Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By : David Okeyode
Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By: David Okeyode

Overview of this book

Designing and Implementing Microsoft Azure Networking Solutions is a comprehensive guide that covers every aspect of the AZ-700 exam to help you fully prepare to take the certification exam. Packed with essential information, this book is a valuable resource for Azure cloud professionals, helping you build practical skills to design and implement name resolution, VNet routing, cross-VNet connectivity, and hybrid network connectivity using the VPN Gateway and the ExpressRoute Gateway. It provides step-by-step instructions to design and implement an Azure Virtual WAN architecture for enterprise use cases. Additionally, the book offers detailed guidance on network security design and implementation, application delivery services, private platform service connectivity, and monitoring networks in Azure. Throughout the book, you’ll find hands-on labs carefully integrated to align with the exam objectives of the Azure Network Engineer certification (AZ-700), complemented by practice questions at the end of each chapter, allowing you to test your knowledge. By the end of this book, you’ll have mastered the fundamentals of Azure networking and be ready to take the AZ-700 exam.

Related Content you might be interested in

Current Title:

Small book image
Designing and Implementing Microsoft Azure Networking Solutions
David Okeyode
Aug, 2023 | 524 pages
Small book image
Microsoft Azure Security Technologies Certification and Beyond
David Okeyode
Nov, 2021 | 526 pages
Small book image
Hands-On Networking with Azure
Mohamed Waly
Mar, 2018 | 276 pages
Small book image
Azure Networking Cookbook, Second Edition
Mustafa Toroman
Dec, 2020 | 298 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share your thoughts
Download a free PDF copy of this book
1
Part 1: Design and Implement Core Networking Infrastructure in Azure
Part 1: Design and Implement Core Networking Infrastructure in Azure
Free Chapter
2
Chapter 1: Azure Networking Fundamentals
Chapter 1: Azure Networking Fundamentals
Technical requirements
Understanding Azure VNet
Planning Vnet naming
Planning VNet location
Planning Vnet IP address spaces
Planning Vnet subnet segmentation
Hands-on exercise – creating a single-stack VNet in Azure
Hands-on exercise – creating a dual-stack VNet in Azure
Understanding private IP address assignment for subnet workloads
Hands-on exercise – determining the VM location and sizes for future exercises
Hands-on exercise – exploring private IP assignments
Hands-on exercise – cleaning up resources
Summary
Further reading
3
Chapter 2: Designing and Implementing Name Resolution
Chapter 2: Designing and Implementing Name Resolution
Technical requirements
A hands-on exercise – provisioning resources for the chapter’s exercises
Name resolution scenarios and options
Internal name resolution scenarios and options
External name resolution scenarios and options
A hands-on exercise – clean up resources
Summary
Further reading
4
Chapter 3: Design, Implement, and Manage VNet Routing
Chapter 3: Design, Implement, and Manage VNet Routing
Technical requirements
Understanding the default routing for Azure VNet workloads
Modifying the default routing behavior
Hands-on exercise – cleaning up resources
Summary
Further reading
5
Chapter 4: Design and Implement Cross-VNet Connectivity
Chapter 4: Design and Implement Cross-VNet Connectivity
Technical requirements
Understanding cross-VNet connectivity options
Connecting VNets using VNet peering
Connecting VNets using a VPN gateway connection
Connecting VNets using a vWAN
Hands-on exercise – provisioning resources for the chapter
Hands-on exercise – implementing cross-region VNet connectivity using the vWAN
Comparing the three cross-VNet connectivity options
Hands-on exercise – clean up resources
Summary
Further reading
6
Part 2: Design, Implement, and Manage Hybrid Networking
Part 2: Design, Implement, and Manage Hybrid Networking
7
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Technical requirements
Understanding Azure hybrid network connection options
Hands-on exercise – provision resources for chapter exercises
Hands-on exercise: implement a BGP-enabled VPN connection in Azure
Understanding point-to-site connections
Hands-on exercise – implement a P2S VPN connection with Azure certificate authentication
Troubleshoot Azure VPN Gateway using diagnostic logs
Hands-on exercise – clean up resources
Summary
8
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Technical requirements
Understanding what ExpressRoute is and its main use cases
Understanding ExpressRoute components
Deciding on an ExpressRoute connectivity model
Selecting the right ExpressRoute circuit SKU
Selecting the right ExpressRoute gateway SKU
Improving data path performance with ExpressRoute FastPath
Designing and implementing cross-network connectivity over ExpressRoute
Understanding the implementation of encryption over ExpressRoute
Understanding the implementation of BFD
Hands-on exercise – implementing an ExpressRoute gateway
Summary
9
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Technical requirements
Designing a scalable network topology in Azure
Understanding the design considerations of a vWAN hub
Understanding the routing and SD-WAN configuration in a virtual hub
Hands-on exercise 1 – provision resources for chapter exercises
Configuring Site-to-Site connectivity using VWAN
Hands-on exercise 2 – implement site-to-site VPN connectivity using VWAN
Implementing a global transit network architecture using VWAN
Understanding the security considerations of a virtual hub
Summary
Further reading
10
Chapter 8: Designing and Implementing Network Security
Chapter 8: Designing and Implementing Network Security
Technical requirements
Securing the Azure virtual network perimeter
Implementing DDoS protection
Hands-on exercise 1 – provisioning resources for Chapter 8’s exercises
Hands-on exercise 2 – implementing DDoS Protection, monitoring, and validation
Implementing Azure Firewall
Hands-on exercise 3 – deploying Azure Firewall into a VNet and a Virtual WAN Hub
Implementing a WAF in Azure
Implementing central management with Firewall Manager
Summary
Further reading
11
Part 3: Design and Implement Traffic Management and Network Monitoring
Part 3: Design and Implement Traffic Management and Network Monitoring
12
Chapter 9: Designing and Implementing Application Delivery Services
Chapter 9: Designing and Implementing Application Delivery Services
Technical requirements
Understanding Azure’s load-balancing and application delivery services
Designing and implementing an Azure Load Balancer service
Designing and implementing an Azure Application Gateway service
Designing and implementing an Azure Front Door load balancer service
Designing and implementing an Azure Traffic Manager service
Choosing an optimal load-balancing and application delivery solution
Summary
13
Chapter 10: Designing and Implementing Platform Service Connectivity
Chapter 10: Designing and Implementing Platform Service Connectivity
Technical requirements
Implementing platform service network security
Summary
Further reading
14
Chapter 11: Monitoring Networks in Azure
Chapter 11: Monitoring Networks in Azure
Technical requirements
Introducing Azure Network Watcher for monitoring, network diagnostics, and logs
Understanding the network monitoring tools of Network Watcher
Understanding the Network diagnostic tools of Network Watcher
Hands-on exercise 1 – provisioning the resources for the chapter's exercises
Hands-on exercise 2 – implementing the network monitoring tools of Network Watcher
Understanding NSG flow logs
Hands-on exercise 3 – enabling NSG flow logs
Summary
Further reading
15
Index
Index
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book

