Azure Networking (part 2)

By Ashwin Venugopal -

 



To read part 1 please click here


Traffic Manager

A DNA-based traffic load balancer Azure Traffic Manager enables you to distribute the traffic in the most favorable way to the services across global Azure regions, while readily offering high availability and responsiveness. It provides a vast range of traffic-routing methods and endpoint monitoring options that suits different application needs as well as automatic failover models which makes it resilient to any kind of failure, including the failure of an entire Azure region. 

Routing

Azure implements a default routing configuration granting basic connectivity, ability to reach the internet and to communicate with the other resources on the same or directly connected virtual; networks. This default configuration can be modified in the following ways:
  1. Creating user-defined routes, which are known as the route tables with one or more rules altering the default routing behavior as well as associate them with virtual network subnets, while also allowing you to affect routing behavior between subnets in the same virtual network, connected virtual networks, on-premises networks as well as Azure virtual networks in hybrid scenarios, and on traffic from virtual network subnets to the internet.
  2. Configuring Border Gateway Protocol (BGP) routing, facilitates dynamic route exchange between on-premises networks and Azure virtual networks in hybrid scenarios permitting you to affect routing behavior between on-premises networks and Azure virtual networks in hybrid scenarios as well as traffic from virtual network subnets to the internet.    

Virtual Network Connectivity

A direct connectivity can be readily established to an Azure virtual network from a physical computer or virtual machine not hosted in Azure by using any one of the following methods:
  • A point-to-site VPN, connecting individual computers to an Azure virtual network via a Secure Socket Terminal Protocol (SSTP) tunnel or OpenVPN over the internet.

  • A site-to-site VPN, connecting an on-premises network to an Azure virtual network via an IPsec tunnel over the internet.

  • Azure ExpressRoute, connecting an on-premises network via a private connection providing more predictable performance, with higher bandwidth and lower latency than VPN connections. It can also be considered while implementing an Azure region as disaster recovery site or as the backup destination for on-premises systems.

  • Azure virtual WAN, offering optimized and automated branch-to-branch connectivity through Azure. It allows you to connect and configure branch devices to communicate with Azure that can either be performed manually by the customers or streamlined by using preferred provider devices through a virtual WAN partner allowing ease of use, simplification connectivity, and configuration management. 

Azure Front Door

This service enables you to define, manage, and monitor the global routing for your web traffic by optimizing for performance and global failover for high availability. Your routing method selection in the configuration helps to determine the Front Door routing of your client's request to the fastest and the most available application backend.

Front Door provides a wide range of traffic-routing methods and backend health monitoring options to match the different application needs as well as automatic failover models. Similar to Traffic Manager, Front Door is also resilient to any kind of failures, including the failure of an entire Azure region.

DDOS

There are two DDOS service offerings in Azure that offers protection from network attacks:
  • DDOS Protection Basic- Basic protection is integrated into the Azure by default at no additional cost. DDOS protection basically requires no user configuration or application changes and helps in protecting all the Azure services, including PaaS services. Its initial service is centered at the protection of the infrastructure as well as the Azure platform while also mitigating the traffic when it exceeds the rate that is so significant that it might affect multiple customers in a multitenant environment. It doesn't offer alerting or per-customer customized policies. 

  • DDOS Protection Standard- Standard protection offers enhanced DDOS mitigation features and it is automatically tuned to help protect your Azure resources in a virtual network. The protection simply enables any new or existing virtual network, as well as requires no application or resource changes. It has several advantages over the basic service including logging, alerting and telemetry. 

 Virtual Datacenter

The Virtual Datacenter (VDC) is a concept whose primary purpose is to facilitate design and implementation of enterprise workloads by providing a set of recommendations as well as the best practices for implementing a collection of separate but related entities with common supporting functions, features, and infrastructure. 

The advantages of VDC can be unlocked by a centralized hub and spoke network topology with a mix of Azure services and features:

  • Azure Virtual Network
  • Network security groups
  • Virtual network peering
  • User-defined routes
  • Azure identity with Role-Based Access Control (RBAC)
  • Azure DNS
  • Azure Firewall
  • Azure Front Door
  • Azure Virtual WAN


To read part 1 please click here



















Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more