The Detailed Insights about Azure networking

The Detailed Insights about Azure networking 

Azure networking – No cloud infrastructure can function without networking, which can make or break a cloud deployment. IT teams need to make resources and performance work in harmony. Therefore, the organization needs to have a coherent and strong network architecture. 

Microsoft Azure Networking provides several advantages to connecting and managing the cloud securely and efficiently. Azure networking owing to its diverse network capabilities offers users a smooth experience by linking the cloud with the on-site services and infrastructure. Since it is built on one of the most extensive fibre networks, it can support many types of hybrid and cloud-focused strategies. Connectivity and performance levels are directly positively impacted as a result.  

Azure Managed Service Providers helps any organization to utilize the azure environment at its best. 

AZURE NETWORKING CAPABILITIES 

Azure ExpressRoute 

For a faster and private connection to Azure with lower latency and reliable speed, trust Azure ExpressRoute. It does not bypass the public network but connects directly to the WAN and on-premise network with the global network of Microsoft.  

This integration alternative gives the most significant cost benefits. The connections enable access to MS cloud services like MS Azure and MS Office 365 service.  

Content Delivery Network 

Making use of the server closest to the user, the Azure Content Delivery Network sends high-bandwidth content like media files and pictures to customers faster and more efficiently. As a result, significant traffic is served through CDNs like popular sites like Amazon, Netflix and Facebook. The analytics capabilities help with getting better insights about the workflows by tracking the content.  

Virtual Networks or VNets 

This alternative helps Azure resources to connect the internet and on-premise resources and networks. A secure and reliable environment is therefore created for the applications in a way that can be controlled by professionals. VNets can also be used for the following: 

● Creating a dedicated and private cloud-only VNet. This allows services within the network to communicate in the cloud. 

● Extending a secure data centre by building conventional S2S (site-to-site) VPNs to scale the capacity.  

● Use the hybrid cloud to connect cloud-based applications to on-premise systems.  

Azure Bastion 

This fully managed PaaS service offers reliable and uncomplicated remote desktop access to virtual machines through the Azure platform. There is no hassle of managing network security policies.  

Azure DNS 

This is a hosting service for DNS domains, facilitating name resolution using Microsoft Azure infrastructure. DNS records can be managed using the same credentials and tools as other Azure services.  

Azure Front Door 

This is a scalable service for protecting applications that run on the web and makes a secure entry point for delivery. The azure front door is a control mechanism to manage web traffic and extracts actionable learnings about the users and back ends.  

Traffic Manager 

Azure Traffic Manager is a load-balancer based on DNS-based capabilities, which enables users to distribute the traffic optimally across different global regions managed by Azure. It also helps to do the same while providing responsiveness and availability. Traffic manager provides a variety of routing methods such as weighted, priority, multi-value or subnet.  

Application Gateway 

This is a web traffic load balancer that helps manage traffic to web applications. It offers 7-layer functionality for web applications.  

Load balancer 

Customer experience transforms dramatically with load balancers. This high-performance layer 4 load-balancing application delivers network performance to applications. It helps integrate virtual machines and cloud services.  

Web application firewall 

This cloud-native software operates through a set of policies that protect the applications from cyberattacks and vulnerabilities caused by the injection and cross-site scripting. It is available as both an appliance and a plugin.  

COMPONENTS INVOLVED IN AZURE NETWORKING SETUP 

● Virtual Network Gateway: Virtual Network Gateway enables connectivity between the subnet and other networks, including VPNs. They facilitate the following: 

– Communication between Azure resources: Virtual Messengers and other types of Azure resources can be used to make Azure resources communicate with one another.  

– Communicate with each other: VPNs can communicate by connecting the resources in the virtual networks. This is termed virtual network peering.  

– Communicate to the internet: By default, all resources of the VNet can communicate with the internet. A public IP address or a load balancer can be used to facilitate inbound communication between the VNet resources and the internet.  

– Communicating with on-premise networks and devices: VPN Gateway or ExpressRoute can be used to link the VNet resources with the devices and networks on the office premises. 

● Local Network Gateway: This is a representation of the customers’ gateway on the other terminal of the network.  

