Book Image

Microsoft Azure Infrastructure Services for Architects

By : John Savill
Book Image

Microsoft Azure Infrastructure Services for Architects

By: John Savill

Overview of this book

With Microsoft Azure challenging Amazon Web Services (AWS) for market share, there has been no better time for IT professionals to broaden and expand their knowledge of Microsoft’s flagship virtualization and cloud computing service. Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions helps readers develop the skills required to understand the capabilities of Microsoft Azure for Infrastructure Services and implement a public cloud to achieve full virtualization of data, both on and off premise. Microsoft Azure provides granular control in choosing core infrastructure components, enabling IT administrators to deploy new Windows Server and Linux virtual machines, adjust usage as requirements change, and scale to meet the infrastructure needs of their entire organization. This accurate, authoritative book covers topics including IaaS cost and options, customizing VM storage, enabling external connectivity to Azure virtual machines, extending Azure Active Directory, replicating and backing up to Azure, disaster recovery, and much more
Table of Contents (18 chapters)
Free Chapter
About the Author
End User License Agreement


This section explores several technologies that help provide isolation and protection. There are often multiple options, and the right option varies based on existing knowledge and requirements.

Network Security Groups and Application Security Groups

A virtual network can be thought of as a trust boundary. Each virtual network is completely isolated from other virtual networks, unless you choose to connect them. Within the virtual network, each virtual subnet is automatically connected to every other virtual subnet through Azure-provided gateway functionality. This is represented as the first usable IP address in each subnet.

In some scenarios, virtual subnets should be isolated from one another and potentially even within subnets for micro-segmentation. Consider your datacenter. You likely have a separate network that connects to the Internet, your DMZ. There will be another network for your datacenter, another network for high-impact servers, and so on. Between these different...