Uploaded byKAMALKAMALUDIN8
PPTX, PDF51 views

Azure networking components - CLoud Network

azure network

Embed presentation

Download to read offline
Modul 8 Jaringan Virtual Komputasi Awan Bagian 2 Program 1000 Digital Talents Scholarship 2018 Bidang Cloud Computing
PLanning • Overview Virtual Network • Overview IP addressing and name resolution
Requirement planning • What Azure locations will you use to host Vnets? • Do you need to provide communication between these Azure locations? • Do you need to provide communication between your azure Vnet(s) and your on-premises datacenter(s)? • How many Infrastructure as a Service (IaaS) VMs, cloud service roles, and web apps do you need for your solution? • Do you need to isolate traffic based on group of VMs (i.e. Front end web servers and back end database servers)? • Do you need to control trafic flow using virtual appliances? • Do users need different sets of permissions to different Azure resources?
Understanding vNets • vNet – A virtual network is a logical isolation of the Azure cloud dedicated to your subscription. • Isolation • Internet Communication • Azure Communication / Default Routing • Virtual Network Connectvity an Automatic Routing • On Premises Connectivity via VPN • Traffic Filtering via NSG • Routing • A vNet contains at least one subnet
Understanding Subnets • A subnet is a child resource of Vnet, and helps define segments of address spaces within a CIDR block, using IP address prefixes. NICs can be added to subnets, and connected to VMs, providing connectivity for various workloads.
Understanding NSG • List of security rules that can allow or deny. • Can be assosiated with any of • Subnets • Network Interface
VNet design example
Subnet design example
Planning IP address space and subnet allocation Consideration • Choose both private and public non-overlapping address space • Choose subnets: • The first three IP addresses and the last IP address within each subnet are not available for use • In a VNet, the first IP address to bbe allocated by DHCP is the 4th IP address within each subnet • The smallest subnets you can specify use 29-bit subnet masks • use static, private IP addresses (optional) • Keep static and dynamic subnets separate for ease of management • Routing between subnets is automatic
Planning name resolution in Azure virtual networks Scenario Location Name resolution provision Between VMs and IaaS v2 Same VNet Use Azure provided name resolution or bring your own DNS Between role instances or VMs Same Vnet but different cloud service Use your own DNS implementation. For FQDN resolution you can use Azure name resolution for the first 100 cloud servces Between VMs or role instances and on-premises computers Azure VNets and on- premises Use your own DNS server/DNS implementation Between VMs Different VNets Use your own DNS server/DNS implementation Between on-premises computer and public endpoints On-premises to Azure Use Azure external name resolution Reverse lookup or internal IP address Azure VNet Use your own DNS server/DNS implementation
Introducing Azure Networking • A major incentive for adopting cloud solutions such as Azure is to enable information technology (IT) departments to move server resources to the cloud. This can save organizations money, and simplify operations by removing the need to maintain expensive datacenters with uninterruptible power supplies, generators, multiple fail-safes, clustered database servers, and so on. This is particularly advantageous for small and medium-sized companies, which might not have the expertise to maintain their own robust infrastructure. • Once the resources are moved to Azure, they require the same networking functionality as an on-premises deployment, and in specific scenarios require some level of network isolation. Azure networking components offer a range of functionalities and services that can help organizations design and build cloud infrastructure services that meet their requirements.
Azure Networking Components • Virtual networks • IP addresses • Subnets • Network interface card • DNS • Azure load balancer • Application Gateway • Traffic Manager • Network security groups • User Defined Routes • Forced tunneling • Regional virtual networks • Cross-premises network connectivity
Overview of Azure Virtual Network Features
