Azure Networking can be broken in 4 categories;
Networking – Connectivity
Items under this category are;
a) Virtual Network (VNet)
These are cables, routers, switches in a physical network. In Azure, these are software services and it’s called Virtual Network because it’s all database entries. Microsoft has their own physical devices and they are not plugging/unplugging base of our commands.
b) Virtual WAN
Wide area Networks allow offices to connect to each other being Azure as the middleman.
c) Express Route
Express route is the fastest way to connec over the internet. It cost more but its encrypted and fast.
e) VPN Gateway
If Express route is not an option, then traditional VPN can be used. Their are point to site and site to site VPN. Helps to connect office computer to Azure network securely.
f) Azure DNS
Public and private domain can be managed in the name server in Azure.
g) Peering
Peering is a way for connecting multiple virtual networks together. This help to communicate one region service to a different region. By default, these services are cut off. You will need to configure these.
h) Bastion
This allows you to remote into a server without opening any ports. It’s a more secure version of RDP.
Networking – Security
To restrict unauthorized access, Items under this category are;
a) Network Security groups (NSG)
Very simple Access Control List Style e.g. We can restrict certain IP addresses to connect to Database or VM.
b) Azure Private Link
c) DDoS Protection
e) Azure Firewall
f) Web Application Firewall (WAF)
This can prevent cross site scripting or SQL injection attacks.
g) Virtual Network Endpoints
Networking – Delivery
This is traffic shaping and load balancing. Items under this category are;
a) CDN
b) Azure Front Door
Global load-balancer
c) Traffic Manager
d) Application Gateway
Application level load balancer – This is software level-6 gateway.
e) Load Balancer
Transport level load balancer – This is hardware level-4 device.
Networking – Monitoring
Debug problems, Investigate traffic issues. Items under this list are;
a) Network Watcher
b) ExpressRoute Monitor
c) Azure Monitor
d) VNet Terminal Access Point