of all traffic flows  Built-in high availability and auto scale  Network and application traffic filtering  Centralized policy across VNets and subscriptions Complete VNET protection  Filter Outbound, Inbound, Spoke-Spoke & Hybrid Connections traffic (VPN and ExpressRoute) Centralized logging  Archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics or Security Integration and Event Management (SIEM) system of choice Best for Azure  DevOps integration, FQDN Tags, Service Tags, Integration with ASE, Backup and other Azure services CLOUD NATIVE STATEFUL FIREWALL AS A SERVICE Spoke VNets On-Premises
AZURE FIREWALL MANAGER CENTRAL NETWORK SECURITY POLICY AND ROUTE MANAGEMENT FOR GLOBALLY DISTRIBUTED, SOFTWARE-DEFINED PERIMETERS  Deploy and configure multiple Azure Firewall instances  Optimized for DevOps with Hierarchical policies  Easily attract traffic to your secured hub for filtering and logging using central routing config.  Use best-in-breed third party Security as a Service (SECaaS) partners for advanced internet security  Combine with Azure Firewall for private traffic PREVIEW 3rd party SecSaaS 3rd party Sec SaaS ROADMAP  Support Azure Firewall in a Virtual Network  Optimized O365 and Azure public PaaS access
 A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager  Easily create hub-and-spoke architectures with cloud native security services for traffic governance and protection  Azure Firewall now integrated with Virtual WAN Hubs  Secured virtual hub can be used as a managed central virtual network with no on- prem connectivity SECURED VIRTUAL HUBS EXTEND YOUR SECURITY EDGE TO AZURE WITH SECURED VIRTUAL HUBS On-premises VNet Azure Firewall VNet HQ/Branch Datacenter vWAN ER/VPN Direct Internet Breakout for O365 Secure Internet access via Azure, based on IPs/FQDNs/Tags PaaS User-aware Internet access via 3rd Party Azure Firewall Manager Secured Virtual Hub - Region n Secured vHub InternetPREVIEW
CENTRAL SECURITY AND ROUTE POLICY MANAGEMENT Azure Firewall Manager Global Admin Prod Hub: Global Policy Staging hub: Global Policy Dev Hub: Global Policy + Local Policy  Deploy and configure multiple Azure Firewall instances  Span different Azure regions and subscriptions from a single pane of glass  DevOps optimized hierarchical Azure Firewall policies  Global firewall policies authored by Central IT with local derived firewall policies for DevOps self-service for better agility  Centralized routing configuration  Easily attract traffic to your secured virtual hub for filtering and logging without manipulating User Defined Routes Secured vHub VNet Secured vHub VNet Secured vHub VNet Local Admin
AZURE FIREWALL MANAGER
AZURE BASTION SECURE AND SEAMLESS RDP AND SSH ACCESS TO YOUR VIRTUAL MACHINES USING ZERO TRUST GA  RDP/SSH to your workload using HTML5 standards-based web-browser, directly in Azure Portal  Resources can be accessed without public IP addresses  Supported Azure resources include VMs, VM Scale Sets, Dev-Test Labs  No agent required Azure Portal Remote Protocol (RDP, SSH, et al) SSL 443, Internet AzureBastionSubnet Port: 3389/22 “AzureBastionSubnet” Target VM Subnet(s) Private IP Azure VM Azure VM Azure VM Customer’s Virtual Network SSL Azure Bastion
CLOUD SCALE DDOS PROTECTION FOR AZURE AZURE DDOS PROTECTION STANDARD Azure Spoke VNET Central VNET Azure Firewall Spoke VNET Azure WAF Azure DDoS Public Internet Inbound Inbound / Outbound Internet Public IP 1 Public IP 2 DDoS Protection Standard Adaptive Tuning Engine Web Application 1 Web Application 2 Azure global network 1 2 Adaptive tuning 3 Attack analytics and metrics 4 DDoS Rapid Response (DRR) 5 SLA guarantee and cost protection
PROTECTION SERVICES ENABLING ZERO TRUST Centralized outbound and inbound (non-HTTP/S) network and application (L3-L7) filtering Distributed inbound & outbound network (L3-L4) traffic filtering on VM, Container or subnet Restrict access to Azure service resources (PaaS) to only your Virtual Network Centralized inbound web application protection from common exploits and vulnerabilities AZURE FIREWALL DDOS PROTECTION WEB APPLICATION FIREWALL NETWORK SECURITY GROUPS VNET INTEGRATION DDOS protection tuned to your application traffic patterns Prevent SQL injection, stop cross site scripting and an array of other types of attacks using cloud native approach Better central governance of all traffic flows, full devops integration using cloud native high availability with autoscale Full granular distributed end node control at VM/subnet for all network traffic flows Extend your Virtual Network controls to lock down Azure service resources (PaaS) access SEGMENTATIONAPPLICATION PROTECTION
HOW IT ALL WORKS TOGETHER Azure Hub VNET Public Internet Express RouteVPN Gateway & Virtual WAN On-Premises Data Center, Branch Offices, Mobile Workers Azure Firewall Azure Regional WAF Azure DDoS Inbound Inbound / Outbound Azure Global WAF Private Link PaaS Services IaaS/PaaS Spoke VNET App on IaaSApp on PaaS = Network Service Group + Private Link PRIVATE PaaS IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Public PaaS Services Network Service Group Service Endpoints + PUBLIC PaaS
KEY TAKEAWAYS  Embrace zero trust networking model  Segment your network and create micro-perimeters with Azure Firewall, NSG etc.  Use a defense in depth security strategy with cloud native services  Enable WAF and DDoS for Web/API/Mobile application  Explore Azure as your secured Internet edge with Azure Firewall Manager
GRAZIE!