Cross-Premises Network Connectivity To connect to an Azure virtual network from an on-premises network, you can use one of the following methods: • A point-to-site VPN. This is a VPN that connects individual computers to an Azure virtual network. You must create a VPN connection from each on-premises computer that you want to connect to the Azure virtual network. • A site-to-site VPN. This is a VPN that connects an on-premises network and all its computers to an Azure virtual network. To create this connection, you must configure a gateway and IP routing in the on-premises network; it is not necessary to configure individual on-premises computers. • ExpressRoute. An ExpressRoute connection is a dedicated service that does not connect across the Internet. Instead, it uses a private connection to Azure datacenters, provided by a network provider. By using ExpressRoute, you can increase security, reliability, and bandwidth. • You also can create a VPN that connects two Azure virtual networks. This is called a VNet-to-VNet connection.
Connecting to Virtual Networks • Cloud-Only Virtual Networks • Point-to-Site VPNs • Site-to-Site VPNs • ExpressRoute • VNet-to-VNet
IP Addressing in Virtual Networks • IP addresses • Private IP addresses. A private IP address is allocated to a VM dynamically or statically from the defined scope of IP addresses in the virtual network. This address is used by VMs in the virtual network to communicate with other VMs in the same virtual network connected VNets/networks through a gateway/ExpressRoute connection. • Public IP addresses. Public IP addresses allow Azure resources to communicate with external clients, and are assigned directly at the virtual network interface card of the VM or to the load balancer. • IP Addressing in Virtual Networks • 10.x.x.x • 172.16.x.x – 172.31.x.x • 192.168.x.x
Managing and deploying Virtual Networks • Overview of managing and deploying virtual network • Managing virtual network • Deploying virtual network
Common Network Management Tasks • Creating a Virtual Network • Viewing Virtual Networks and Settings • Adding or Removing and Address Space • Adding or Changing a DNS Server • Deleting a Virtual Network
Create a Virtual Network in the Azure Portal • Sign in into the Azure Portal. • In the navigation menu on the left, click New, select Networking, and then click Virtual network. • In the Virtual network blade, verify that Resource Manager deployment model is selected, and then click Create. • In the Create virtual network blade, in the Name text box, type a descriptive name for the virtual network. • In the Address space box, select the IP address range by using Classless Interdomain Routing (CIDR) notation. • In the Subnet name text box, type a descriptive name for the subnet. • In the Subnet address range box, choose the IP address range for the subnet by using CIDR notation. • In the Subscription drop-down list box, select the right Azure subscription in which you want to create a virtual network. • In the Resource group box, either create a new resource group or select an existing one. • In the Location drop-down list box, select a location near your users, and then click the Create button.
Practice create virtual network
Creating a Virtual Network • Name • Address space in CIDR notation excluding the following • 224.0.0.0/4 (Multicast) • 255.255.2555.255/32 (Broadcast) • 127.0.0.0/8 (Loopback) • 169.254.0.0/16 (Link-local) • 168.63.129.16/32 (Internal DNS) • Subnet Name / Address Range • Subcription and Resource Group
View Network Settings • Address Space • Connected Devices • Subnets • DNS Servers • Peerings • Diagram
Creating a Virtual Machine into a Virtual Network • Navigate to the Azure portal and sign in. • Select New. • Select Virtual Machines. • Select Windows Server 2012 R2 Datacenter platform. • Select the Resource Manager deployment model, then Create. • Use the following configuration, substituting your password and Subscription. • Select OK. • Select the DS1_V2 Standard Size. • Then select **OK**. • You can change the storage and network options on the Settings blade. For now, accept the default settings. Then press **OK**. • Select OK.
IP Addressing • Overview • Public and Private IP Addressing • Multiple NICs in Virtual Machines • Network Security Group
Multiple NICs in Virtual Machines
Limitations of Multiple NICs The following limitations are applicable when using the multi NIC feature: • All VMs in an availability set need to use either multi NIC or single NIC. There cannot be a mixture of multi NIC VMs and single NIC VMs within an availability set. Same rules apply for VMs in a cloud service. • A VM with single NIC cannot be configured with multi NICs (and vice- versa) once it is deployed, without deleting and re-creating it.
