7

Connectivity and Network Services on Azure

 2 years ago
source link: https://microsoftgeek.com/?p=3269
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client



Azure-Bastion-architecture-from-MS-docs.png

In this article, we will talk about the different network services offered by Azure to manage our resources and connect to them from a remote site (On-Promise) or via the Internet.

Azure VNet (Virtual Network)

VNet is the fundamental block of our virtual private network on Azure. It will allow us to securely communicate our Azure resources (VM..etc) with each other, reach them from the internet but also from our On-Premise sites.

In our example, the creation of the virtual network is done by the Azure administration console during creation, you must specify a custom private IP address space using public and private addresses. Your resources automatically retrieve a private IP on the network you chose when it was created. For example, if you deploy a VM in a VNet with an address space, 10.0.0.0/16, the VM will be assigned a private IP like 10.0.0.4.

We will see together the different steps for creating a VNet:

image-12.png

Creating a VNet from the Azure Console

A VNet has a number of limitations, such as the number of Private IP addresses available. Indeed, it is not possible to have “only” 65535 addresses, that is to say a /16 in CIDR notation, in a VNet. Azure offers the 10.0.0.0/16 network by default, which can go up to 65535 IPs with the 10.0.0.0/24 subnet. Pay attention to the subnet in Azure which consumes not 2 (Network address & broadcast address) but 5 IPs.

You have the option to change your virtual network and your subnets as well, be careful not to overlap the networks with each other.

image-13.png

VNet IP Setup

In the security part, you will have to choose if you want to have a Windows server called Bastion. This server will allow you to strengthen the security on your  Azure infrastructure because  it is the only one to have a  public IP  and from the latter  you will be able to  reach your resources in  SSH / RDP. DDos  protection   against denial of service attacks and enabling the   Azure firewall option for your network.

image-14.png

VNet security configuration

Conclusion

In this article, we explored the creation of a VNet and the options/limitations of this Azure service which is fundamental before creating a resource on Azure.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK