Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By : David Okeyode
Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By: David Okeyode

Overview of this book

Designing and Implementing Microsoft Azure Networking Solutions is a comprehensive guide that covers every aspect of the AZ-700 exam to help you fully prepare to take the certification exam. Packed with essential information, this book is a valuable resource for Azure cloud professionals, helping you build practical skills to design and implement name resolution, VNet routing, cross-VNet connectivity, and hybrid network connectivity using the VPN Gateway and the ExpressRoute Gateway. It provides step-by-step instructions to design and implement an Azure Virtual WAN architecture for enterprise use cases. Additionally, the book offers detailed guidance on network security design and implementation, application delivery services, private platform service connectivity, and monitoring networks in Azure. Throughout the book, you’ll find hands-on labs carefully integrated to align with the exam objectives of the Azure Network Engineer certification (AZ-700), complemented by practice questions at the end of each chapter, allowing you to test your knowledge. By the end of this book, you’ll have mastered the fundamentals of Azure networking and be ready to take the AZ-700 exam.

Related Content you might be interested in

Current Title:

Small book image
Designing and Implementing Microsoft Azure Networking Solutions
David Okeyode
Aug, 2023 | 524 pages
Small book image
Microsoft Azure Security Technologies Certification and Beyond
David Okeyode
Nov, 2021 | 526 pages
Small book image
Hands-On Networking with Azure
Mohamed Waly
Mar, 2018 | 276 pages
Small book image
Azure Networking Cookbook, Second Edition
Mustafa Toroman
Dec, 2020 | 298 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share your thoughts
Download a free PDF copy of this book
1
Part 1: Design and Implement Core Networking Infrastructure in Azure
Part 1: Design and Implement Core Networking Infrastructure in Azure
Free Chapter
2
Chapter 1: Azure Networking Fundamentals
Chapter 1: Azure Networking Fundamentals
Technical requirements
Understanding Azure VNet
Planning Vnet naming
Planning VNet location
Planning Vnet IP address spaces
Planning Vnet subnet segmentation
Hands-on exercise – creating a single-stack VNet in Azure
Hands-on exercise – creating a dual-stack VNet in Azure
Understanding private IP address assignment for subnet workloads
Hands-on exercise – determining the VM location and sizes for future exercises
Hands-on exercise – exploring private IP assignments
Hands-on exercise – cleaning up resources
Summary
Further reading
3
Chapter 2: Designing and Implementing Name Resolution
Chapter 2: Designing and Implementing Name Resolution
Technical requirements
A hands-on exercise – provisioning resources for the chapter’s exercises
Name resolution scenarios and options
Internal name resolution scenarios and options
External name resolution scenarios and options
A hands-on exercise – clean up resources
Summary
Further reading
4
Chapter 3: Design, Implement, and Manage VNet Routing
Chapter 3: Design, Implement, and Manage VNet Routing
Technical requirements
Understanding the default routing for Azure VNet workloads
Modifying the default routing behavior
Hands-on exercise – cleaning up resources
Summary
Further reading
5
Chapter 4: Design and Implement Cross-VNet Connectivity
Chapter 4: Design and Implement Cross-VNet Connectivity
Technical requirements
Understanding cross-VNet connectivity options
Connecting VNets using VNet peering
Connecting VNets using a VPN gateway connection
Connecting VNets using a vWAN
Hands-on exercise – provisioning resources for the chapter
Hands-on exercise – implementing cross-region VNet connectivity using the vWAN
Comparing the three cross-VNet connectivity options
Hands-on exercise – clean up resources
Summary
Further reading
6
Part 2: Design, Implement, and Manage Hybrid Networking
Part 2: Design, Implement, and Manage Hybrid Networking
7
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Technical requirements
Understanding Azure hybrid network connection options
Hands-on exercise – provision resources for chapter exercises
Hands-on exercise: implement a BGP-enabled VPN connection in Azure
Understanding point-to-site connections
Hands-on exercise – implement a P2S VPN connection with Azure certificate authentication