● Border Gateway Protocol: BGP is a mechanism for connecting the on-site routes efficiently to ensure that the protocol communicates the route dynamically.  

 
 

 

What is GEEK

Buddha Community

Azure Series #1: Security Layer — 2. Network — Protection

Protection:

Web Application Firewall:

Azure Web Application Firewall (WAF) provides centralized protection on the Azure Application gateway. The attackers who try to get into the web servers and tries to disrupt the services are protected via WAF. The attacks and vulnerabilities include SQL Injection, cross-site scripting, etc. The interesting part is, WAF automatically updates to include protection against any new vulnerabilities with no configuration needed at all.

Key Benefits:

1. Protection
2. Monitoring
3. Customization

Key Features:

• Vulnerabilities / Attacks: SQL-Injection protection & Cross-site protection, HTTP request smuggling, HTTP response splitting and remote file inclusion, HTTP Protocol violations, HTTP protocol anomalies, crawlers, and scanners.
• Mis-Config: Protection against misconfiguration in web servers, incorrect size limits.
• Filters: Geo-filter traffic, block or open certain countries/regions for your organization’s applications.
• Rules: create WAF policies to enable WAF for your application.

Azure Firewall:

While WAF is for Application security, you need a security and protection layer that is for the Network, which is taken care of by Azure Firewall — it is a cloud-based network security service that protects your organization’s Azure Virtual Network Resources. It is fully stateful in the sense that inbound requests trace outbound responses. Across your organization’s subscription and virtual networks, you can enforce, create and log application and network connectivity policies. It uses Static IP for your virtual network sources allowing outside firewalls to identify traffic from the virtual network and is fully integrated for Azure monitor for logging and analytics.

#azure-interview #azure-security #azure series #azure #network #protection

Learn NoSQL in Azure: Diving Deeper into Azure Cosmos DB

This article is a part of the series – Learn NoSQL in Azure where we explore Azure Cosmos DB as a part of the non-relational database system used widely for a variety of applications. Azure Cosmos DB is a part of Microsoft’s serverless databases on Azure which is highly scalable and distributed across all locations that run on Azure. It is offered as a platform as a service (PAAS) from Azure and you can develop databases that have a very high throughput and very low latency. Using Azure Cosmos DB, customers can replicate their data across multiple locations across the globe and also across multiple locations within the same region. This makes Cosmos DB a highly available database service with almost 99.999% availability for reads and writes for multi-region modes and almost 99.99% availability for single-region modes.

In this article, we will focus more on how Azure Cosmos DB works behind the scenes and how can you get started with it using the Azure Portal. We will also explore how Cosmos DB is priced and understand the pricing model in detail.

How Azure Cosmos DB works

As already mentioned, Azure Cosmos DB is a multi-modal NoSQL database service that is geographically distributed across multiple Azure locations. This helps customers to deploy the databases across multiple locations around the globe. This is beneficial as it helps to reduce the read latency when the users use the application.

As you can see in the figure above, Azure Cosmos DB is distributed across the globe. Let’s suppose you have a web application that is hosted in India. In that case, the NoSQL database in India will be considered as the master database for writes and all the other databases can be considered as a read replicas. Whenever new data is generated, it is written to the database in India first and then it is synchronized with the other databases.

Consistency Levels

While maintaining data over multiple regions, the most common challenge is the latency as when the data is made available to the other databases. For example, when data is written to the database in India, users from India will be able to see that data sooner than users from the US. This is due to the latency in synchronization between the two regions. In order to overcome this, there are a few modes that customers can choose from and define how often or how soon they want their data to be made available in the other regions. Azure Cosmos DB offers five levels of consistency which are as follows:

• Strong
• Bounded staleness
• Session
• Consistent prefix
• Eventual

In most common NoSQL databases, there are only two levels – Strong and Eventual. Strong being the most consistent level while Eventual is the least. However, as we move from Strong to Eventual, consistency decreases but availability and throughput increase. This is a trade-off that customers need to decide based on the criticality of their applications. If you want to read in more detail about the consistency levels, the official guide from Microsoft is the easiest to understand. You can refer to it here.

Azure Cosmos DB Pricing Model

Now that we have some idea about working with the NoSQL database – Azure Cosmos DB on Azure, let us try to understand how the database is priced. In order to work with any cloud-based services, it is essential that you have a sound knowledge of how the services are charged, otherwise, you might end up paying something much higher than your expectations.