Empfohlen

Secure SDN
Secure SDNSecure SDN
Secure SDNAPNIC
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
 
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)Cisco Canada
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersWindows Developer
 
Ottawa e-NFV Session
Ottawa e-NFV Session Ottawa e-NFV Session
Ottawa e-NFV Session Cisco Canada
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefLiveAction Next Generation Network Management Software
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 

Empfohlen

Secure SDN
Secure SDNSecure SDN
Secure SDNAPNIC
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
 
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)Cisco Canada
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersWindows Developer
 
Ottawa e-NFV Session
Ottawa e-NFV Session Ottawa e-NFV Session
Ottawa e-NFV Session Cisco Canada
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefLiveAction Next Generation Network Management Software
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Azure vnet connectivity solutions
Azure vnet connectivity solutionsAzure vnet connectivity solutions
Azure vnet connectivity solutionsswapnilrkambli
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Canada
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewallIT Tech
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Hope, fear, and the data center time machine
Hope, fear, and the data center time machineHope, fear, and the data center time machine
Hope, fear, and the data center time machineCisco Canada
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center LandscapeCisco Canada
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkEnterprise Management Associates
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for merakiCisco Canada
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 

Weitere ähnliche Inhalte

Was ist angesagt?

Azure vnet connectivity solutions
Azure vnet connectivity solutionsAzure vnet connectivity solutions
Azure vnet connectivity solutionsswapnilrkambli
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Canada
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewallIT Tech
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Shamal Abeyrathne
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security🏆Ruben Cocheno💭
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Hope, fear, and the data center time machine
Hope, fear, and the data center time machineHope, fear, and the data center time machine
Hope, fear, and the data center time machineCisco Canada
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center LandscapeCisco Canada
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for merakiCisco Canada
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 

Was ist angesagt? (20)

Azure vnet connectivity solutions
Azure vnet connectivity solutionsAzure vnet connectivity solutions
Azure vnet connectivity solutions
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
 
Cisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful TechnologyCisco Meraki - Simplifying Powerful Technology
Cisco Meraki - Simplifying Powerful Technology
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewall
 
Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0Hillstone-Corporate-Overview-EN-V3.0
Hillstone-Corporate-Overview-EN-V3.0
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
 
Hope, fear, and the data center time machine
Hope, fear, and the data center time machineHope, fear, and the data center time machine
Hope, fear, and the data center time machine
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center Landscape
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center Network
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 

Ähnlich wie CCI2019 - Architecting and Implementing Azure Networking

Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesMarius Zaharia
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanCohesive Networks
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
 
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...Amazon Web Services
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Amazon Web Services
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacentersNetSecure Day
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Jorgen Thelin
 

Ähnlich wie CCI2019 - Architecting and Implementing Azure Networking (20)

Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet Topologies
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
Comparison: VNS3 and Openswan
Comparison: VNS3 and OpenswanComparison: VNS3 and Openswan
Comparison: VNS3 and Openswan
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
 
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...
Learn how CBT Nuggets securely connects VPCs in minutes with Juniper Networks...
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
Cisco Cloud Connect Solutions Extend Your Private Network to AWS and Maintain...
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
 
zscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdfzscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdf
 

Mehr von walk2talk srl

CCI 2019 - SQL Injection - Black Hat Vs White Hat
CCI 2019 - SQL Injection - Black Hat Vs White HatCCI 2019 - SQL Injection - Black Hat Vs White Hat
CCI 2019 - SQL Injection - Black Hat Vs White Hatwalk2talk srl
 
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...walk2talk srl
 
CCI 2019 - Come ottimizzare i propri workload su Azure
CCI 2019 - Come ottimizzare i propri workload su AzureCCI 2019 - Come ottimizzare i propri workload su Azure
CCI 2019 - Come ottimizzare i propri workload su Azurewalk2talk srl
 
CCI 2019 - Exchange 2019 da 0 ad HA in 1 ora
CCI 2019 - Exchange 2019 da 0 ad HA in 1 oraCCI 2019 - Exchange 2019 da 0 ad HA in 1 ora
CCI 2019 - Exchange 2019 da 0 ad HA in 1 orawalk2talk srl
 
CCI 2019 - PowerApps for Enterprise Developers
CCI 2019 - PowerApps for Enterprise DevelopersCCI 2019 - PowerApps for Enterprise Developers
CCI 2019 - PowerApps for Enterprise Developerswalk2talk srl
 
CCI 2019 - Architettare componenti in SPFx, esperienze sul campo
CCI 2019 - Architettare componenti in SPFx, esperienze sul campoCCI 2019 - Architettare componenti in SPFx, esperienze sul campo
CCI 2019 - Architettare componenti in SPFx, esperienze sul campowalk2talk srl
 
CCI 2019 - Step by step come attivare un servizio voce in MS Teams
CCI 2019 - Step by step come attivare un servizio voce in MS TeamsCCI 2019 - Step by step come attivare un servizio voce in MS Teams
CCI 2019 - Step by step come attivare un servizio voce in MS Teamswalk2talk srl
 
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0walk2talk srl
 
CCI2019 - I've got the Power! I've got the Shell!
CCI2019 - I've got the Power! I've got the Shell!CCI2019 - I've got the Power! I've got the Shell!
CCI2019 - I've got the Power! I've got the Shell!walk2talk srl
 
CCI2019 - Sistema di controllo del traffico con architettura Big Data
CCI2019 - Sistema di controllo del traffico con architettura Big DataCCI2019 - Sistema di controllo del traffico con architettura Big Data
CCI2019 - Sistema di controllo del traffico con architettura Big Datawalk2talk srl
 
CCI2019 - Governance di una Conversational AI
CCI2019 - Governance di una Conversational AICCI2019 - Governance di una Conversational AI
CCI2019 - Governance di una Conversational AIwalk2talk srl
 