• https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ sizes-general
Network Security Group • Network Security Groups provide advanced security protection for the VMs that you create using either deployment method. They control inbound and outbound traffic passing through a Network Interface Card (NIC) (Resource Manage deployment model), a VM (classic deployment), or a subnet (both deployment models).
Network Security Group Rules • Name. This is a unique identifier for the rule. • Direction. Direction specifies whether the traffic is inbound or outbound. • Priority. If multiple rules match the traffic, rules with higher priority apply. • Access. Access specifies whether the traffic is allowed or denied. • Source IP address prefix. This identifies from where traffic originates. This prefix can be based on a single IP address, a range of IP addresses in CIDR notation, or the asterisk (*) wildcard character, that must match all possible IP addresses. • Source port range. This specifies source ports by using either a single port number from 1-65535, a range of ports (200-400), or the asterisk (*) wildcard character that denotes all possible ports. • Destination IP address prefix. This identifies the traffic destination based on a single IP address, a range of IP addresses in CIDR notation, or the asterisk (*) wildcard character, that must match all possible IP addresses. • Destination port range. This specifies destination ports by using either a single port number from 1-65535, a range of ports (200-400), or the asterisk (*) wildcard character, that denotes all possible ports. • Protocol. Protocol specifies a protocol that matches the rule. It can be UDP, TCP, or the asterisk (*) wildcard character *.
Planning Network Security Groups Some important things to keep in mind while implementing network security groups include: • By default you can create 5000 NSGs per region per subscription. • You can apply only one NSG to a VM, subnet, or NIC. • By default, you can have up to 1000 rules in a single NSG. You can raise this limit to 500 by contacting Azure support. • You can apply an NSG to multiple resources.
Network Service • Azure DNS • Configuring Load Balancer • Configuring Traffic Manager • Configuring Application Gateway
Azure DNS • With Azure DNS, users can host your DNS domains in Azure and manage users’ DNS records using the same credentials users use for other Azure services • Azure DNS offers basically the same services as GoDaddy or UnitedDomains and other DNS providers.
Azure load balancer • The Azure load balancer is a layer 4 (TCP, UDP) load balancer which distributes incoming traffic among healthy instances of a service or among virtual machines in Azure • The Azure Resource Manager load balancer can distribute traffic that works with public IPs and Azure DNS entry
Basic load balancing mechanism
Configuring Load Balancer
Azure Traffic Manager • The Traffic Manager is a mechanism to distribute incoming traffic among different Azure data centers • Works based on distribution via DNS entries
Configuring Traffic Manager
Azure application gateways • Application gateways currently support layer-7 application delivery for the following application-based load balancing algorithms: • HTTP load balancing • Cookie-based session affinity • Secure Sockets Layer (SSL) offload • URL-based content routing • Multi-site routing • Max 50 application gateways per subscription. Each application gateway can have up to 10 instances each, which makes up to 500 instances depending on the gateway site.
Configuring Application Gateway
The differences between all three load balancers Service Azure load balancer Application gateway Traffic Manager Technology Transport level (OSI layer 4) Application level (OSI layer 7) DNS level Application protocols supported Any HTTP and HTTPS Any (An HTTP/S endpoint is required for endpoint monitoring) Endpoints Azure VMs and cloud services role instances Any Azure internal IP address or public internet IP address Azure VMs, cloud services, Azure web apps and external endpoints VNet support Can be used for both Internet facing and internal (VNet) applications Can be used for both Internet facing and internal (VNet) applications Only supports Internet- facing applications Endpoint monitoring Supported via probes Supported via probes Supported via HTTP/HTTPS GET request
Intersite Connectivity
Akhir Modul 8

