Kurt Jung – Sr. Research Analyst KEMP Technologies Azure Networking Kurt Jung – Sr. Research Analyst KEMP Technologies

Thanks to our Organizers! Ben Serebin Exchange Junkie Tome Tanasovski PowerShell MVP Blog: http://blog.reefsolutions.com Twitter:@bserebin Blog: http://powertoe.wordpress.com/ Twitter: @toenuff Ken Reid David Sebban Windows IT Pro MVP Website: http://www.nyewin.org Blog: http://dsebban.wordpress.com Twitter: @davidsebban Eric Fellen Website: http://www.nyewin.org

User Group Communities NYC PowerShell User Group Meetings: Second Monday of the month, 6:00PM, Microsoft NYC Office Web: http://powershellgroup.org/nyc New York Exchange User Group (NYExUG) Meetings: Second Tuesday of the month, 5:45PM to 9PM, Microsoft NYC Office Web: www.nyexug.com Devices and Datacenter User Group New York (DDUGNY) Meetings: First Thursday of the month, 6:00PM, Microsoft NYC Office Web: http://www.meetup.com/ddugny

Event Sponsors

Event User Groups

Azure Networking Virtual Networks

The Big (Network) Picture Azure virtual network Users Internet Front-end access Dynamic/reserved public IP addresses Direct VM access, ACLs for security Load balancing DNS services: hosting, traffic management DDoS protection Virtual network Bring your own network” Segment with subnets and network security groups Control traffic flow with user defined routes Backend connectivity Point-to-site for dev/test VPN Gateways for secure site-to-site connectivity ExpressRoute for private enterprise grade connectivity Backend connectivity ExpressRoute VPN Gateways

Virtual Network Azure 10.0/16 On Premises 10.0/16 Internet Logical isolation with control over the network Create subnets and isolate traffic with network security groups Support for Static IP addresses Support for Internal Load Balancing DNS options – BYO or Microsoft Azure-provided Extend your trust boundary – VMs and Cloud Services on the same Network VPN & ExpressRoute Direct Internet Connectivity Azure VPN GW Backend 10.3/24 Mid-tier 10.2/24 Frontend 10.1/24 AD / DNS Virtual Network

Network Security Groups (NSG) Enables network segmentation & DMZ scenarios Traffic Rules (up to 200 per NSG default) Filter incoming/outgoing traffic with allow/deny Individual addresses, address prefixes, wildcards Association Associate with virtual machines or subnets Rules can be updated independent of VMs Configure PowerShell, ARM or Portal On Premises 10.0/16 Internet Internet S2S VPNs √ √ √ √ VPN GW Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 Virtual Network

Azure Multi-VIPs Load Balancer

Azure Multi-NIC

Azure Multi-IP Private IP Addresses per network interface = 50

Azure Networking Connectivity

Connectivity Options to Azure Cloud Customer Segment and workloads Internet Connectivity Consumers Access over public IP DNS resolution Connect from anywhere Secure point-to-site connectivity Developers POC Efforts Small scale deployments Connect from anywhere Secure site-to-site VPN connectivity SMB, Enterprises Connect to Azure compute ExpressRoute private connectivity SMB & Enterprises Connect to Microsoft services Mission critical workloads

Site to Site VPN Route-Based VPN Policy-Based VPN Traffic Selector: Any-to-Any 0.0.0.0/0  0.0.0.0/0 Routing tables to direct traffic into different tunnels Multiple sites Routing features BGP & Transit dynamically update routes Forced Tunneling re-direct all Internet-bound traffic to on-premises Policy-Based VPN Traffic Selector: Prefix-to-Prefix 10.1.0.0/16 10.2.0.0/16 10.1.0.0/16  10.3.0.0/16 “Firewall”-based VPN Single site only Does not support routing features

Express Route Ultra-Performance gateway Higher availability SLA 10Gbps to a virtual network Higher availability SLA Improved SLA from 99.9% to 99.95% More insights Self-help and troubleshooting tools on Azure portal: ARP table, routing table, traffic statistics Improved monitoring and diagnostics Deprecation of basic gateway SKU Existing basic gateways still supported with 99.9% availability SLA No new basic gateways Gateway SKU Throughput (Gbps) Standard 1 HighPerformance 2 UltraPerformance 9

Connectivity Options within Azure Cloud Cloud Segment and workloads VNet Peering within region In-region VNet-to-VNet connectivity Direct VM-to-VM connectivity Peer VNets for routing and transit VNet-to-VNet via gateway Same region or cross regions Connectivity via Azure VPN gateways

VNet Peering Generally Available Full-mesh direct connectivity High bandwidth Low latency Classic to ARM Peering Cross subscription Hub and Spoke configuration

Hub-and-Spoke with VNet Peering 10.0/16 On-Premises ARM VNet10.1/16 ARM VNet10.2/16 VPN Peering Gateway transit via Peering Supports NVA and Gateway Transit (ARM-to-ARM only) Sharing the Gateway in the Hub for all the Spoke VNets via Peering

DMZ Hub VNet with Peering From DMZ per VNet to DMZ per region! Hub/DMZ and spoke with VNet Peering VNet 1 Internet Connectivity DMZ VNet Internet Firewall IDS/IPS WAF DMZ VNet 2 VNet Peering VNet 3 Backend VNets Cross-Premises Connectivity Azure VPN On Premises Sites

Demo VNET Peering

VNET Peering Demo

VNET Peering Demo

Network Troubleshooting Azure Networking Network Troubleshooting

Azure Network Watcher View Topology IP Flow Verify Next Hop Network Security Group view Packet Capture Subscription Limits Network Security Group Flow Logs Diagnostic Logs

Azure Network Watcher Generally available West US North Central US West Central US Free during four month promotional period Ends August 2017

Demo Azure Network Watcher

Network Watcher Demo

Other information All slide decks will be posted on http://www.techstravaganza.com Grand Prize Raffle at 5:15pm Join us for Cash Bar & Free Food @ Guys American @ 5:45pm