CCI2019 - SQL Server ed Azure: Disaster Recovery per tutti
CCI2019 - SQL Server ed Azure: Disaster Recovery per tuttiCCI2019 - SQL Server ed Azure: Disaster Recovery per tutti
CCI2019 - SQL Server ed Azure: Disaster Recovery per tuttiwalk2talk srl
 
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...walk2talk srl
 
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azure
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and AzureCCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azure
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azurewalk2talk srl
 
CCI2019 - Teams Direct Routing e servizi fonia avanzati
CCI2019 - Teams Direct Routing e servizi fonia avanzatiCCI2019 - Teams Direct Routing e servizi fonia avanzati
CCI2019 - Teams Direct Routing e servizi fonia avanzatiwalk2talk srl
 
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utente
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utenteCCI2019 - Microservizi: Idee per un'architettura con al centro l'utente
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utentewalk2talk srl
 
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Fronte
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal FronteCCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Fronte
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Frontewalk2talk srl
 
CCI2019 - Monitorare SQL Server Senza Andare in Bancarotta
CCI2019 - Monitorare SQL Server Senza Andare in BancarottaCCI2019 - Monitorare SQL Server Senza Andare in Bancarotta
CCI2019 - Monitorare SQL Server Senza Andare in Bancarottawalk2talk srl
 
CCI2019 - Teams e lo Shadow IT
CCI2019 - Teams e lo Shadow ITCCI2019 - Teams e lo Shadow IT
CCI2019 - Teams e lo Shadow ITwalk2talk srl
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoftwalk2talk srl
 

Mehr von walk2talk srl (20)

CCI 2019 - SQL Injection - Black Hat Vs White Hat
CCI 2019 - SQL Injection - Black Hat Vs White HatCCI 2019 - SQL Injection - Black Hat Vs White Hat
CCI 2019 - SQL Injection - Black Hat Vs White Hat
 
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...
CCI 2019 - Exploiting Custom Vision SDK in Python to create an efficient imag...
 
CCI 2019 - Come ottimizzare i propri workload su Azure
CCI 2019 - Come ottimizzare i propri workload su AzureCCI 2019 - Come ottimizzare i propri workload su Azure
CCI 2019 - Come ottimizzare i propri workload su Azure
 
CCI 2019 - Exchange 2019 da 0 ad HA in 1 ora
CCI 2019 - Exchange 2019 da 0 ad HA in 1 oraCCI 2019 - Exchange 2019 da 0 ad HA in 1 ora
CCI 2019 - Exchange 2019 da 0 ad HA in 1 ora
 
CCI 2019 - PowerApps for Enterprise Developers
CCI 2019 - PowerApps for Enterprise DevelopersCCI 2019 - PowerApps for Enterprise Developers
CCI 2019 - PowerApps for Enterprise Developers
 
CCI 2019 - Architettare componenti in SPFx, esperienze sul campo
CCI 2019 - Architettare componenti in SPFx, esperienze sul campoCCI 2019 - Architettare componenti in SPFx, esperienze sul campo
CCI 2019 - Architettare componenti in SPFx, esperienze sul campo
 
CCI 2019 - Step by step come attivare un servizio voce in MS Teams
CCI 2019 - Step by step come attivare un servizio voce in MS TeamsCCI 2019 - Step by step come attivare un servizio voce in MS Teams
CCI 2019 - Step by step come attivare un servizio voce in MS Teams
 
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0
CCI 2019 - Strumenti Azure per l'Anomaly Detection in ambito Industria 4.0
 
CCI2019 - I've got the Power! I've got the Shell!
CCI2019 - I've got the Power! I've got the Shell!CCI2019 - I've got the Power! I've got the Shell!
CCI2019 - I've got the Power! I've got the Shell!
 
