Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Azure networking: Sve što trebate znati

Published byBarry Greer Modified over 7 years ago

Similar presentations

Presentation on theme: "Microsoft Azure networking: Sve što trebate znati"— Presentation transcript:

1 Microsoft Azure networking: Sve što trebate znati
10/25/2017 4:11 PM Microsoft Azure networking: Sve što trebate znati Mustafa Toroman Senior System Partners © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 10/25/2017 4:11 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 10/25/2017 4:11 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Microsoft Azure networking: Sve što trebate znati
10/25/2017 4:11 PM Microsoft Azure networking: Sve što trebate znati Mustafa Toroman Senior System Engineer © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Senior System Engineer MVP Microsoft Azure
@Authority Partners MCP,MCSE,MCITP, MCSD, MCT, MS v-TSP

6 The Big (Network) Picture
Build 2012 10/25/2017 Virtual Network “Bring Your Own Network” Segment with subnets and security groups Control traffic flow with User Defined Routes The Big (Network) Picture Azure Virtual Network Users Internet Front-End Access Dynamic/Reserved Public IP addresses Direct VM access, ACLs for security Load balancing DNS services: hosting, traffic management DDoS protection Backend Connectivity Point-to-site for dev / test VPN Gateways for secure site- to-site connectivity ExpressRoute for private enterprise grade connectivity Backend Connectivity ExpressRoute VPN Gateways © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 DNS Services DNS Azure DNS Traffic Manager
Host your DNS domains in Azure Integrate your Web and Domain hosting Globally route user traffic with flexible policies Enable best-of-class end to end user experience

8 Azure DNS Global footprint
10/25/2017 Azure DNS Global footprint Global footprint of DNS servers Anycast fast query performance Ultra-available © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Traffic Manager Traffic Management Policies www.contoso.com
10/25/2017 4:11 PM Traffic Manager Traffic Management Policies Latency – Direct to “closest” service Round Robin – Distribute across all services Failover – Direct to “backup” if primary fails Nested – Flexible multi-level policies © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Internet IP Addresses & Load Balancing
10/25/2017 Internet IP Addresses & Load Balancing Public IP Addresses in Azure Can be used for instance (VM) level access or load balancing Instance-level IP Internet IP assigned exclusively to a single VM Entire port range is accessible by default Primarily for targeting a specific VM Load balanced IP (VIP) Internet IP load balanced among one or more VM instances Allows port redirection Primarily for load balanced, highly available, or auto-scale scenarios Internet (VIP) LB (Instance-level IP) (Instance-level IP) VM1 VM2 IP1 Microsoft Azure IP2 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Reserved IPs Retain your IP addresses
Microsoft Ignite 2015 10/25/2017 4:11 PM Reserved IPs Internet Retain your IP addresses IPs on existing services can be reserved IPs can be moved between services in seconds Reserved IP Azure Load Balancer Reserved IP Moves Cloud Service 1 Cloud Service 2 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Webrole.0.contoso.cloudapp.net 130.26.10.80
DNS Names for Public IP Internet FQDN access to a virtual machine Available for virtual machines and web/worker roles Automatic DNS registration/de- registration during scale-up, scale-down Webrole.1.contoso.cloudapp.net Webrole.0.contoso.cloudapp.net Contoso App with 2 virtual machines VM Instance 1 VM Instance 2

13 Virtual Network Azure Bring your own network
On Premises 10.0/16 Bring your own network Create subnets with your private or public IP addresses Bring your own DNS or use Azure-provided DNS Secure with Network Security Group ACLs Control traffic flow with User Defined Routes Internet VPN & ExpressRoute Direct Internet Connectivity Azure VPN GW Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 AD / DNS Virtual Network

14 User Defined Routes Internet Control traffic flow in your network with custom routes Attach route tables to subnets Specify next hop for any address prefix Set default route to force tunnel all traffic to on-premises or appliance Virtual Network VM with “IP Forwarding” System Route FrontEnd Subnet BackEnd Subnet Default Route System Route VM/Appliance User Defined Route

15 Multiple NICs in Azure VMs
Up to 16 NICs per VM NSG and Routes on all NICs Can separate frontend, backend, and management Virtual Machine NIC2 NIC1 Default Virtual Network VIP Internet Backend Subnet Mgmt Subnet Frontend Subnet

16 Layered Security, Protection, and Isolation
Cloud Services & Virtual Machines Virtual Network Isolation Internet VM Firewall DDoS Protection NSG ACLs

17 Network Security Groups
Segment network to meet security needs Can protect Internet and internal traffic Enables DMZ subnets Associated to subnets/VMs and now NICs ACLs can be updated independent of VMs On Premises 10.0/16 Internet ExpressRoute and VPNs VPN GW Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 Virtual Network

18 Network Virtual Appliances
10/25/2017 Network Virtual Appliances Overview VMs that perform specific network functions Focus: Security (Firewall, IDS , IPS), Router/VPN, ADC (Application Delivery Controller), WAN Optimization Typically Linux or FreeBSD-based platforms Scenarios IT Policy & Compliance – Consistency between on premises & Azure Supplement/complement Azure capabilities Azure Marketplace Available through Azure Certified Program to ensure quality and simplify deployment You can also bring your own appliance and license © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Virtual Appliances - Firewalls, IDS/IPS, VPNs
Secure your virtual networks in Azure Internet Azure Virtual Network DMZ Cross-premises connectivity IDS IPS

20 Scenario – Application Delivery Controller
Frontend load balancing and delivery control Applications Virtual Network ADC & Load Balancer Internet Web Farms