If you browse to the pricing page of Azure Cosmos DB, you can see that there are two modes in which the database services are billed.

• Database Operations – Whenever you execute or run queries against your NoSQL database, there are some resources being used. Azure terms these usages in terms of Request Units or RU. The amount of RU consumed per second is aggregated and billed
• Consumed Storage – As you start storing data in your database, it will take up some space in order to store that data. This storage is billed per the standard SSD-based storage across any Azure locations globally

Let’s learn about this in more detail.

#azure #azure cosmos db #nosql #azure #nosql in azure #azure cosmos db

How to set up Azure Data Sync between Azure SQL databases and on-premises SQL Server

In this article, you learn how to set up Azure Data Sync services. In addition, you will also learn how to create and set up a data sync group between Azure SQL database and on-premises SQL Server.

In this article, you will see:

• Overview of Azure SQL Data Sync feature
• Discuss key components
• Comparison between Azure SQL Data sync with the other Azure Data option
• Setup Azure SQL Data Sync
• More…

Azure Data Sync

Azure Data Sync —a synchronization service set up on an Azure SQL Database. This service synchronizes the data across multiple SQL databases. You can set up bi-directional data synchronization where data ingest and egest process happens between the SQL databases—It can be between Azure SQL database and on-premises and/or within the cloud Azure SQL database. At this moment, the only limitation is that it will not support Azure SQL Managed Instance.

#azure #sql azure #azure sql #azure data sync #azure sql #sql server

Using Azure Purview to analyze Metadata Insights

In this article, we will learn how to explore the metadata registered in Azure Purview as well as learn how to analyze the metadata insights using the Purview Studio tool.

Introduction

In any large-scale IT ecosystem composed of tens of data sources and thousands of database objects, managing metadata becomes very vital for an organization to keep the structure of metadata as well as governance on data in check. In my previous articles, we learned about Azure Purview where we understood the overview, features, functionality, aspects, user-interface of the Purview Dashboard, and administration of Purview by different user-persons using Purview Studio, as well as registering data sources and scanning database objects using Purview to extract the metadata information from the data repositories and registering it with Azure Purview service. Once the metadata information starts flowing into Purview, the metadata catalog is created, and it keeps evolving. As the metadata catalog keeps evolving, Purview generates metadata insights that enable a data steward or similar personas to curate the metadata. At the same time using these insights, the end-user persona can also consume the metadata effectively, which is generally the first step before the end-user figures out the metadata objects from which one may want to consume the data. Let’s go ahead and explore metadata registered in purview and also analyze the metadata insights using the Purview Studio tool.

Pre-requisites

In the previous articles on Azure Purview, we covered how to create a new purview account, navigate the purview studio tool, register new data sources as well as scan these data sources, and extract metadata information that would be registered in purview. It is assumed that this setup is already in place and at least one scan has been performed on one registered data source. In this case, we have scanned an Azure SQL Database instance with the sample data that Azure provides out-of-box. A successful scan of any given data source registered with Azure purview would look as shown below.

Azure Purview Insights

Once the metadata has been created, an easy way to get the first glimpse of the metadata summary is shown in the scan status where it shows the total number of classified assets as well as the total number of discovered assets. We intend to explore more details about the outcomes from the scan. Navigate back to the data source which we would have scanned, and it would look as shown below. It shows an overview of the data source where it details the number of scans performed on the data source, the status of each scan, and summary statistics of the assets that are part of this data source.

There can be multiple assets that may have different assets under them. To find all such data sources that may be registered and cataloged in Azure purview, one can navigate to the Assets section, where it would show all such data sources as shown below.

#azure #sql azure #azure #azure purview

Getting Started With Azure Event Grid Viewer

In the last article, we had a look at how to start with Azure DevOps: Getting Started With Audit Streaming With Event Grid

In the article, we will go to the next step to create a subscription and use webhook event handlers to view those logs in our Azure web application.

#cloud #tutorial #azure #event driven architecture #realtime #signalr #webhook #azure web services #azure event grid #azure #azure event grid #serverless architecture #application integration