Azure Fundamental – Azure Networking Services

We will discuss Azure Networking Services, Azure Network Connectivity Services, Application Protecting Services, Application Delivery Services, Network Monitoring Services, and the benefits of Azure Networking Services.

1. What are Azure Networking Services?

Azure Networking Services are a suite of features that enable organizations to build, deploy, and manage networks. These services provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch-to-branch connectivity in Azure. It also enables you to access, connect, protect, deliver, and monitor applications in the Azure network.

Azure networking services encompass more than two dozen services with networking capabilities that can be used together or separately. Deliver exceptional user experiences to your global customer base in a cloud-first, mobile-first world. It works seamlessly across on-premises, multi-cloud, and edge locations to connect and protect your hybrid environment.

The networking services in Azure provide various networking capabilities that can be used together or separately are mentioned below:

  • Azure Network Connectivity services
  • Application protection services
  • Application delivery services
  • Network monitoring

2. Azure Network Connectivity Services

Azure Connectivity Services provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch-to-branch connectivity in Azure – Virtual Network (VNet), ExpressRoute, VPN Gateway, Virtual WAN, NAT Gateway, Azure DNS, Peering service, Route Server, and Azure Bastion.

2.1 Virtual network (VNet)

Azure Virtual Network (VNet) enables Azure resources to communicate with each other, the internet and on-premises networks.

  • Communicate between Azure resources: Virtual Machines and several other types of Azure resources can be deployed to a virtual network, such as Azure App Service Environments, Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale.
  • Communicate with each other: Virtual Networks can be connected in the same, or different, Azure regions, enabling resources in either virtual network to communicate with each other, using virtual network peering or Azure Virtual Network Manager.
  • Communicate to the Internet:  All resources in a VNet can communicate outbound to the Internet, by default. Public IP addresses or Public Load Balancers can be used to manage your outbound connections by assigning a public IP address or a load balancer.
  • Communicate with on-premises networks: On-premises computers and networks can be connected to a virtual network using VPN Gateway or ExpressRoute.
  • Encrypt traffic between resources: Virtual network encryption is used to encrypt traffic between resources in a virtual network.

2.2 Azure Virtual Network Manager

Azure Virtual Network Manager is a management service that enables to group, configure, deploy, and manage virtual networks globally across subscriptions.

With Virtual Network Manager, network groups can be defined to identify and logically segment the virtual networks, then determine the connectivity and security configurations across all the selected virtual networks in network groups at once.

Azure Networking Services-Azure Virtual Network Manager

2.3 ExpressRoute

ExpressRoute enables to the extension of the on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. This connection is private. Traffic doesn’t go over the internet.

With ExpressRoute, connections can be established to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.

Azure Networking Services-ExpressRoute

2.4 VPN Gateway

VPN Gateway helps to create encrypted cross-premises connections to the virtual network from on-premises locations or create encrypted connections between VNets. It sends encrypted traffic between an Azure virtual network and an on-premises location over the public internet. There are different configurations available for VPN Gateway connections.

Some of the main features include:

  • Site-to-site VPN connectivity: A Site-to-site VPN connectivity is a connection between two or more networks, such as a corporate network and a branch office network. It helps to interconnect two different virtual machines based on Private IP Addresses.
  • Point-to-site VPN connectivity: Point-to-site VPN connectivity helps to create a secure connection to the virtual network from an individual client computer. Point-to-site connections do not require a VPN device or a public-facing IP address. It sued OpenVPN and SSTP protocols.
  • VNet-to-VNet VPN connectivity: VNet-to-VNet connectivity utilizes the Azure VPN gateways to connect two or more virtual networks securely with IPsec/IKE S2S VPN tunnels. The virtual networks can be in the same or different regions, and from the same or different subscriptions.
Azure Networking Services-VPNGateway

2.5 Virtual WAN

Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. Connectivity to Azure VNets is established by using virtual network connections.

Some of the main features include:

  • Branch connectivity
  • Site-to-site VPN connectivity
  • Remote user VPN connectivity
  • Private connectivity
Azure Networking Services-VirtualWAN

2.6 Azure DNS

Azure DNS provides DNS hosting and resolution using the Microsoft Azure infrastructure.

Azure DNS consists of three services:

  • Azure Public DNS is a hosting service for DNS domains. By hosting domains in Azure, DNS records can be managed by using the same credentials, APIs, tools, and billing.
  • Azure Private DNS is a DNS service for virtual networks. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution.
  • Azure DNS Private Resolver is a service that enables to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers.

