- Azure has two different deployment models for creating and working with resources: Azure Resource Manager and classic
- Azure Resource Manager is the deployment and management service that provides a consistent management layer and allows you to create, update, and delete resources in your Azure subscription
- Microsoft recommends creating most new virtual networks through the Resource Manager deployment model
- Azure networking components include:
- Virtual networks
- IP addresses
- Subnets
- Network interface card
- DNS
- Azure provides a name resolution service that enables VMs and cloud services within Azure to communicate by name
- To increase availability and scalability, you can create two or more VMs that publish the same application
- You can use an Azure load balancer to enable this traffic distribution between VMs
- Azure load balancers are of two types:
- Public load balancer
- Internal load balancer
- The load balancer can probe the health of the various server instances
- All outbound traffic to the internet that originates from your service undergoes source network address translation (SNAT) by using the same VIP address as for incoming traffic
- Application gateways provide load-balanced solutions for network traffic that is based on the HTTP protocol
- Azure Traffic Manager is another load-balancing solution that Azure includes
- Traffic Manager can:
- Improve availability of critical applications
- Improve responsiveness for high-performance applications
- Upgrade and perform service maintenance without downtime
- Combine on-premises and cloud-based applications
- Distribute traffic for large, complex deployments
- Traffic Manager works at the DNS level
- Network Security Groups
- You use Network Security Groups to provide network isolation for Azure resources by defining rules that can allow or deny specific traffic to individual VMs or subnets
- User-defined routes
- User-defined routes (UDR) control network traffic by defining routes that specify the next hop of the traffic flow
- Forced tunneling
- With forced tunneling, you can redirect internet-bound traffic back to the company’s on-premises infrastructure
- Regional virtual networks
- Regional virtual networks can span a complete Azure region or datacenter
- Cross-premises network connectivity
- Virtual networks in Azure also enable you to extend your on-premises networks to the cloud
You can create a virtual network by using the Azure portal, the Azure CLI 1.0, or PowerShell
- Azure Load Balancer is available in two SKUs: Basic and Standard
- You can use Azure Load Balancer to:
- Load-balance incoming internet traffic to your VMs
- Load-balance traffic across VMs inside a virtual network
- Port forward traffic to a specific port on specific VMs
- Provide outbound connectivity for VMs inside your virtual network
- Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints
- Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models
- Traffic Manager is resilient to failure, including the failure of an entire Azure region
- Azure VPN Gateway serves as the cross-premises gateway connecting your workloads in Azure Virtual Network to on-premises sites
- It is necessary to connect to on-premises sites through IPsec S2S VPN tunnels or through ExpressRoute circuits