MOVE: How to design your network for the Microsoft cloudSeptember 26, 2018
As you migrate your applications to the cloud, it’s also a great opportunity to re-design your network with current best practices for performance and security. In this post, we give you an overview of the many Azure technologies that make it easier to set up an effective, secure network. Specifically, we talk about how to:
- Design network topologies with the right connectivity for application access and internal traffic
- Create hybrid networks to connect on-premises and Azure-based resources
- Route traffic for scale, resilience, and high availability
- Secure your network against outside threats
- Monitor and troubleshoot networking issues
Setting up virtual networks
Virtual networks are the most basic resource in Azure, and you have all kinds of flexible options for how to set these up. Some examples:
- Use virtual networks to create a dedicated, private network in the cloud
- Give your resources (like Azure virtual machines) their own private IP addresses
- Divide each virtual network into subnets and connect them all together using VPN or peering connections
- Configure user-defined routes and network security groups, which help you control traffic in, out, and between subnets
- Create a public IP address to support inbound traffic
Balancing your network load
There are three ways to set up load-balancing in Azure. As you design your network, you should understand all three and decide which one fits best with your scenario.
- Azure Load Balancer distributes incoming traffic among healthy virtual machines or other services
- Azure Application Gateway offers security and routing features like firewalls and SSL
- Azure Traffic Manager is a DNS-based global traffic management service that directs traffic between endpoints in different Azure regions or with non-Azure endpoints
Be sure to also check out the Azure Marketplace, which has many other third-party solutions that can help in this area.
Using DNS services
Azure also supports many DNS services and features, which you can use for both public and internal applications. For example, you can:
- Register a domain name with App Service Domains (partnership with GoDaddy)
- Host your own domain through Azure DNS
- Customize the default Azure-provided DNS on all Azure virtual machines
- Configure a reverse DNS lookup on any virtual machine
- Host the reverse lookup zone for your own IP address block
Monitoring and troubleshooting
You can take advantage of several built-in Azure tools to monitor and troubleshoot your network. Examples:
- DDoS Protection gives you always-on traffic monitoring and real-time mitigation against common attacks
- Network Watcher is a central hub to view network settings and investigate issues
Setting up hybrid networking
Azure makes it easy to connect your cloud and on-premises resources. There are two key ways to set up hybrid connections in Azure: VPN and ExpressRoute.
Option 1: Virtual private networks
Azure supports two types of virtual private networks (VPNs):
- Site-to-site VPN, which is how you join on-premises networks to Azure
- Point-to-site VPN, which is how you join individual machines to the Azure network
Option 2: ExpressRoute
With ExpressRoute, you can extend your on-premises network into the Microsoft cloud on a private connection. That way, all traffic flows over this private connection, not over the public internet. As such, ExpressRoute connections offer higher performance and reliability when compared to VPN connection. Plus, you can connect to more Microsoft cloud services, including Office 365.
Need help designing your network for the Microsoft cloud? We at Binary Tree are standing by. We’re exclusively focused on helping enterprises around the world plan, move, and manage their way to the Microsoft cloud. To get started, get in touch.
Source: Microsoft. Cloud Migration and Modernization Playbook. 2018.