Troubleshoot Azure VPN Gateway using diagnostic logs
Hands-on exercise – clean up resources
Summary
8
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Technical requirements
Understanding what ExpressRoute is and its main use cases
Understanding ExpressRoute components
Deciding on an ExpressRoute connectivity model
Selecting the right ExpressRoute circuit SKU
Selecting the right ExpressRoute gateway SKU
Improving data path performance with ExpressRoute FastPath
Designing and implementing cross-network connectivity over ExpressRoute
Understanding the implementation of encryption over ExpressRoute
Understanding the implementation of BFD
Hands-on exercise – implementing an ExpressRoute gateway
Summary
9
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Technical requirements
Designing a scalable network topology in Azure
Understanding the design considerations of a vWAN hub
Understanding the routing and SD-WAN configuration in a virtual hub
Hands-on exercise 1 – provision resources for chapter exercises
Configuring Site-to-Site connectivity using VWAN
Hands-on exercise 2 – implement site-to-site VPN connectivity using VWAN
Implementing a global transit network architecture using VWAN
Understanding the security considerations of a virtual hub
Summary
Further reading
10
Chapter 8: Designing and Implementing Network Security
Chapter 8: Designing and Implementing Network Security
Technical requirements
Securing the Azure virtual network perimeter
Implementing DDoS protection
Hands-on exercise 1 – provisioning resources for Chapter 8’s exercises
Hands-on exercise 2 – implementing DDoS Protection, monitoring, and validation
Implementing Azure Firewall
Hands-on exercise 3 – deploying Azure Firewall into a VNet and a Virtual WAN Hub
Implementing a WAF in Azure
Implementing central management with Firewall Manager
Summary
Further reading
11
Part 3: Design and Implement Traffic Management and Network Monitoring
Part 3: Design and Implement Traffic Management and Network Monitoring
12
Chapter 9: Designing and Implementing Application Delivery Services
Chapter 9: Designing and Implementing Application Delivery Services
Technical requirements
Understanding Azure’s load-balancing and application delivery services
Designing and implementing an Azure Load Balancer service
Designing and implementing an Azure Application Gateway service
Designing and implementing an Azure Front Door load balancer service
Designing and implementing an Azure Traffic Manager service
Choosing an optimal load-balancing and application delivery solution
Summary
13
Chapter 10: Designing and Implementing Platform Service Connectivity
Chapter 10: Designing and Implementing Platform Service Connectivity
Technical requirements
Implementing platform service network security
Summary
Further reading
14
Chapter 11: Monitoring Networks in Azure
Chapter 11: Monitoring Networks in Azure
Technical requirements
Introducing Azure Network Watcher for monitoring, network diagnostics, and logs
Understanding the network monitoring tools of Network Watcher
Understanding the Network diagnostic tools of Network Watcher
Hands-on exercise 1 – provisioning the resources for the chapter's exercises
Hands-on exercise 2 – implementing the network monitoring tools of Network Watcher
Understanding NSG flow logs
Hands-on exercise 3 – enabling NSG flow logs
Summary
Further reading
15
Index
Index
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book

Hands-on exercise – creating a single-stack VNet in Azure

In this exercise, we will create a single-stack IPv4 network for a fictional organization called CharisTech, which is in the process of migrating some on-premises applications to Azure. We will implement two VNets and subnets to support workloads that will be migrated. Here are the tasks that we will complete in this exercise:

  • Task 1: Creating the CharisTech resource group
  • Task 2: Creating the CoreServicesVNet VNet and subnets
  • Task 3: Verifying the creation of VNets and subnets

Figure 1.15 shows the outcome that we’ll get to at the end of the tasks:

Figure 1.15 – CharisTech Azure VNets and subnets

Figure 1.15 – CharisTech Azure VNets and subnets

Task 1 – creating the CharisTech resource group

A resource group is a logical container for managing related Azure resources. In this task, we will create a resource group called CharisTechRG that will hold the networking resources that we will create in other tasks:

  1. Open a web browser and browse to https://portal.azure.com.
  2. On the left-hand side, click on the portal menu icon, then click on Create a resource:
Figure 1.16 – Create a resource

Figure 1.16 – Create a resource

  1. In the search area, type Resource group and press Enter. Click on the Create button:
Figure 1.17 – Create a resource group

Figure 1.17 – Create a resource group

  1. In the Basics tab, enter the following values:
    • Subscription: Select your Azure subscription (1)
    • Resource group: CharisTechRG (2)
    • Region: East US (3)

Then, select Review + create (4):

Figure 1.18 – Creating a resource group

Figure 1.18 – Creating a resource group

  1. Select Create. It should only take a few seconds to create the resource group.
  2. In the top-right corner of the window, select the notification icon (the bell icon). Then, select Go to resource group to open the newly created resource group:
Figure 1.19 – Opening the newly created resource group

Figure 1.19 – Opening the newly created resource group

Leave this window open for the next task. Now that we have a resource group that we can use as a management container, let us proceed to create the VNets and subnets.

Task 2 – creating the CoreServicesVNet VNet and subnets

The first network that we will create is the CoreServicesVNet VNet (Figure 1.15). The network will be deployed in the East US region. It will be segmented into three subnets that will host the following workloads:

  • Public web services (PublicWebServiceSubnet)
  • Databases (DatabaseSubnet)
  • Shared services that are key to the operations of the business, such as domain controllers (SharedServicesSubnet)

Let’s get started:

  1. In the CharisTechRG window, select + Create. In the search box, enter Virtual Network. Select Virtual Network in the search results:
Figure 1.20 – Creating a resource

Figure 1.20 – Creating a resource

  1. On the Virtual Network page, select Create.
  2. On the Create virtual network window, in the Basics tab, enter the following values:
    • Subscription: Select your Azure subscription
    • Resource group: CharisTechRG
    • Name: CoreServicesVNet
    • Region: East US

Then, click Next: IP Addresses >:

Figure 1.21 – Creating the VNet

Figure 1.21 – Creating the VNet

  1. In the IP Addresses tab, change the default IP address space to 10.10.0.0/16. Then, select + Add subnet:
Figure 1.22 – Setting the IP address

Figure 1.22 – Setting the IP address

  1. In the Add subnet window, configure the following:
    • Subnet name: SharedServicesSubnet
    • Subnet address range: 10.10.1.0/24
    • NAT gateway: None
    • Service endpoint: 0 selected

Then, click Add:

Figure 1.23 – Adding a subnet

Figure 1.23 – Adding a subnet

  1. Click on + Add subnet and repeat Step 5 to add the following subnet configurations:

Subnet

Configuration option

Configuration value

DatabaseSubnet

Subnet name

DatabaseSubnet

Subnet address range

10.10.2.0/24

PublicWebServiceSubnet

Subnet name

PublicWebServiceSubnet

Subnet address range

10.10.3.0/24

Table 1.1 – Subnet configuration details

7. The configuration should look like Figure 1.24. Click on Review + create:

Figure 1.24 – Subnets added to the VNet configuration

Figure 1.24 – Subnets added to the VNet configuration

8. Select Create. It should only take a few seconds to create the VNet and subnets.

Awesome! After the deployment completes, let us review what has been created.

Task 3 – verifying the creation of the VNet and subnets

In this task, we will review the resources created in the last task:

  1. Click on Go to resource to open the newly created VNet:
Figure 1.25 –Microsoft VNet overview

Figure 1.25 –Microsoft VNet overview

  1. In the CoreServicesVNet virtual network blade, in the Settings section, click on Subnets to review the subnets that were created:
Figure 1.26 – Reviewing the subnets

Figure 1.26 – Reviewing the subnets

You can leave this window open for the next task. Now that we have a resource group that we can use as a management container, let us proceed to create the VNets and subnets.

Previous Section
End of Section 8
Next Section