More Related Content

PPTX
CC.pptx
byRevathiparamanathan
 
PPTX
CC.pptx
byRevathiparamanathan
 
PDF
Microsoft Azure Virtual Network description
byKamelAbouSaleh1
 
PPTX
Azure virtual network
byLalit Rawat
 
PPTX
Part 01: Azure Virtual Networks – An Overview
byNeeraj Kumar
 
PPTX
Microsoft Azure Ağ Servisleri
byÖnder Değer
 
PPTX
10052016115136.pptx
bydixitgangaiah
 
PPTX
Azure Networking - The First Technical Challenge
byAidan Finn
 
CC.pptx
byRevathiparamanathan
 
CC.pptx
byRevathiparamanathan
 
Microsoft Azure Virtual Network description
byKamelAbouSaleh1
 
Azure virtual network
byLalit Rawat
 
Part 01: Azure Virtual Networks – An Overview
byNeeraj Kumar
 
Microsoft Azure Ağ Servisleri
byÖnder Değer
 
10052016115136.pptx
bydixitgangaiah
 
Azure Networking - The First Technical Challenge
byAidan Finn
 

Similar to Azure networking components - CLoud Network

PPTX
Let's Talk About: Azure Networking
byPedro Sousa
 
PPTX
Azure virtual machine-network
byThi Nguyen Dinh
 
PPTX
Azure Network and Infrastructure
byPhi Huynh
 
PDF
Networking deep dive
byJeroen Niesen
 
PDF
10 Minute Tech Azure Networking Lessons 1 and 2
byTen Minute Tech
 
PDF
Understanding Azure Networking Services
byInCycleSoftware
 
PPTX
Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking
byShawn Ismail
 
PDF
INE-Azure-Fundamentals-Azure-Architecture-Course-File.pdf
byYakirCohen3
 
PDF
SDN in the Public Cloud: Windows Azure
byOpen Networking Summits
 
PPTX
A_Z-_104_T0_0_A-EN_U-Power_Point_04.pptx
byjayshuklatrainer
 
PPTX
Flash card architect network infra in azure
byYoong Seng Lai
 
PPTX
Azure Networking: Innovative Features and Multi-VNet Topologies
byMarius Zaharia
 
PDF
Global Azure Bootcamp 2018 - Azure Network Security
byScott Hoag
 
PPTX
A Deepdive into Azure Networking
byKarim Vaes
 
PPTX
Securely Publishing Azure Services
byBizTalk360
 
PPTX
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
byjayshuklatrainer
 
PPTX
Azure Networking (1).pptx
byRazith2
 
PPTX
azure_fundamentals_5674379643333389633.pptx
bySourjyaBose
 
PDF
Microsoft Azure Hybrid NetWorking principles
byKamelAbouSaleh1
 
PPTX
AZ-900T00A-ENU-PowerPoint-02.pptx
byTheGameSquad
 
Let's Talk About: Azure Networking
byPedro Sousa
 
Azure virtual machine-network
byThi Nguyen Dinh
 
Azure Network and Infrastructure
byPhi Huynh
 
Networking deep dive
byJeroen Niesen
 
10 Minute Tech Azure Networking Lessons 1 and 2
byTen Minute Tech
 
Understanding Azure Networking Services
byInCycleSoftware
 
Exam 70-533 Module 2-Lesson 1 - Overview of Azure networking
byShawn Ismail
 
INE-Azure-Fundamentals-Azure-Architecture-Course-File.pdf
byYakirCohen3
 
SDN in the Public Cloud: Windows Azure
byOpen Networking Summits
 
A_Z-_104_T0_0_A-EN_U-Power_Point_04.pptx
byjayshuklatrainer
 
Flash card architect network infra in azure
byYoong Seng Lai
 
Azure Networking: Innovative Features and Multi-VNet Topologies
byMarius Zaharia
 
Global Azure Bootcamp 2018 - Azure Network Security
byScott Hoag
 
A Deepdive into Azure Networking
byKarim Vaes
 
Securely Publishing Azure Services
byBizTalk360
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
byjayshuklatrainer
 
