MOVE: How to design your network for the Microsoft cloud

As you migrate your applications to the cloud, it’s also a great opportunity to re-design your network with current best practices for performance and security. In this post, we give you an overview of the many Azure technologies that make it easier to set up an effective, secure network. Specifically, we talk about how to:

  • Design network topologies with the right connectivity for application access and internal traffic
  • Create hybrid networks to connect on-premises and Azure-based resources
  • Route traffic for scale, resilience, and high availability
  • Secure your network against outside threats
  • Monitor and troubleshoot networking issues

Setting up virtual networks

Virtual networks are the most basic resource in Azure, and you have all kinds of flexible options for how to set these up. Some examples:

  • Use virtual networks to create a dedicated, private network in the cloud
  • Give your resources (like Azure virtual machines) their own private IP addresses
  • Divide each virtual network into subnets and connect them all together using VPN or peering connections
  • Configure user-defined routes and network security groups, which help you control traffic in, out, and between subnets
  • Create a public IP address to support inbound traffic

Balancing your network load

There are three ways to set up load-balancing in Azure. As you design your network, you should understand all three and decide which one fits best with your scenario.

  • Azure Load Balancer distributes incoming traffic among healthy virtual machines or other services
  • Azure Application Gateway offers security and routing features like firewalls and SSL
  • Azure Traffic Manager is a DNS-based global traffic management service that directs traffic between endpoints in different Azure regions or with non-Azure endpoints

Be sure to also check out the Azure Marketplace, which has many other third-party solutions that can help in this area.

Using DNS services

Azure also supports many DNS services and features, which you can use for both public and internal applications. For example, you can:

Monitoring and troubleshooting

You can take advantage of several built-in Azure tools to monitor and troubleshoot your network. Examples:

  • DDoS Protection gives you always-on traffic monitoring and real-time mitigation against common attacks
  • Network Watcher is a central hub to view network settings and investigate issues

Setting up hybrid networking

Azure makes it easy to connect your cloud and on-premises resources. There are two key ways to set up hybrid connections in Azure: VPN and ExpressRoute.

Option 1: Virtual private networks

Azure supports two types of virtual private networks (VPNs):

Option 2: ExpressRoute

With ExpressRoute, you can extend your on-premises network into the Microsoft cloud on a private connection. That way, all traffic flows over this private connection, not over the public internet. As such, ExpressRoute connections offer higher performance and reliability when compared to VPN connection. Plus, you can connect to more Microsoft cloud services, including Office 365.

Get started

Need help designing your network for the Microsoft cloud? We at Binary Tree are standing by. We’re exclusively focused on helping enterprises around the world plan, move, and manage their way to the Microsoft cloud. To get started, get in touch.


Source: Microsoft. Cloud Migration and Modernization Playbook. 2018.