Mastering Azure Connectivity to the Microsoft Cloud

Slides:



Advertisements
Similar presentations
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Advertisements

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Print Remaining Documents © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
Windows Azure Connect Name Title Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Document Attachment –Replace OLE Notes © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.
Windows ® Azure ™ Platform. Network Architecture Packet Filtering Built-In Firewalls Connect Service SSL WCF Security Agenda.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Windows Azure SQL Data Sync Name Title Microsoft Corporation.
projekt202 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Cybersecurity concerns persist Global attacks are increasing and costs are rising 4 Cybercrime extracts between 15% and 20% of the value created by.
Kurt Jung – Sr. Research Analyst KEMP Technologies
Mastering Azure Connectivity to the Microsoft Cloud
“Your application performance is only as good as your network” (4)
Microsoft Azure networking: Sve što trebate znati
Azure Stack and Hybrid Deployment
Welcome to the Hands on Lab!
Mastering Azure Connectivity to the Microsoft Cloud
Mastering Azure Connectivity to the Microsoft Cloud Session 3.
5/5/ :05 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Optimize your network for the cloud
Enterprise Security in Practice
Migrating your IaaS infrastructure from ASM to ARM without downtime
Mastering Azure Connectivity to the Microsoft Cloud
Logo here Module 8 Implementing and managing Azure networking 1.
ExpressRoute for Office 365 Training
Danilo Omaljev Microsoft Cloud Solutions Architect.
Mastering Azure Connectivity to the Microsoft Cloud
Design and Implement Cloud Data Platform Solutions
9/18/ :06 AM BRK2212 Gain visibility into Network performance and availability with Network monitoring solutions in Azure Vijay Tinnanur Abhishek.
Mastering Azure ExpressRoute Connectivity to the Microsoft Cloud
Microsoft Virtual Academy
Azure AD Domain Services
Microsoft Virtual Academy
Microsoft Virtual Academy
Title of Presentation 12/2/2018 3:48 PM
Microsoft Virtual Academy
M318.
8/04/2019 9:13 PM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Windows Azure Overview
Windows 8 Security Internals
Виктор Хаджийски Катедра “Металургия на желязото и металолеене”
A - E Cloud Enterprise Symbols
Шитманов Дархан Қаражанұлы Тарих пәнінің
Title of Presentation 5/24/2019 1:26 PM
Route web traffic using Azure CLI
L3-L7 Connectivity Policies
Microsoft Virtual Academy
Microsoft Virtual Academy
DirectAccess with Unified Access Gateway (UAG)
Mobile App Management David Alessi — Support Topic Owner for Enterprise Windows Phone, Microsoft Corporation Simon May — Enterprise Device Infrastructuralist,
08 | Conclusion Jon Galloway | Technical Evangelist
VNet and Cross-Premises Connectivity
Presentation transcript:

Mastering Azure Connectivity to the Microsoft Cloud Day One - Session 2 of 4

Agenda Outline Time Duration Topic 09:00 30 mins Intro and Overview 09:30 SDN, Virtual Network, and Azure Network Overview 10:00 RDFE / ARM Overview 10:30 15 mins Break 10:45 45 mins VNet Deep Dive 11:30 Hybrid Network Overview 12:00 90 mins Lunch 13:30 75 mins ExpressRoute Deep Dive 14:45 15:00 60 mins ExpressRoute Demo’s and Q&A 16:00 Roadmap and Futures

VNet Deep Dive

Azure Virtual Network Bring your own network Internet Bring your own network Logical isolation with control over network Create subnets with your private or public IP address spaces Bring your own DNS or use Azure-provided DNS Secure VMs with Network Security Groups Run highly available internal services behind internal load balancer Direct Internet Connectivity Virtual Network Azure Infra Network Security Group DNS WEB SERVER AD FE Subnet Azure Internal LB APP SERVERS DB SERVERS BE Subnet

How Does Isolation Work? 10/22/2017 8:31 AM How Does Isolation Work? The fabric manages the controller The controller provides policy to the switch The switch encapsulates the traffic Each tunnel has a unique key per VNet Policy ensures only proper packets get to the proper Azure resource (VM) For new flows, and periodically thereafter, in or out of a virtual switch, the switch checks with the controller to allow or deny the flow. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

VNet Deep Dive “Address Prefixes” Microsoft Ignite 2015 10/22/2017 8:31 AM VNet Deep Dive “Address Prefixes” CIDR Notation for the address range you want to use. Example: 192.168.0.1 – 192.168.0.254 = 192.168.0.0/24 Look up CIDR on Wikipedia for more info  (“CIDR Calc” is a really helpful Windows Phone App) "resources": [ { "apiVersion": "[variables('apiVersion')]", "type": "Microsoft.Network/virtualNetworks", "name": "[parameters('vnetName')]", "location": "[parameters('location')]", "properties": { "addressSpace": { "addressPrefixes": [ "[parameters('vnetAddressPrefix')]" ] }, "subnets": [ "name": "[parameters('subnet1Name')]", "addressPrefix": "[parameters('subnet1Prefix')]" } "name": "[parameters('subnet2Name')]", "addressPrefix": "[parameters('subnet2Prefix')]" } } ] } } ] CIDR = Classless Inter-Domain Routing © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Using Security to expose network features