Azure Networking (1).pptx
byRazith2
 
azure_fundamentals_5674379643333389633.pptx
bySourjyaBose
 
Microsoft Azure Hybrid NetWorking principles
byKamelAbouSaleh1
 
AZ-900T00A-ENU-PowerPoint-02.pptx
byTheGameSquad
 

Recently uploaded

PDF
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
PDF
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
PDF
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
PDF
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
PPTX
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 
PPTX
Presentation4.pptx space it's exploration
byvarung3424
 
PDF
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
PDF
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
PDF
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
PDF
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
PPTX
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
PDF
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
PDF
DNS Principles and Operations - Lecture 01
byInternet Systems Consortium and University of Ostrava
 
PDF
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 
Presentation4.pptx space it's exploration
byvarung3424
 
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
DNS Principles and Operations - Lecture 01
byInternet Systems Consortium and University of Ostrava
 
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 

Azure networking components - CLoud Network

  • 1.
    Modul 8 Jaringan VirtualKomputasi Awan Bagian 2 Program 1000 Digital Talents Scholarship 2018 Bidang Cloud Computing
  • 2.
    PLanning • Overview VirtualNetwork • Overview IP addressing and name resolution
  • 3.
    Requirement planning • WhatAzure locations will you use to host Vnets? • Do you need to provide communication between these Azure locations? • Do you need to provide communication between your azure Vnet(s) and your on-premises datacenter(s)? • How many Infrastructure as a Service (IaaS) VMs, cloud service roles, and web apps do you need for your solution? • Do you need to isolate traffic based on group of VMs (i.e. Front end web servers and back end database servers)? • Do you need to control trafic flow using virtual appliances? • Do users need different sets of permissions to different Azure resources?
  • 4.
    Understanding vNets • vNet– A virtual network is a logical isolation of the Azure cloud dedicated to your subscription. • Isolation • Internet Communication • Azure Communication / Default Routing • Virtual Network Connectvity an Automatic Routing • On Premises Connectivity via VPN • Traffic Filtering via NSG • Routing • A vNet contains at least one subnet
  • 5.
    Understanding Subnets • Asubnet is a child resource of Vnet, and helps define segments of address spaces within a CIDR block, using IP address prefixes. NICs can be added to subnets, and connected to VMs, providing connectivity for various workloads.
  • 6.
    Understanding NSG • Listof security rules that can allow or deny. • Can be assosiated with any of • Subnets • Network Interface
  • 7.
  • 8.
  • 9.
    Planning IP addressspace and subnet allocation Consideration • Choose both private and public non-overlapping address space • Choose subnets: • The first three IP addresses and the last IP address within each subnet are not available for use • In a VNet, the first IP address to bbe allocated by DHCP is the 4th IP address within each subnet • The smallest subnets you can specify use 29-bit subnet masks • use static, private IP addresses (optional) • Keep static and dynamic subnets separate for ease of management • Routing between subnets is automatic
  • 10.
    Planning name resolutionin Azure virtual networks Scenario Location Name resolution provision Between VMs and IaaS v2 Same VNet Use Azure provided name resolution or bring your own DNS Between role instances or VMs Same Vnet but different cloud service Use your own DNS implementation. For FQDN resolution you can use Azure name resolution for the first 100 cloud servces Between VMs or role instances and on-premises computers Azure VNets and on- premises Use your own DNS server/DNS implementation Between VMs Different VNets Use your own DNS server/DNS implementation Between on-premises computer and public endpoints On-premises to Azure Use Azure external name resolution Reverse lookup or internal IP address Azure VNet Use your own DNS server/DNS implementation
  • 11.
    Introducing Azure Networking •A major incentive for adopting cloud solutions such as Azure is to enable information technology (IT) departments to move server resources to the cloud. This can save organizations money, and simplify operations by removing the need to maintain expensive datacenters with uninterruptible power supplies, generators, multiple fail-safes, clustered database servers, and so on. This is particularly advantageous for small and medium-sized companies, which might not have the expertise to maintain their own robust infrastructure. • Once the resources are moved to Azure, they require the same networking functionality as an on-premises deployment, and in specific scenarios require some level of network isolation. Azure networking components offer a range of functionalities and services that can help organizations design and build cloud infrastructure services that meet their requirements.