CCI2019 - Sistema di controllo del traffico con architettura Big Data
CCI2019 - Sistema di controllo del traffico con architettura Big DataCCI2019 - Sistema di controllo del traffico con architettura Big Data
CCI2019 - Sistema di controllo del traffico con architettura Big Data
 
CCI2019 - Governance di una Conversational AI
CCI2019 - Governance di una Conversational AICCI2019 - Governance di una Conversational AI
CCI2019 - Governance di una Conversational AI
 
CCI2019 - SQL Server ed Azure: Disaster Recovery per tutti
CCI2019 - SQL Server ed Azure: Disaster Recovery per tuttiCCI2019 - SQL Server ed Azure: Disaster Recovery per tutti
CCI2019 - SQL Server ed Azure: Disaster Recovery per tutti
 
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...
CCI2019 - Reagire agli eventi generati dalla propria infrastruttura con Azure...
 
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azure
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and AzureCCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azure
CCI2019 - What's new in Remote Desktop Services on Windows Server 2019 and Azure
 
CCI2019 - Teams Direct Routing e servizi fonia avanzati
CCI2019 - Teams Direct Routing e servizi fonia avanzatiCCI2019 - Teams Direct Routing e servizi fonia avanzati
CCI2019 - Teams Direct Routing e servizi fonia avanzati
 
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utente
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utenteCCI2019 - Microservizi: Idee per un'architettura con al centro l'utente
CCI2019 - Microservizi: Idee per un'architettura con al centro l'utente
 
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Fronte
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal FronteCCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Fronte
CCI2019i - Implementare Azure Multi-Factor Authentication Lettere dal Fronte
 
CCI2019 - Monitorare SQL Server Senza Andare in Bancarotta
CCI2019 - Monitorare SQL Server Senza Andare in BancarottaCCI2019 - Monitorare SQL Server Senza Andare in Bancarotta
CCI2019 - Monitorare SQL Server Senza Andare in Bancarotta
 
CCI2019 - Teams e lo Shadow IT
CCI2019 - Teams e lo Shadow ITCCI2019 - Teams e lo Shadow IT
CCI2019 - Teams e lo Shadow IT
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