2.7 Azure Bastion

Azure Bastion is a service that can be deployed to connect to a virtual machine using a browser and the Azure portal, or via the native SSH or RDP client already installed on the local computer.

It provides secure and seamless RDP/SSH connectivity to the virtual machines directly from the Azure portal over TLS.

Azure Networking Services-Azure Bastion

2.8 NAT Gateway

Virtual Network NAT(Network Address Translation) simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses the specified static public IP addresses.

Azure Networking Services-NAT Gateway

3. Application Protection Services

Application Protection Services help protect applications using any of these networking services in Azure: DDoS protection, Private link, Azure Firewall, Network Security Groups, and Virtual Network Service Endpoints.

3.1 DDoS Protection

DDoS Protection is a security solution that detects and defends against denial-of-service threats and provides countermeasures against the most sophisticated DDoS threats.

Azure DDoS Protection consists of two tiers: DDoS Network Protection, provides enhanced DDoS mitigation features to defend against DDoS attacks. DDoS IP Protection, is a pay-per-protected IP model.

Azure Networking Services-DDoS Protection

Azure Private Link enables to access Azure PaaS Services and Azure-hosted customer-owned/partner services over a private endpoint in the virtual network. Traffic between the virtual network and the service travels through the Microsoft backbone network, which helps to stop exposing service to the public internet. Own private link service can be created in the virtual network and delivered to the customers.

Azure Networking Services-Azure private Link

3.3 Azure Firewall

Azure Firewall is a cloud-based network security service that protects the Azure Virtual Network resources. Using Azure Firewall, application, and network connectivity policies can be centrally created, enforced, and logged across subscriptions and virtual networks.

Azure Firewall uses a static public IP address for the virtual network resources allowing outside firewalls to identify traffic originating from the virtual network.

Azure Networking Services-Azure Firewall

3.4 Network Security Groups

Azure Network Security Group can filter network traffic between Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

3.5 Virtual Network Service Endpoints

Virtual Network (VNet) Service Endpoints extend the virtual network private address space and the identity of the VNet to the Azure services, over a direct connection. Endpoints allow to secure the critical Azure service resources to only virtual networks.

Azure Networking Services-Service endpoints

4. Application Delivery Services

Application Delivery Services help deliver applications – Content Delivery Network, Azure Front Door Service, Traffic Manager, Load Balancer, and Application Gateway.

4.1 Azure Front Door

Azure Front Door enables to define, manage, and monitor the global routing for the web traffic by optimizing for best performance and instant global failover for high availability.

Azure Networking Services-Azure Front Door

4.2 Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer that enables to distribution of traffic optimally to services across global Azure regions while providing high availability and responsiveness.

Traffic Manager provides a range of traffic-routing methods to distribute traffic such as priority, weighted, performance, geographic, multi-value, or subnet.

Azure Networking Services-Traffic Manager

4.3 Load Balancer

Azure Load Balancer provides high-performance, low-latency Layer 4 load-balancing for all UDP and TCP protocols, and manages inbound and outbound connections.

Azure Load Balancer is available in Standard, Regional, and Gateway SKUs.

Azure Networking Services-Load Balancer

4.4 Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage web application traffic.

Azure Networking Services-Application Gateway

5. Network Monitoring Services

Network Monitoring Services help monitor network resources – Azure Network Watcher, Azure Monitor Network Insights, Azure Monitor, and ExpressRoute Monitor.

5.1 Azure Network Watcher

Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.

5.2 Azure Monitor

Azure Monitor maximizes the availability and performance of the applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from the cloud and on-premises environments.

5.3 Network Insights

Azure Monitor for Network Insights provides a comprehensive view of health and metrics for all deployed network resources, without requiring any configuration.

6. Benefits of Azure Networking Services

  • Application’s Isolated environment
  • Easily direct traffic from resources
  • Highly secure network
  • High network connectivity
  • The firewall protects the virtual machine by limiting network traffic

FAQs

What are Azure Networking Services?

Azure Networking Services are a suite of features that enable organizations to build, deploy, and manage networks. These services provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch-to-branch connectivity in Azure. It also enables you to access, connect, protect, deliver, and monitor applications in the Azure network.

What are Azure Network Connectivity Services?

Azure Connectivity Services provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch-to-branch connectivity in Azure – Virtual Network (VNet), ExpressRoute, VPN Gateway, Virtual WAN, NAT Gateway, Azure DNS, Peering service, Route Server, and Azure Bastion.

What are Application Protection Services?

Application Protection Services help protect applications using any of these networking services in Azure: DDoS protection, Private link, Azure Firewall, Network Security Groups, and Virtual Network Service Endpoints.

Scroll to Top