This post is the last in a series of three blog entries about Microsoft public cloud and “fundamental” building blocks for IT infrastructure (you can find the first post here, and the second one here). The series covers storage platform, networking and compute aspects of the cloud platform.
As with most other infrastructure components, network is one of the fundamental prerequisites for IT systems. There are only very limited scenarios where you do not need network connectivity to your compute or storage resources. This article will cover Azure network from different configuration perspectives – your Virtual Machine service availability, Virtual Network and IP address configurations and other network services.
Starting with some background on Microsoft public cloud services: It was recently announced that Microsoft has around 25Gbps of total bandwidth, which makes the company the biggest public cloud provider from the network bandwidth perspective.
Now digging deeper into service itself, you can start by looking at Azure network connectivity from resilience and security requirements. For load balancing you would consider a couple of different services – Traffic Manager would be appropriate for cross-region availability and Azure Load Balancer for scalability within a single region. And you can make use of Azure Application Gateway for content-based routing, which supports Web application firewall for protection from common Web attacks. Other network services include management of your domain names with Azure DNS Service.
From the virtual resource, or the Azure Virtual Machine connectivity perspective, you would start your network implementation by creating Virtual Network and assigning it to your resource. Azure Virtual Networks allow you to segment your own networking interfaces and IP addresses, and it allows you to control network flows.
When considering IP addressing in Azure, there are two types of IP address that can be used:
- Public IP addresses – used for communicating with the Internet (including Azure public-facing services)
- Private IP addresses – used for communicating within the Azure Virtual Network, Virtual Private Network (VPN) Gateway or Azure Express Route
Some Virtual Machines in Azure support SRIOV (single root input/output virtualization), which allows you to achieve higher network performance from Virtual Machine resources.
I have mentioned briefly VPN gateway and Azure Express Route. These network services are used to link your network infrastructure with Azure. It includes different connectivity options from your premises to Azure – Point-to- site VPN, VPN gateway and Azure Express Route.
Point-to-site VPN is recommended for connectivity testing scenarios, since you would use the site-to-site VPN (with VPN gateway functionality) and Azure Express Route for production. The latter two options differ by the connectivity type used creating the private network. The first uses your Internet to encapsulate communication to Azure; the second relies on your telecom provider and uses Multiprotocol Label Switching (MPLS) network to create a private connection to Azure.
For internal Azure interconnectivity within different Virtual Networks and Azure subscriptions you can use VNET peering.
Keep in mind that there are options for easy third-party integration and software network solutions. These are available through Azure the marketplace.
One final thing worth mentioning – Azure Network supports native IPv6, and this is available globally.
Thank you for your time and please get in touch with questions or for more information.
Laurynas Dovydaitis works as a professional Solution Architect at CSC and helps clients implement complex IT infrastructure solutions. For the last three years he has been focusing deeply on the next generation computing including Cloud and Data Analysis fields and he holds more than a decade of IT-field experience. His passion in the field is recognized by the industry as he is awarded as a Microsoft Most Valuable Professional. Connect with him on LinkedIn.