  • 12.
    Azure Networking Components •Virtual networks • IP addresses • Subnets • Network interface card • DNS • Azure load balancer • Application Gateway • Traffic Manager • Network security groups • User Defined Routes • Forced tunneling • Regional virtual networks • Cross-premises network connectivity
  • 13.
    Overview of AzureVirtual Network Features
  • 14.
    Cross-Premises Network Connectivity Toconnect to an Azure virtual network from an on-premises network, you can use one of the following methods: • A point-to-site VPN. This is a VPN that connects individual computers to an Azure virtual network. You must create a VPN connection from each on-premises computer that you want to connect to the Azure virtual network. • A site-to-site VPN. This is a VPN that connects an on-premises network and all its computers to an Azure virtual network. To create this connection, you must configure a gateway and IP routing in the on-premises network; it is not necessary to configure individual on-premises computers. • ExpressRoute. An ExpressRoute connection is a dedicated service that does not connect across the Internet. Instead, it uses a private connection to Azure datacenters, provided by a network provider. By using ExpressRoute, you can increase security, reliability, and bandwidth. • You also can create a VPN that connects two Azure virtual networks. This is called a VNet-to-VNet connection.
  • 15.
    Connecting to VirtualNetworks • Cloud-Only Virtual Networks • Point-to-Site VPNs • Site-to-Site VPNs • ExpressRoute • VNet-to-VNet
  • 16.
    IP Addressing inVirtual Networks • IP addresses • Private IP addresses. A private IP address is allocated to a VM dynamically or statically from the defined scope of IP addresses in the virtual network. This address is used by VMs in the virtual network to communicate with other VMs in the same virtual network connected VNets/networks through a gateway/ExpressRoute connection. • Public IP addresses. Public IP addresses allow Azure resources to communicate with external clients, and are assigned directly at the virtual network interface card of the VM or to the load balancer. • IP Addressing in Virtual Networks • 10.x.x.x • 172.16.x.x – 172.31.x.x • 192.168.x.x
  • 17.
    Managing and deployingVirtual Networks • Overview of managing and deploying virtual network • Managing virtual network • Deploying virtual network
  • 18.
    Common Network ManagementTasks • Creating a Virtual Network • Viewing Virtual Networks and Settings • Adding or Removing and Address Space • Adding or Changing a DNS Server • Deleting a Virtual Network
  • 19.
    Create a VirtualNetwork in the Azure Portal • Sign in into the Azure Portal. • In the navigation menu on the left, click New, select Networking, and then click Virtual network. • In the Virtual network blade, verify that Resource Manager deployment model is selected, and then click Create. • In the Create virtual network blade, in the Name text box, type a descriptive name for the virtual network. • In the Address space box, select the IP address range by using Classless Interdomain Routing (CIDR) notation. • In the Subnet name text box, type a descriptive name for the subnet. • In the Subnet address range box, choose the IP address range for the subnet by using CIDR notation. • In the Subscription drop-down list box, select the right Azure subscription in which you want to create a virtual network. • In the Resource group box, either create a new resource group or select an existing one. • In the Location drop-down list box, select a location near your users, and then click the Create button.
  • 20.
  • 21.
    Creating a VirtualNetwork • Name • Address space in CIDR notation excluding the following • 224.0.0.0/4 (Multicast) • 255.255.2555.255/32 (Broadcast) • 127.0.0.0/8 (Loopback) • 169.254.0.0/16 (Link-local) • 168.63.129.16/32 (Internal DNS) • Subnet Name / Address Range • Subcription and Resource Group
  • 22.
    View Network Settings •Address Space • Connected Devices • Subnets • DNS Servers • Peerings • Diagram
  • 23.
    Creating a VirtualMachine into a Virtual Network • Navigate to the Azure portal and sign in. • Select New. • Select Virtual Machines. • Select Windows Server 2012 R2 Datacenter platform. • Select the Resource Manager deployment model, then Create. • Use the following configuration, substituting your password and Subscription. • Select OK. • Select the DS1_V2 Standard Size. • Then select **OK**. • You can change the storage and network options on the Settings blade. For now, accept the default settings. Then press **OK**. • Select OK.
