There are many types of network services available in Microsoft Azure Cloud. Some of the categories of networking include connectivity services, application protection services, application delivery services, as well as network monitoring. By using a combination of these services a business can network On-Prem resources with those in the Azure cloud, protect applications with advanced firewalls and Network Security Groups, set up Content Delivery edge caching with a CDN, as well as monitor all of these via services like Azure Network Watcher, ExpressRoute Monitor, and Azure Monitor.
Azure Virtual Network
Virtual networks in Azure are the foundation of network services that facilitate communication among various cloud resources. It is a logical representation of an Internet Protocol (IP) based network in Azure. A Virtual Network in Azure can also be simply referred to as a Vnet. A single virtual network has one or more subnets. Subnets are where virtual machines and other devices are connected. VNETs provide logical isolation in Azure dedicated to a given subscription and is a dedicated private cloud-only network. To connect a virtual network to an on-site data center, one could use a site-to-site VPN. This allows traffic to be routed to and from the VNET in the cloud and the On-Prem LAN. It is this feature that enables the hybrid cloud. Note that Virtual Machines in different VNETs can not communicate by default.
- logically isolated
- used with most Azure resources
- CIDR range of 10.0.0.0/16 = 65,536 IPs
- can be subnetted into smaller networks
- subnets must have smaller CIDR range that containing VNET
- public subnet can reach the Internet
- private subnet can not reach the Internet
- Azure VMs in different subnets in the same virtual network can communicate by default
Azure VPN Gateway
A VPN Gateway in Azure is a virtual network gateway that sends encrypted traffic between an Azure VNET and an on-prem data center over the Internet. A VPN Gateway is a core component of the hybrid cloud deployment model. It’s important to understand that this connection travels over the public Internet securely using encryption. Azure VPN Gateway is a cost-effective way to implement a hybrid environment.
- uses encryption for security
- traffic travels over public internet
- one VPN gateway per VNET
- VPN tunnels share available bandwidth
Azure VNET Peering
We can use VNET Peering in Azure to seamlessly connect two or more virtual networks in Azure. This feature makes it possible for two different VNETS to function as a single network in terms of the ability for resources in each netork to communicate. This makes it possible to simplify routing in complex environments within Azure.
- Resources in one virtual network to communicate with resources in a different virtual network.
- Transfer data between virtual networks across Azure subscriptions, Azure Active Directory tenants, deployment models, and Azure regions.
- No downtime to resources when creating the peering, or after the peering is created.
- Peer virtual networks created through the Azure Resource Manager.
- Low-latency, high-bandwidth connection between resources in different virtual networks.
- Peer a virtual network created through Resource Manager to one created through the classic deployment model.
- Azure Resource Manager uses templates based on existing resources to automate the deployment process ensuring consistency.
Azure ExpressRoute offers similar functionality as a site-to-site VPN. It makes it possible to extend an on-premises network into Azure. The difference between a site-to-site VPN and ExpressRoute is that ExpressRoute uses a private connection with the help of a connectivity provider. ExpressRoute traffic does not traverse the open Internet. ExpressRoute is the fastest and most secure option for Hybrid Cloud deployments. It is also the most expensive, so keep that in mind.
- Bandwidth up to 100 Gbps Supported
- Private connections to Azure
- Lower latency
- Increased reliability and speed
- Connect your on-premises networks using the Microsoft global network
- Connects directly to your WAN
- Implement a hybrid cloud architecture utilizing Azure to connect on-premises application resources while minimizing latency and maximizing security.
Learn More About Azure Network Services
- Azure Virtual Network Vnet (simplilearn.com)
- Azure Virtual Network (varonis.com)
- Azure Virtual Network Vnet (tutorialsdojo.com)
- Configure Site Site Vpn Gateway Connection Azure Premises Network (rebeladmin.com)
- How to Setup a Site-to-Site VPN between an Azure Virtual Network and WatchGuard Firewal(itpromentor.com)
- Step By Step Creating An Azure Point To Site Vpn (techcommunity.microsoft.com)
- Setting Up Azure Vnet Peering (pixelrobots.co.uk)
- Cloud Networking Azure Vnet To Vnet (aviatrix.com)
- Configuring Azure Vnet Peering Using Azure Portal (msserverpro.com)
- Microsoft VNET Peering (techgenix.com)
- Azure How To Configure Vnet Peering (buildvirtual.net)
- Azure Virtual Wan Virtual Wan Expressroute Portal (docs.microsoft.com)