Hands-on exercise – exploring private IP assignments

In this exercise, you will explore private IP assignment options for VNet resources. Here are the tasks that you will complete in this exercise:

  • Task 1 – deploying VMs with dynamic and static private IP assignments

Let’s get into this!

Task 1 – deploying VMs with dynamic and static private IP assignments

The steps are as follows:

  1. In the Azure Cloud Shell environment, enter the following commands to set the values that we will use for the following variables: resource group, location, VNet, subnet, and VM size. Replace the Standard_B2s value if you are using a different size than you verified in the previous exercise:
    group=CharisTechRG
location=eastus
VNet=CoreServicesVNet
subnet=PublicWebServiceSubnet
size=Standard_B2s
  2. Deploy a VM called WebVM0 into PublicWebServiceSubnet of CoreServicesVNet with the az vm create command. This will default to the dynamic private IP assignment method:
    az vm create -g $group -n WebVM0 --image UbuntuLTS --admin-username azureuser --generate-ssh-keys --VNet-name $VNet --subnet $subnet --size $size --public-ip-address ""

The following figure shows the output of this command. Ignore the warning about the public IP as the VM is created without a public IP assigned.

Figure 1.40 – VM creation with the default dynamic private IP assignment

Figure 1.40 – VM creation with the default dynamic private IP assignment

  1. Deploy a VM called WebVM1 into PublicWebServiceSubnet of CoreServicesVNet with the az vm create command. This time around, we will specify a static private IP assignment of 10.10.3.10:
    az vm create -g $group -n WebVM1 --image UbuntuLTS --admin-username azureuser --generate-ssh-keys --VNet-name $VNet --subnet $subnet --size $size --public-ip-address "" --private-ip-address "10.10.3.10"

The following figure shows the output of this command. Ignore the warning about the public IP as the VM is created without a public IP assigned.

Figure 1.41 – VM creation with the default dynamic private IP assignment

Figure 1.41 – VM creation with the default dynamic private IP assignment

  1. Review the private IP assignment of the VM network interfaces using the az network nic list command:
    az network nic list -g $group --query "[*].{NIC:name, PrivateIP: ipConfigurations[0].privateIpAddress, Assignment: ipConfigurations[0].privateIpAllocationMethod, IPVersion: ipConfigurations[0].privateIpAddressVersion}" -o table

The --query parameter is used to sort through the JSON array response to select the properties that we are interested in. The following screenshot shows what the output looks like:

Figure 1.42 – The VM NIC dynamic private IP assignment

Figure 1.42 – The VM NIC dynamic private IP assignment

Leave Cloud Shell open for the last exercise in this chapter.

Previous Section
End of Section 12
Next Section