CCI2019 - Architecting and Implementing Azure Networking

  • 3. ARCHITECTING AND IMPLEMENTING AZURE NETWORKING Francesco Molfese
  • 4. WHO AM I? Francesco Molfese Senior Consultant presso Progel Spa, Microsoft MVP Cloud and Datacenter Management Francesco Molfese francesco.molfese@progel.it Linkedin: francescomolfese Twitter: @FrancescoMolf Microsoft MVP, MCT
  • 5. ZERO TRUST ARCHITECTURE Devices Security Policy Enforcement Identities Visibility and Analytics Automation Data Apps Infrastructure Network 1 2 3
  • 6. ZERO TRUST NETWORKING MATURITY MODEL Security Enforcement ty and Analytics utomation Data Apps Infrastructure Network Network
  • 7. Segment Prevent lateral movement and data exfiltration Protect Secure network with threat intelligence Deploy securely across DevOps process AZURE NETWORK SECURITY Connect Embrace distributed connectivity
  • 8. ACHIEVING ZERO TRUST WITH AZURE NETWORKING Cloud-Native Network Security Services Networking Partner Solutions Defense-in-Depth + Software Defined Network (SDN) Virtual Networks Network Security Groups User Defined Routes Load Balancer Azure Firewall Azure DDoS Protection Azure Web Application Firewall Azure PrivateLink
  • 10. NETWORK SEGMENTATION Web Application Firewall Virtual Network Network Security Group Azure FirewallSubscription
  • 11. NETWORK AND APPLICATION SECURITY GROUPS Network Security Groups  Protects your workloads with distributed ACLs  Simplified configuration with augmented security rules  Enforced at every host, applied on multiple subnets Application Security Groups  Micro-segmentation for dynamic workloads  Named monikers for groups of VMs  Removes management of IP addresses Service Tags  Named monikers for Azure service IPs  Many Services tagged including AzureCloud Logging and troubleshooting  NSG flow logs for traffic monitoring  Integrated with Network Watcher  JIT access policies with Azure Security Center
  • 12. Monitoring VMs App Servers Database Servers Log Servers Web Servers Domain Servers Quarantine VMs Domain Clients Network Security Group (NSG) Action Name Source Destination Port Deny QurantineVMs Any QurantineVMs Any Allow AllowInternetToWebServers Internet WebServers 80,443(HTTP) Allow AllowWebToApp WebServers AppServers 443 (HTTPS) Allow AllowAppToDb AppServers DatabaseServers 1443 (MSSQL) Allow AllowAppToLogServers AppServers LogServers 8089 Allow AllowOnPrem 10.10.0.0/16 192.168.10.0/24 MonitoingVMs 80 (HTTP) Deny DenyAllInbound Any Any Any NETWORK SECURITY FOR YOUR VNET TRAFFIC
  • 13. AZURE PRIVATE LINK HIGHLY SECURE AND PRIVATE CONNECTIVITY SOLUTION FOR AZURE PLATFORM Private endpoint Storage 10.0.0.5 SQL DWSQL Private Link Service Deny Internet Deny Internet ER Gateway On-premises Private Link Customer owned services Azure PaaS services Marketplace services Virtual Network (10.0.0.0/16) ER Private Peering Private access from Virtual Network resources, peered networks and on-premise networks In-built Data Exfiltration Protection Predictable private IP addresses for PaaS resources Unified experience across PaaS, Customer Owned and marketplace Services
  • 15. HYBRID CONNECTIVITY OPTIONS Secure site-to-site VPN connectivity • Connect to Azure compute from on-premises or another Azure region Secure point-to-site connectivity • POC Efforts • Small scale deployments • Connect from anywhere ExpressRoute connectivity • Connectivity from your on- premises data center to Azure virtual networks and PaaS Services VNet Peering • VNet-to-VNet connectivity • Direct VM-to-VM connectivity • Peer VNets for routing and transit
  • 16. SKUs Aggregate throughput P2S connections IKEv1/v2 VpnGw1 650 Mbps 250 IKEv1+IKEv2 VpnGw2 1 Gbps 500 IKEv1+IKEv2 VpnGw3 2.5 Gbps 1000 IKEv1+IKEv2 VpnGw4 5 Gbps 5,000 IKEv1+IKEv2 VpnGw5 10 Gbps 10,000 IKEv1+IKEv2 VPN PREVIEW PREVIEW P2S AAD auth + MFA Azure VPN Client (Windows App)  OpenVPN protocol  Native AAD authentication with MFA  Client-side Diagnostics, Logs, & Metrics S2S High throughput VPN – 10Gbps  New Azure VPN gateways – VpnGw3/4/5  Up to 10 Gbps aggregate  Up to 10,000 P2S connections IKEv1 + IKEv2 on VpnGw1-5  IKEv1 on new VpnGw SKUs (1 ~ 5)  Multiple IKEv1 S2S tunnels  IKEv1 and IKEv2 on the same VPN gateway VPN gateway packet capture  With 5-tuple packet filter  ETW or PCAP formats Custom IKE traffic selectors PREVIEW GA GA COMING SOON
