Azure Networking (part 2)
Traffic Manager
A DNA-based traffic load balancer Azure Traffic Manager enables you to distribute the traffic in the most favorable way to the services across global Azure regions, while readily offering high availability and responsiveness. It provides a vast range of traffic-routing methods and endpoint monitoring options that suits different application needs as well as automatic failover models which makes it resilient to any kind of failure, including the failure of an entire Azure region.
Routing
Azure implements a default routing configuration granting basic connectivity, ability to reach the internet and to communicate with the other resources on the same or directly connected virtual; networks. This default configuration can be modified in the following ways:
- Creating user-defined routes, which are known as the route tables with one or more rules altering the default routing behavior as well as associate them with virtual network subnets, while also allowing you to affect routing behavior between subnets in the same virtual network, connected virtual networks, on-premises networks as well as Azure virtual networks in hybrid scenarios, and on traffic from virtual network subnets to the internet.
- Configuring Border Gateway Protocol (BGP) routing, facilitates dynamic route exchange between on-premises networks and Azure virtual networks in hybrid scenarios permitting you to affect routing behavior between on-premises networks and Azure virtual networks in hybrid scenarios as well as traffic from virtual network subnets to the internet.
Virtual Network Connectivity
A direct connectivity can be readily established to an Azure virtual network from a physical computer or virtual machine not hosted in Azure by using any one of the following methods:
- A point-to-site VPN, connecting individual computers to an Azure virtual network via a Secure Socket Terminal Protocol (SSTP) tunnel or OpenVPN over the internet.
- A site-to-site VPN, connecting an on-premises network to an Azure virtual network via an IPsec tunnel over the internet.
- Azure ExpressRoute, connecting an on-premises network via a private connection providing more predictable performance, with higher bandwidth and lower latency than VPN connections. It can also be considered while implementing an Azure region as disaster recovery site or as the backup destination for on-premises systems.
- Azure virtual WAN, offering optimized and automated branch-to-branch connectivity through Azure. It allows you to connect and configure branch devices to communicate with Azure that can either be performed manually by the customers or streamlined by using preferred provider devices through a virtual WAN partner allowing ease of use, simplification connectivity, and configuration management.
Azure Front Door
This service enables you to define, manage, and monitor the global routing for your web traffic by optimizing for performance and global failover for high availability. Your routing method selection in the configuration helps to determine the Front Door routing of your client's request to the fastest and the most available application backend.
Front Door provides a wide range of traffic-routing methods and backend health monitoring options to match the different application needs as well as automatic failover models. Similar to Traffic Manager, Front Door is also resilient to any kind of failures, including the failure of an entire Azure region.
DDOS
There are two DDOS service offerings in Azure that offers protection from network attacks:
- DDOS Protection Basic- Basic protection is integrated into the Azure by default at no additional cost. DDOS protection basically requires no user configuration or application changes and helps in protecting all the Azure services, including PaaS services. Its initial service is centered at the protection of the infrastructure as well as the Azure platform while also mitigating the traffic when it exceeds the rate that is so significant that it might affect multiple customers in a multitenant environment. It doesn't offer alerting or per-customer customized policies.
- DDOS Protection Standard- Standard protection offers enhanced DDOS mitigation features and it is automatically tuned to help protect your Azure resources in a virtual network. The protection simply enables any new or existing virtual network, as well as requires no application or resource changes. It has several advantages over the basic service including logging, alerting and telemetry.
Virtual Datacenter
The Virtual Datacenter (VDC) is a concept whose primary purpose is to facilitate design and implementation of enterprise workloads by providing a set of recommendations as well as the best practices for implementing a collection of separate but related entities with common supporting functions, features, and infrastructure.
The advantages of VDC can be unlocked by a centralized hub and spoke network topology with a mix of Azure services and features:
- Azure Virtual Network
- Network security groups
- Virtual network peering
- User-defined routes
- Azure identity with Role-Based Access Control (RBAC)
- Azure DNS
- Azure Firewall
- Azure Front Door
- Azure Virtual WAN
To read part 1 please click here
Comments
Post a Comment