Azure Networks are a logical isolation and representation of a network in the cloud. Since Azure’s core services use virtualization, we refer to these networks as Virtual Networks (VNet). These VNets can provision and manage Virtual Private Networks (VPNs) on Azure, connect with different VNets on Azure, link the Azure VNets with the on-premises environment, and much more.

 

Figure 1 source: microsoft.com

 

Since each VNet has its own CIDR blocks, it is possible to have a link between the on-premises networks and Azure VNets.

Virtual Azure Networks make it possible for different Azure resources such as virtual machines and web apps to communicate with each other and with devices on the internet and on-premises securely.

 

Azure Networking Components

Azure Networks contain similar components that are also in on-premises network environments. The following are the main components available in Azure Networks.

Subnets

Subnets are a range of IP addresses within a network divided into multiple subnets for security in different organizational departments.

IP Addresses

Azure resources can be assigned two types of IP addresses:

  • Public

    Public IP address is assigned for Azure public-facing communication. By default, a dynamic IP address is assigned to the Azure resource, and each time the service is stopped, the IP releases and a new IP address is assigned. When a static IP is assigned, that IP address stays in place for the Azure resource until it is deleted.

  • Private

    Private IP addresses can connect via a VPN gateway, express route, or when the Azure resource is on a separate VNet.

Azure Networking Options

Azure offers a variety of Microsoft Azure offerings and other third-party vendor networking features to make your Azure Environment fully-fledged and capable of handling all the traffic that draws into the environment.

Figure 2 source: microsoft.com

 

Figure 3 source: Azure Portal

 

 

Azure Network Security Groups (NSG)

Network Security Group is the primary tool that controls and enforces network traffic rules at the networking level. With NSGs, access either permits or denies between workloads. Additionally, the organization can limit who can work with resources in a virtual network.

Load Balancing

A load balancer takes new inbound flows that arrive and distributes the traffic to the backend pool instances, according to resource availability and rule assignment. Azure load balancing can scale business applications creating high availability for services. They also provide very low latency and high throughput and can scale up to millions of flows depending on the traffic of TCP and UDP applications.

Azure Load Balancers are available in two SKUs; basic and standard differing in scalability and features. These load balancers often have different solutions by category:

  • Azure Traffic Manager – This is similar to the AWS offering Route53; DNS directs the traffic to the relevant destination. There are three destination selection modes: failover, performance and round robin.
  • Azure Application Gateway – Performs L7 load balancing which supports HTTP requests, SSL termination, and resolves cookies.

Routing Tables

Azure Routing tables are handy when there is a need to change how the traffic routes, which overwrites the automatically provisioned Azure route systems. These routing changes are applied to the traffic leaving a subnet and can be set to go to the next hop of a virtual machine, virtual network or a virtual network gateway.

 

Virtual Private Networks (VPN)

A VPN is an encrypted, secure connection over the internet from a device to a separate network ensuring that any sensitive data that transmits over the network is secure by preventing any unauthorized personnel eavesdropping on the traffic. VPNs are the go-to solution as workplaces move to more work-from-home facilities.

Azure’s VPN solutions are handy when there is a need to transfer data among several VNets. Azure offers two types of gateways.

VPN

There are two types of Azure VPNs; route-based and policy-based.

  • On a route-based VPN, the traffic routes via a tunnel interface in which the data packets get encrypted and decrypted.
  • On a policy-based VPN, the traffic is encrypted and decrypted based on the policy applied. These policies contain the endpoint device networking details.

Business organizations can decide to apply these policies to a set of employees or the entire workforce. Also, this can be one of the main checkpoints in an auditing environment.

Express Route

Express Route is a direct connection between the on-premises data center and Azure data center. An Express route does not go through the public internet; a connectivity provider supplies the connection. An ExpressRoute connection offers a more reliable connection with faster speeds and lower latencies than the public internet. Additionally, ExpressRoute benefits in significant cost savings when there are data transfers between the on-premises environment and the Azure data center.

As of writing this article, Azure offers three connectivity options. The most basic is IPSec VPN, in simpler terms, over the public internet. ExpressRoute provides the other two options.

Figure 5 source: microsoft.com

 

Exchange Provider

Here, Azure makes a connection via point-to-point by an exchange provider having a direct link to Azure. Using this option grants full control of the routing but it is not ideal for multipoint WANs due to the need for point-to-point connections.

Network Service Provider

With the ExpressRoute option, the network service provider supplies a direct connection to Azure. Although the network service provider manages routing, each site or department uses multiple point connectivity.

ExpressRoute offers additional Azure Features suitable for any organization. One is Azure Site Recovery(ASR). With this ExpressRoute connection, you can replicate data without any concerns of bandwidth availability since it’s a delicate connection on Azure. Along with ASR, data migration, disaster recovery, and high availability strategies, many implementations allow you to make the most out of Azure.

Read more about Azure Site Recovery on our previous article here.

Azure Networks Watcher

The Network Watcher gives access details, such as logging, monitoring, diagnostic features, and automation. You can closely monitor the network’s health status and performance for higher visibility.

 

Competitor Network Offerings

As with any business in the world, Azure has a big cloud war with its main competitor Amazon Web Services (AWS). AWS offers the same solutions for networking components only with a few subtle changes.

 

Service Description Azure offering AWS offering
Cross-Premises connectivity Connecting virtual networks to other networks VPN Gateway AWS VPN Gateway
Domain Name System Management DNS record management DNS/Traffic Manager Route 53
Content Delivery Network Delivery of all types of content. Content Delivery Network CloudFront
Load Balancing Automatically distributes the traffic depending on rules and resources availability Express Route Direct Connect
Cloud Virtual Network An isolated private environment in the cloud. Virtual Network Virtual Private Network

 

Importance of Azure Networks

If your business decides to embrace Azure, their networking solutions cover all of the critical considerations with cloud networking.

Isolation and Enhance Security

With the ability to assign private IP addresses and define subnets, along with routing policies and more, Azure Networks can isolate virtual machines and applications making the resource environment more secure.

Network Topologies

With virtual networks, there is no need to worry about cabling messes. You have the unique possibility of building sophisticated network topologies per the requirement to run virtual appliances on the network. It also allows for greater control of designing your system with load balancers, application firewalls, WAN optimizers, etc.

Figure 7 source: microsoft.com

Expanded Datacenters

When you need to expand the on-premises data center, and cost of expansion is over the top, Azure Cloud can provision the workloads and easily have them communicate with the on-premises datacenter using the powerful Azure networking options. As a result, there is no need for new hardware which results in almost no capital expenditure.

Hybrid application deployment

Business applications often need a backend SQL Server database to function. This is a major hurdle for businesses that have their SQL Databases hosting on-premises, which results in not using cloud power effectively. But, by using Virtual Networks, you can build hybrid cloud applications and securely connect them with the on-premises SQL databases.

Figure 9 source: microsoft.com

Third Party Solutions

With Azure’s massive marketplace, there is always a solution for any issue you may face. Networking vendors have a variety of networking solutions on the market for load balancers, firewalls, traffic management, and so on.

Azure Global Availability

With Azure’s global availability, business data and applications can host in an Azure data center that is close to the customer. Accessing data is faster and has minimum latencies. None of the leading cloud competitors have this ability yet. As of writing this article, Azure is available in 52 regions and is currently expanding in more areas and data centers.

Figure 10 source: microsoft.com

Written by Alexandre Painchaud Content Marketing Specialist @ SherWeb

Loading