  • 17. AZURE VPN CLIENT Supports • OpenVPN protocol • Native Azure Active Directory authentication • Conditional access through Azure AD • Multi-factor authentication • Diagnostic Tool • Logs • Metrics (Preview)
  • 18. HUB & SPOKE ARCHITECTURE
  • 19. HUB-SPOKE BENEFITS  Cost savings by centralizing services that can be shared by multiple workloads, such as network virtual appliances (NVAs) and DNS servers, in a single location.  Overcome subscriptions limits by peering VNets from different subscriptions to the central hub.  Separation of concerns between central IT (SecOps, InfraOps) and workloads (DevOps).
  • 20. Region 1 Private WAN THE BEGINNING….  Branch Office  HQ/Bigger Office  Users  Private WAN  Shared Services
  • 21. Region 1 Private WAN Region 2 Region 3  More…Branch Office  More…HQ/Bigger Office  More….Users  Private WAN  Shared Services MORE………..
  • 22. Region 1 Private WAN Region 2 Region 3 GETTING ADVANCED…
  • 23. Region 1 Private WAN Region 2 Region 3 GETTING ADVANCED… • Need to simplify network • Need ease of use • Need operational savings
  • 24. AZURE VIRTUAL WAN Region 2 Region 1 Region 3 Datacenter Point-to-site VPN ExpressRoute VNet VNet VNet Corp HQ Branch Branch Branch Branch VNet  ExpressRoute Integration  Point to site VPN Integration  Path selection from branch GA PREVIEW  Hub/Any-to-any connectivity  Azure Firewall integration Managed Hub-and-Spoke Architecture  Public (VPN) and Private (ExpressRoute) Connectivity Global Scale  20 Gbps S2S VPN + 20 Gbps ER + 20 Gbps User VPN (P2S)  10K Users per hub  1000 sites per hub Transit Routing
  • 25. Region 1 Private WAN Region 2 Region 3  Simplified network  Ease of use  Operational savings Region 1 Region 2 Region 3 Global Transit Architecture with Azure Virtual WAN  Branch to Azure  Branch to Branch  VNet to VNet  VPN<->ER  Full mesh hubs Any-to-any connectivity  User VPN<->Site
  • 27. CUSTOMER X SCENARIO Challenges  Scale issues  Routing complexity  Costs  4 Regions  8 VNETs  15 VNET Peering  1 ExpressRoute  4 VPN Gateway
  • 30. PROTECTION SERVICES ENABLING ZERO TRUST Azure FirewallDDoS protection Web Application Firewall Network Security Groups VNET Integration Application protection Segmentation
  • 31. AZURE FIREWALL Central governance of all traffic flows  Built-in high availability and auto scale  Network and application traffic filtering  Centralized policy across VNets and subscriptions Complete VNET protection  Filter Outbound, Inbound, Spoke-Spoke & Hybrid Connections traffic (VPN and ExpressRoute) Centralized logging  Archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics or Security Integration and Event Management (SIEM) system of choice Best for Azure  DevOps integration, FQDN Tags, Service Tags, Integration with ASE, Backup and other Azure services CLOUD NATIVE STATEFUL FIREWALL AS A SERVICE Spoke VNets On-Premises
  • 32. AZURE FIREWALL MANAGER CENTRAL NETWORK SECURITY POLICY AND ROUTE MANAGEMENT FOR GLOBALLY DISTRIBUTED, SOFTWARE-DEFINED PERIMETERS  Deploy and configure multiple Azure Firewall instances  Optimized for DevOps with Hierarchical policies  Easily attract traffic to your secured hub for filtering and logging using central routing config.  Use best-in-breed third party Security as a Service (SECaaS) partners for advanced internet security  Combine with Azure Firewall for private traffic PREVIEW 3rd party SecSaaS 3rd party Sec SaaS ROADMAP  Support Azure Firewall in a Virtual Network  Optimized O365 and Azure public PaaS access