  • 24.
    IP Addressing • Overview •Public and Private IP Addressing • Multiple NICs in Virtual Machines • Network Security Group
  • 28.
    Multiple NICs inVirtual Machines
  • 29.
    Limitations of MultipleNICs The following limitations are applicable when using the multi NIC feature: • All VMs in an availability set need to use either multi NIC or single NIC. There cannot be a mixture of multi NIC VMs and single NIC VMs within an availability set. Same rules apply for VMs in a cloud service. • A VM with single NIC cannot be configured with multi NICs (and vice- versa) once it is deployed, without deleting and re-creating it.
  • 30.
  • 32.
    Network Security Group •Network Security Groups provide advanced security protection for the VMs that you create using either deployment method. They control inbound and outbound traffic passing through a Network Interface Card (NIC) (Resource Manage deployment model), a VM (classic deployment), or a subnet (both deployment models).
  • 33.
    Network Security GroupRules • Name. This is a unique identifier for the rule. • Direction. Direction specifies whether the traffic is inbound or outbound. • Priority. If multiple rules match the traffic, rules with higher priority apply. • Access. Access specifies whether the traffic is allowed or denied. • Source IP address prefix. This identifies from where traffic originates. This prefix can be based on a single IP address, a range of IP addresses in CIDR notation, or the asterisk (*) wildcard character, that must match all possible IP addresses. • Source port range. This specifies source ports by using either a single port number from 1-65535, a range of ports (200-400), or the asterisk (*) wildcard character that denotes all possible ports. • Destination IP address prefix. This identifies the traffic destination based on a single IP address, a range of IP addresses in CIDR notation, or the asterisk (*) wildcard character, that must match all possible IP addresses. • Destination port range. This specifies destination ports by using either a single port number from 1-65535, a range of ports (200-400), or the asterisk (*) wildcard character, that denotes all possible ports. • Protocol. Protocol specifies a protocol that matches the rule. It can be UDP, TCP, or the asterisk (*) wildcard character *.
  • 34.
    Planning Network SecurityGroups Some important things to keep in mind while implementing network security groups include: • By default you can create 5000 NSGs per region per subscription. • You can apply only one NSG to a VM, subnet, or NIC. • By default, you can have up to 1000 rules in a single NSG. You can raise this limit to 500 by contacting Azure support. • You can apply an NSG to multiple resources.
  • 38.
    Network Service • AzureDNS • Configuring Load Balancer • Configuring Traffic Manager • Configuring Application Gateway
  • 39.
    Azure DNS • WithAzure DNS, users can host your DNS domains in Azure and manage users’ DNS records using the same credentials users use for other Azure services • Azure DNS offers basically the same services as GoDaddy or UnitedDomains and other DNS providers.
  • 41.
    Azure load balancer •The Azure load balancer is a layer 4 (TCP, UDP) load balancer which distributes incoming traffic among healthy instances of a service or among virtual machines in Azure • The Azure Resource Manager load balancer can distribute traffic that works with public IPs and Azure DNS entry
  • 42.
  • 43.
  • 44.
    Azure Traffic Manager •The Traffic Manager is a mechanism to distribute incoming traffic among different Azure data centers • Works based on distribution via DNS entries
  • 45.
  • 46.
    Azure application gateways •Application gateways currently support layer-7 application delivery for the following application-based load balancing algorithms: • HTTP load balancing • Cookie-based session affinity • Secure Sockets Layer (SSL) offload • URL-based content routing • Multi-site routing • Max 50 application gateways per subscription. Each application gateway can have up to 10 instances each, which makes up to 500 instances depending on the gateway site.
  • 47.
  • 48.
    The differences betweenall three load balancers Service Azure load balancer Application gateway Traffic Manager Technology Transport level (OSI layer 4) Application level (OSI layer 7) DNS level Application protocols supported Any HTTP and HTTPS Any (An HTTP/S endpoint is required for endpoint monitoring) Endpoints Azure VMs and cloud services role instances Any Azure internal IP address or public internet IP address Azure VMs, cloud services, Azure web apps and external endpoints VNet support Can be used for both Internet facing and internal (VNet) applications Can be used for both Internet facing and internal (VNet) applications Only supports Internet- facing applications Endpoint monitoring Supported via probes Supported via probes Supported via HTTP/HTTPS GET request
  • 49.
  • 51.