What is a DMZ? Allow access to internet facing resources 10/22/2017 8:31 AM What is a DMZ? Allow access to internet facing resources Protects backend networks Inspection and auditing throughout Security policy at/in each layer The key to a good DMZ are the devices, policies, and controls at each boundary © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Visualizing a Corporate DMZ 10/22/2017 8:31 AM Visualizing a Corporate DMZ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Native Azure security features 10/22/2017 8:31 AM Native Azure security features Network Isolation Network Security Groups User Defined Routing Network Virtual Appliance Combine these features to meet your exact security requirements! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Visualizing the security layers 10/22/2017 8:31 AM Visualizing the security layers © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Visualizing the Azure DMZ 10/22/2017 8:31 AM Visualizing the Azure DMZ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Modeling security techniques 10/22/2017 8:31 AM Modeling security techniques © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Modeling security techniques 10/22/2017 8:31 AM Modeling security techniques © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

NSG code walkthrough # Create the NSG New-AzureNetworkSecurityGroup -Name $NSGName -Location $DeploymentLocation ` -Label "Security group for $VNetName subnets in $DeploymentLocation" # Add NSG Rule to Deny Inbound Internet Traffic Get-AzureNetworkSecurityGroup -Name $NSGName | ` Set-AzureNetworkSecurityRule -Name "Isolate the $VNetName VNet from the Internet" ` -Type Inbound -Priority 100 -Action Deny ` -SourceAddressPrefix INTERNET -SourcePortRange '*' ` -DestinationAddressPrefix VIRTUAL_NETWORK -DestinationPortRange '*' ` -Protocol * # Bind the NSG to a Subnet Set-AzureNetworkSecurityGroupToSubnet -Name $NSGName -SubnetName $FESubnet ` -VirtualNetworkName $VNetName Set-AzureNetworkSecurityGroupToSubnet -Name $NSGName -SubnetName $BESubnet `

UDR code walkthrough # Create Route Table New-AzureRouteTable -Name $BERouteTableName -Location $DeploymentLocation ` -Label "Route table for $BESubnet subnet" # Add Routes to Route Table Get-AzureRouteTable $BERouteTableName | ` Set-AzureRoute -RouteName "All traffic to FW" -AddressPrefix “0.0.0.0/0” ` -NextHopType VirtualAppliance -NextHopIpAddress “10.0.0.4” # Associate the Route Tables with the Subnets Set-AzureSubnetRouteTable -VirtualNetworkName $VNetName ` -SubnetName $BESubnet ` -RouteTableName $BERouteTableName

Connecting a hybrid network 10/22/2017 8:31 AM Connecting a hybrid network © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid Connectivity

Connectivity options and hybrid offerings Azure Customer Segment and workloads Internet connectivity Consumers Access over public IP DNS resolution Connect from anywhere Secure point-to-site VPN connectivity Developers POC Efforts Small scale deployments Connect from anywhere Secure site-to-site VPN connectivity SMB & Enterprises Connect to Azure compute ExpressRoute private connectivity SMB & Enterprises Mission critical workloads Backup/DR, media, HPC Connect to all Azure services

Hybrid Options Point-to-Site Site-to-Site ExpressRoute Microsoft Ignite 2015 10/22/2017 8:31 AM Hybrid Options Point-to-Site Site-to-Site ExpressRoute Azure Supported Services Cloud Services and Virtual Machines Services list Typical Bandwidths Typically < 100 Mbps aggregate Typically < 200 Mbps aggregate 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps Protocols Supported Secure Sockets Tunneling Protocol (SSTP) Ipsec Direct connection over VLANs, NSP's VPN technologies (MPLS, VPLS,...) Routing Route-based (dynamic) We support policy-based (static routing) and route-based (dynamic routing VPN) BGP Connection resiliency active-passive active-passive, active-active active-active Typical use case Prototyping, dev / test / lab scenarios for cloud services and virtual machines Dev / test / lab scenarios and small scale production workloads for cloud services and virtual machines Access to all Azure service (validated list), Enterprise-class and mission critical workloads, Backup, Big Data, Azure as a DR site Technical Documentation VPN Gateway Documentation ExpressRoute Documentation **FAQ ** VPN Gateway FAQ ExpressRoute FAQ © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

© 2016 Microsoft Corporation. All rights reserved © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.