  • 33.  A secured virtual hub is an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager  Easily create hub-and-spoke architectures with cloud native security services for traffic governance and protection  Azure Firewall now integrated with Virtual WAN Hubs  Secured virtual hub can be used as a managed central virtual network with no on- prem connectivity SECURED VIRTUAL HUBS EXTEND YOUR SECURITY EDGE TO AZURE WITH SECURED VIRTUAL HUBS On-premises VNet Azure Firewall VNet HQ/Branch Datacenter vWAN ER/VPN Direct Internet Breakout for O365 Secure Internet access via Azure, based on IPs/FQDNs/Tags PaaS User-aware Internet access via 3rd Party Azure Firewall Manager Secured Virtual Hub - Region n Secured vHub InternetPREVIEW
  • 34. CENTRAL SECURITY AND ROUTE POLICY MANAGEMENT Azure Firewall Manager Global Admin Prod Hub: Global Policy Staging hub: Global Policy Dev Hub: Global Policy + Local Policy  Deploy and configure multiple Azure Firewall instances  Span different Azure regions and subscriptions from a single pane of glass  DevOps optimized hierarchical Azure Firewall policies  Global firewall policies authored by Central IT with local derived firewall policies for DevOps self-service for better agility  Centralized routing configuration  Easily attract traffic to your secured virtual hub for filtering and logging without manipulating User Defined Routes Secured vHub VNet Secured vHub VNet Secured vHub VNet Local Admin
  • 36. AZURE BASTION SECURE AND SEAMLESS RDP AND SSH ACCESS TO YOUR VIRTUAL MACHINES USING ZERO TRUST GA  RDP/SSH to your workload using HTML5 standards-based web-browser, directly in Azure Portal  Resources can be accessed without public IP addresses  Supported Azure resources include VMs, VM Scale Sets, Dev-Test Labs  No agent required Azure Portal Remote Protocol (RDP, SSH, et al) SSL 443, Internet AzureBastionSubnet Port: 3389/22 “AzureBastionSubnet” Target VM Subnet(s) Private IP Azure VM Azure VM Azure VM Customer’s Virtual Network SSL Azure Bastion
  • 37. CLOUD SCALE DDOS PROTECTION FOR AZURE AZURE DDOS PROTECTION STANDARD Azure Spoke VNET Central VNET Azure Firewall Spoke VNET Azure WAF Azure DDoS Public Internet Inbound Inbound / Outbound Internet Public IP 1 Public IP 2 DDoS Protection Standard Adaptive Tuning Engine Web Application 1 Web Application 2 Azure global network 1 2 Adaptive tuning 3 Attack analytics and metrics 4 DDoS Rapid Response (DRR) 5 SLA guarantee and cost protection
  • 38. PROTECTION SERVICES ENABLING ZERO TRUST Centralized outbound and inbound (non-HTTP/S) network and application (L3-L7) filtering Distributed inbound & outbound network (L3-L4) traffic filtering on VM, Container or subnet Restrict access to Azure service resources (PaaS) to only your Virtual Network Centralized inbound web application protection from common exploits and vulnerabilities AZURE FIREWALL DDOS PROTECTION WEB APPLICATION FIREWALL NETWORK SECURITY GROUPS VNET INTEGRATION DDOS protection tuned to your application traffic patterns Prevent SQL injection, stop cross site scripting and an array of other types of attacks using cloud native approach Better central governance of all traffic flows, full devops integration using cloud native high availability with autoscale Full granular distributed end node control at VM/subnet for all network traffic flows Extend your Virtual Network controls to lock down Azure service resources (PaaS) access SEGMENTATIONAPPLICATION PROTECTION
  • 39. HOW IT ALL WORKS TOGETHER Azure Hub VNET Public Internet Express RouteVPN Gateway & Virtual WAN On-Premises Data Center, Branch Offices, Mobile Workers Azure Firewall Azure Regional WAF Azure DDoS Inbound Inbound / Outbound Azure Global WAF Private Link PaaS Services IaaS/PaaS Spoke VNET App on IaaSApp on PaaS = Network Service Group + Private Link PRIVATE PaaS IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Public PaaS Services Network Service Group Service Endpoints + PUBLIC PaaS
  • 40. KEY TAKEAWAYS  Embrace zero trust networking model  Segment your network and create micro-perimeters with Azure Firewall, NSG etc.  Use a defense in depth security strategy with cloud native services  Enable WAF and DDoS for Web/API/Mobile application  Explore Azure as your secured Internet edge with Azure Firewall Manager