loading...
Cover image for AZ-900 Notes: Azure networking options

AZ-900 Notes: Azure networking options

sudhachandranbc profile image Sudha Chandran B C ・5 min read

Running your app or service in the cloud requires a fast and secure network.
Here are Azure networking basics we'll learn in this notes:

  • Learn how virtual networking helps you isolate network and compute resources
  • Learn how Azure Load Balancer helps improve resiliency, or the ability to recover when your service goes down
  • Learn how Traffic Manager can route traffic to different endpoints, including the endpoint with the lowest latency to the user

Using an N-tier architecture

  • An architectural pattern that can be used to build loosely coupled systems is N-tier.
  • Tiers help separate concerns and are ideally designed to be reusable.

Example: Three-tier refers to an n-tier application that has three tiers. Your e-commerce web application follows this three-tier architecture:

  • The web tier provides the web interface to your users through a browser.
  • The application tier runs business logic.
  • The data tier includes databases and other storage that hold product information and customer orders.

2-three-tier.png

When the user clicks the button to place the order, the request is sent to the web tier, along with the user's address and payment information. The web tier passes this information to the application tier, which would validate payment information and check inventory. The application tier might then store the order in the data tier, to be picked up later for fulfillment.

Each tier can access services only from a lower tier. The VM running in the web tier has a public IP address because it receives traffic from the internet. The VMs in the lower tiers, the application and data tiers, each have private IP addresses because they don't communicate directly over the internet.

Virtual network

  • A virtual network is a logically isolated network on Azure
  • A virtual network allows Azure resources to securely communicate with each other, the internet, and on-premises networks.
  • A virtual network is scoped to a single region

A VPN gateway (or virtual network gateway) can provide a secure connection between an Azure Virtual Network and an on-premises location over the internet.

Network security group

A network security group, or NSG, allows or denies inbound network traffic to your Azure resources.

Azure Load Balancer

Availability

  • Availability refers to how long your service is up and running without interruption.
  • High availability, or highly available, refers to a service that's up and running for a long period of time.
  • "five nines availability." Five nines availability means that the service is guaranteed to be running 99.999 percent of the time.

Resiliency

Resiliency refers to a system's ability to stay operational during abnormal conditions like Natural disasters, System maintenance, Spikes in traffic to your site.

Load balancer

  • A load balancer distributes traffic evenly among each system in a pool. A load balancer can help you achieve both high availability and resiliency.
  • Load balancer to distribute traffic. The load balancer becomes the entry point to the user. The user doesn't know (or need to know) which system the load balancer chooses to receive the request.
  • Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications.
  • You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.

Azure Application Gateway

  • Application Gateway is a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios.
  • This type of routing is known as application layer (OSI layer 7) load balancing since it understands the structure of the HTTP message.

3-appgateway.png

Benefits of using Azure Application Gateway over a simple load balancer:

  1. Cookie affinity. Useful when you want to keep a user session on the same backend server.
  2. SSL termination. Application Gateway can manage your SSL certificates and pass unencrypted traffic to the backend servers to avoid encryption/decryption overhead. It also supports full end-to-end encryption for applications that require that.
  3. Web application firewall. Application gateway supports a sophisticated firewall (WAF) with detailed monitoring and logging to detect malicious attacks against your network infrastructure.
  4. URL rule-based routes. Application Gateway allows you to route traffic based on URL patterns, source IP address and port to destination IP address and port. This is helpful when setting up a content delivery network.
  5. Rewrite HTTP headers. You can add or remove information from the inbound and outbound HTTP headers of each request to enable important security scenarios, or scrub sensitive information such as server names.

Content Delivery Network

  • A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users.
  • It is a way to get content to users in their local region to minimize latency.
  • CDN can be hosted in Azure or any other location. You can cache content at strategically placed physical nodes across the world and provide better performance to end users.

DNS:

  • DNS, or Domain Name System, is a way to map user-friendly names to their IP addresses. You can think of DNS as the phonebook of the internet.
  • You can bring your own DNS server or use Azure DNS, a hosting service for DNS domains that runs on Azure infrastructure.

3-dns.png

Azure Traffic Manager

  • Latency refers to the time it takes for data to travel over the network. Latency is typically measured in milliseconds. One way to reduce latency is to provide exact copies of your service in more than one region.

How can you connect users to the service that's closest geographically, but under the contoso.com domain?
One answer is Azure Traffic Manager. Traffic Manager uses the DNS server that's closest to the user to direct user traffic to a globally distributed endpoint.
You can connect Traffic Manager to your own on-premises networks, enabling you to maintain your existing data center investments. Or you can move your application entirely to the cloud. The choice is yours.

Compare Load Balancer to Traffic Manager

Azure Load Balancer distributes traffic within the same region to make your services more highly available and resilient.
Traffic Manager works at the DNS level, and directs the client to a preferred endpoint. This endpoint can be to the region that's closest to your user.

Load Balancer and Traffic Manager both help make your services more resilient, but in slightly different ways. When Load Balancer detects an unresponsive VM, it directs traffic to other VMs in the pool.
Traffic Manager monitors the health of your endpoints. When Traffic Manager finds an unresponsive endpoint, it directs traffic to the next closest endpoint that is responsive.

You learned just a few ways Azure networking can help reduce latency and make your apps and services more highly available.

Thank you for Reading! 😊

Posted on by:

sudhachandranbc profile

Sudha Chandran B C

@sudhachandranbc

iOS Developer, Cloud Aspirant, Currently Pursuing #100DaysOfCloud.

Discussion

markdown guide