DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Implement network security

Build a network

  • Azure has two different deployment models for creating and working with resources: Azure Resource Manager and classic 
  • Azure Resource Manager is the deployment and management service that provides a consistent management layer and allows you to create, update, and delete resources in your Azure subscription
  • Microsoft recommends creating most new virtual networks through the Resource Manager deployment model
  • Azure networking components include:
    • Virtual networks
    • IP addresses
    • Subnets
    • Network interface card
    • DNS
  • Azure provides a name resolution service that enables VMs and cloud services within Azure to communicate by name

    Alt text of image

  • To increase availability and scalability, you can create two or more VMs that publish the same application

  • You can use an Azure load balancer to enable this traffic distribution between VMs

  • Azure load balancers are of two types:

    • Public load balancer
    • Internal load balancer
  • The load balancer can probe the health of the various server instances

  • All outbound traffic to the internet that originates from your service undergoes source network address translation (SNAT) by using the same VIP address as for incoming traffic

  • Application gateways provide load-balanced solutions for network traffic that is based on the HTTP protocol

  • Azure Traffic Manager is another load-balancing solution that Azure includes

  • Traffic Manager can:

    • Improve availability of critical applications 
    • Improve responsiveness for high-performance applications 
    • Upgrade and perform service maintenance without downtime 
    • Combine on-premises and cloud-based applications 
    • Distribute traffic for large, complex deployments 
  • Traffic Manager works at the DNS level

  • Network Security Groups

    • You use Network Security Groups to provide network isolation for Azure resources by defining rules that can allow or deny specific traffic to individual VMs or subnets
  • User-defined routes

    • User-defined routes (UDR) control network traffic by defining routes that specify the next hop of the traffic flow
  • Forced tunneling

    • With forced tunneling, you can redirect internet-bound traffic back to the company’s on-premises infrastructure
  • Regional virtual networks

    • Regional virtual networks can span a complete Azure region or datacenter
  • Cross-premises network connectivity

    • Virtual networks in Azure also enable you to extend your on-premises networks to the cloud

Create a virtual network and a subnet
You can create a virtual network by using the Azure portal, the Azure CLI 1.0, or PowerShell
Alt text of image

Create a network load balancer

  • Azure Load Balancer is available in two SKUs: Basic and Standard
  • You can use Azure Load Balancer to:
    • Load-balance incoming internet traffic to your VMs
    • Load-balance traffic across VMs inside a virtual network
    • Port forward traffic to a specific port on specific VMs 
    • Provide outbound connectivity for VMs inside your virtual network 

Azure Traffic Manager

  • Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints
  • Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models
  • Traffic Manager is resilient to failure, including the failure of an entire Azure region Alt text of image

Configure virtual network gateways

  • Azure VPN Gateway serves as the cross-premises gateway connecting your workloads in Azure Virtual Network to on-premises sites
  • It is necessary to connect to on-premises sites through IPsec S2S VPN tunnels or through ExpressRoute circuits Alt text of image

Top comments (0)