21 Network Virtual Appliance Ecosystem
Build 2012 10/25/2017 Network Virtual Appliance Ecosystem © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Cross premises connectivity

23 Connectivity Options and Hybrid Offerings
Cloud Customer Segment and workloads Internet Connectivity Consumers Access over public IP DNS resolution Connect from anywhere Secure point-to-site connectivity Developers POC Efforts Small scale deployments Connect from anywhere Secure site-to-site VPN connectivity SMB, Enterprises Connect to Azure compute ExpressRoute private connectivity SMB & Enterprises Mission critical workloads Backup/DR, media, HPC Connect to Microsoft services

24 On-premises VPN Ecosystem
Build 2012 10/25/2017 On-premises VPN Ecosystem © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Connectivity choices: Internet or Private
Branch Office 2 Cloud on your WAN Traffic flows directly from customer WAN to Microsoft Reduces complexity Lower latency, higher bandwidth and higher availability Microsoft WAN Corp HQ Branch office 1 Branch office 2 Public internet Microsoft WAN Branch office 1 Public internet Corp HQ IPsec VPN over Internet Encrypted data traverses Internet to reach Azure Limited bandwidth and higher availability

26 ExpressRoute Predictable performance Security High throughput
Microsoft WAN Corp HQ Branch office 1 Branch office 2 Public internet Predictable performance Security High throughput Lower cost ExpressRoute provides a private, dedicated, high-throughput network connection to Microsoft

27 ExpressRoute Partners
10/25/2017 ExpressRoute Partners Exchange Provider Network Service Provider Exchange Public internet Customer site Microsoft Customer site 1 Customer site 2 Customer site 3 WAN © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 VPN Gateways for Virtual Network
NEW VPN Gateways for Virtual Network ExpressRoute gateway or VPN gateway needed to access a virtual network Introducing a new Standard Gateway Supports ExpressRoute and VPN coexistence Improved throughput for ExpressRoute Virtual Network Gateway SKU ExpressRoute GW Throughput VPN GW ExpressRoute Coexistence VPN GW Throughput VPN GW Max IPsec Tunnels Cost (USD) / Hour Basic 500 Mbps No 100 Mbps 10 $0.04 Standard 1000 Mbps Yes $0.19 Performance 2000 Mbps 200 Mbps 30 $0.49 Note that ExpressRoute traffic for Azure public services, O365, and Skype for Business does NOT go through a Virtual Network gateway

29 Network Resource Provider
NEW Network Resource Provider New REST API surface Loosely coupled network resource model Fine grained access/control of networking resource RBAC of networking resources Support for logging and tagging Highly performant & scalable Regional resiliency Imperative and declarative management style

30 Click To Deploy in Cloud
NEW Click To Deploy in Cloud Readily available templates to Click and Deploy from GitHub Rapidly customize and automate your build & deployment Versatile management interfaces REST API PowerShell Azure CLI SDK(.NET, Node.JS, Java) Azure Portal

31 10/25/2017 4:11 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Azure networking: Sve što trebate znati"

Similar presentations

Hybrid Hyper-scale Enterpris e Grade Azure compute regions.

Hybrid Hyper-scale Enterpris e Grade Azure compute regions.
Customer needs EnterpriseGrade HyperScale Hybrid.

Customer needs EnterpriseGrade HyperScale Hybrid.
Designing Networking and Hybrid Connectivity in Azure

Designing Networking and Hybrid Connectivity in Azure
Hybrid Hyper-scale Enterpris e Grade Azure compute regions.

Hybrid Hyper-scale Enterpris e Grade Azure compute regions.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Building Apps with IaaS and PaaS Name Title Organization.

Building Apps with IaaS and PaaS Name Title Organization.
Customer needs EnterpriseGrade HyperScale Hybrid.

Customer needs EnterpriseGrade HyperScale Hybrid.
An Overview of Microsoft Azure Networking Capabilities

An Overview of Microsoft Azure Networking Capabilities
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Windows Azure Migrating Applications and Workloads Speaker Title Organization.

Windows Azure Migrating Applications and Workloads Speaker Title Organization.
Global scale with Microsoft Azure Scenarios Achieving high availability with Microsoft Azure Demos.

Global scale with Microsoft Azure Scenarios Achieving high availability with Microsoft Azure Demos.
Implement Storage Implement Blobs and Azure Files Manage Access Configure Diagnostics, Monitoring & Analytics Implement SQL Databases Implement Recovery.

Implement Storage Implement Blobs and Azure Files Manage Access Configure Diagnostics, Monitoring & Analytics Implement SQL Databases Implement Recovery.
Kurt Jung – Sr. Research Analyst KEMP Technologies

Kurt Jung – Sr. Research Analyst KEMP Technologies
Mastering Azure Connectivity to the Microsoft Cloud

Mastering Azure Connectivity to the Microsoft Cloud
“Your application performance is only as good as your network” (4)

“Your application performance is only as good as your network” (4)
Azure.

Azure.
Azure Solution Alignment Workshop

Azure Solution Alignment Workshop
Mastering Azure Connectivity to the Microsoft Cloud

Mastering Azure Connectivity to the Microsoft Cloud
Microsoft Build 2016 11/9/2017 5:00 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,

Microsoft Build /9/2017 5:00 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Microsoft Azure Speed >> Economics Scale. Microsoft Azure Speed >> Economics Scale.

Microsoft Azure Speed >> Economics Scale. Microsoft Azure Speed >> Economics Scale.

Similar presentations

Ads by Google