Azure Networking Services

The networking services in Azure provide various networking capabilities that can be used together or separately. Select any of the following key capabilities to learn more about them:

• Connectivity services: Connect Azure resources and on-premises resources using any or a combination of these networking services in Azure - Virtual Network Virtual WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, and Peering service, Azure Virtual Network Manager, Route Server, and Azure Bastion.
• Application Protection Services: Protect your applications using any or a combination of these networking services in Azure - Load Balancer, Private Link, DDoS protection, Firewall, Network Security Groups, Web Application Firewall, and Virtual Network Endpoints.
• Application Delivery Services: Deliver applications in the Azure network using any or a combination of these networking services in Azure - Content Delivery Network (CDN), Azure Front Door Service, Traffic Manager, Application Gateway, Internet Analyser, and Load Balancer.
• Network Monitoring: Monitor your network resources using any or a combination of these networking services in Azure - Network Watcher, ExpressRoute Monitor, Azure Monitor, or VNet Terminal Access Point (TAP).

?

Azure Virtual Network (VNet): An Azure VNet is an isolated network within the Azure cloud that enables enterprises to securely connect network resource, such as VMs. Enterprises use the service to set up and manage virtual private networks and can create multiple VNets within an Azure subscription or region. Enterprises can choose to connect VNets so resources within separate VNets can communicate. They can also set up private network connections between on premises and Azure.

·???????? Address Space: When you create a VNet, you define an address space using private IP address ranges. This address space is used to assign IP addresses to the resources deployed within the VNet. It can be subdivided into multiple subnets to organize resources further.

·???????? Subnets: Within a VNet, you can create one or more subnets to logically partition the address space. Subnets help in organizing resources and applying network security controls at a more granular level.

·???????? Network Security Groups (NSG): NSGs are used to filter network traffic to and from resources in a VNet. They allow you to define rules that permit or deny traffic based on source IP, destination IP, port, and protocol. NSGs are applied at the subnet level.

·???????? Virtual Network Peering: Virtual network peering allows VNets to be connected directly, enabling resources in one VNet to communicate with resources in another VNet. This communication is seamless and does not require traffic to flow through a gateway.

Azure Express Route :?ExpressRoute is an Azure networking service that privately connects an enterprise's on-premises infrastructure to the Microsoft public cloud via a third-party connectivity provider. Because the connection is private, it offers lower latency and greater reliability than the public internet. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.

·???????? Private Connectivity: ExpressRoute provides a private, dedicated connection between your on-premises network and Azure, avoiding the public internet. This can improve security and performance, especially for sensitive data and critical applications.

·???????? High Bandwidth: ExpressRoute connections offer higher bandwidth options compared to typical internet connections. This makes it suitable for scenarios where large amounts of data need to be transferred between your on-premises environment and Azure, such as data migration, backup, or disaster recovery.

·???????? Network Redundancy: ExpressRoute supports the creation of redundant connections for enhanced resilience. If one connection goes down, traffic is automatically rerouted through the redundant connection.

Azure Virtual Private Network Gateway:?VPN Gateway is a network gateway service that enables encrypted traffic to travel across multiple types of virtual networks or sites over the internet. IT teams must pick the right VPN cross-premises connection options to best suit their needs, such as Site-to-Site, Point-to-Site, VNet-to-VNet, Multi-Site and Azure ExpressRoute.

·???????? VPN Protocols: Azure VPN Gateway supports multiple VPN protocols, including Point-to-Site (P2S) VPN, Site-to-Site (S2S) VPN, and Multi-Site VPN. These protocols enable different types of connectivity scenarios.

·???????? Point-to-Site (P2S) VPN: P2S VPN allows individual devices to connect to an Azure VNet over a secure VPN connection. This is useful for remote workers or small branch offices that need secure access to resources in the Azure cloud.

·???????? Site-to-Site (S2S) VPN: S2S VPN enables secure communication between an on-premises network and an Azure VNet. This is often used in hybrid cloud scenarios where organizations want to extend their on-premises network to Azure. It establishes a secure and encrypted tunnel over the interne

?

Azure DNS: Azure DNS is a cloud-based Domain Name System (DNS) service provided by Microsoft Azure. DNS is a fundamental component of the internet that translates human-readable domain names into IP addresses that computers use to identify each other on the network. Azure DNS allows you to host your DNS domains and manage the DNS records for your applications in the Azure cloud.

·???????? Domain Hosting: Azure DNS allows you to host your domain names in Azure. You can either transfer an existing domain to Azure or register a new domain directly within the Azure portal.

·???????? Integration with Azure Services: Azure DNS integrates seamlessly with other Azure services, making it easier to manage DNS records for various Azure resources such as Virtual Machines, Web Apps, and more.

·???????? Private DNS Zones: Azure DNS allows you to create private DNS zones for name resolution within a Virtual Network. This is useful for scenarios where you want to resolve names privately within your network without exposing them to the public internet.

?

Azure Bastion: Azure Bastion is a service in Microsoft Azure that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) connectivity to your virtual machines (VMs) directly through the Azure portal. Traditionally, accessing VMs in the Azure cloud required opening specific ports on the VMs and managing public/private key pairs, which could introduce security risks and complexity. Azure Bastion simplifies and strengthens this remote access process.

·???????? Secure Remote Access: Azure Bastion provides a secure way to connect to your VMs in Azure without exposing them to the public internet. It reduces the attack surface by eliminating the need to expose RDP or SSH ports on the VMs.

·???????? Multi-Factor Authentication (MFA) Support: Azure Bastion integrates with Azure Active Directory, allowing you to enforce multi-factor authentication for enhanced security during the remote access process.

·???????? Role-Based Access Control (RBAC): Azure Bastion supports RBAC, enabling you to control who has access to Azure Bastion and which VMs they can connect to. This helps in enforcing the principle of least privilege

·???????? Network Integration: Azure Bastion is integrated with Azure Virtual Network, and it does not require any additional agents or software on the VMs. This simplifies the deployment and management of the remote access solution.