Editor's Notes

  • #3 Lokasi Azure apa yang akan Anda gunakan untuk meng-host Vnets? Apakah Anda perlu menyediakan komunikasi antara lokasi Azure ini? Apakah Anda perlu menyediakan komunikasi antara Vnet biru Anda (s) dan datacenter lokal Anda? Berapa banyak Infrastruktur sebagai Layanan (IaaS) VM, peran layanan cloud, dan aplikasi web yang Anda perlukan untuk solusi Anda? Apakah Anda perlu mengisolasi trafik berdasarkan grup VM (yaitu server web front end dan server database back end)? Apakah Anda perlu mengontrol aliran trafik menggunakan peralatan virtual? Apakah pengguna memerlukan set izin yang berbeda untuk sumber daya Azure yang berbeda?
  • #4 A VNet is a logical representation of your environment stored in Azure. vNet - Jaringan virtual adalah isolasi logis dari cloud Azure yang didedikasikan untuk langganan Anda. Isolasi Komunikasi Internet Azure Communication / Routing Default Virtual Network Connectvity merupakan Routing Otomatis On Premises Connectivity melalui VPN Pemfilteran Lalu Lintas melalui NSG Rute Sebuah vNet berisi setidaknya satu subnet
  • #6 Subnet adalah sumber daya anak dari Vnet, dan membantu menentukan segmen ruang alamat dalam blok CIDR, menggunakan awalan alamat IP. NIC dapat ditambahkan ke subnet, dan terhubung ke VM, menyediakan konektivitas untuk berbagai beban kerja.
  • #16 Azure virtual networks define an organization’s network in the cloud, where the administrators can have full control over IP address assignments, name resolution, security settings, and routing rules. The next few units in this module will provide a broad topology of Azure Networking features to lay the groundwork for deeper dives later in the course.
  • #18 https://courses.edx.org/courses/course-v1:Microsoft+AZURE203x+3T2018/courseware/a9524600-7249-3334-a038-6d4b86806225/fc85a06f-c479-cac6-b268-ab5ff31317ba/2
  • #19 The allocation method of these IP addresses is dynamic by using Azure-provided Dynamic Host Configuration Protocol (DHCP). An IP address that is allocated by DHCP has infinite duration and is released only if you deallocate (stop) the VM. You can configure static private IP addresses from the range of IP addresses defined within the virtual network, which will be reserved for specific VMs.
  • #34 https://www.youtube.com/watch?v=hEpW6-TmdXk
  • #38 https://www.youtube.com/watch?v=jt-F5UMM318
  • #43 https://www.youtube.com/watch?v=rF5ydqr8yIE
  • #46 https://www.youtube.com/watch?v=CRbQPLl7M0Y
  • #50 https://www.youtube.com/watch?v=OqlYPISu_Pk
  • #53 https://www.youtube.com/watch?v=4dRiliE_vnQ