Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

by David Okeyode
Released August 2023
Publisher(s): Packt Publishing
ISBN: 9781803242033

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Pass the AZ-700 exam effortlessly with this comprehensive guide to Azure networking, covering all aspects of architecting, implementing, and managing Azure virtual networks Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Create and deploy a secure Azure network and implement dynamic routing and hybrid connectivity
  • Master Azure network design for performance, resilience, scalability, and security
  • Enhance your practical skills with hands-on labs aligned to the AZ-700 Network Engineer certification

Book Description

Designing and Implementing Microsoft Azure Networking Solutions is a comprehensive guide that covers every aspect of the AZ-700 exam to help you fully prepare to take the certification exam.

Packed with essential information, this book is a valuable resource for Azure cloud professionals, helping you build practical skills to design and implement name resolution, VNet routing, cross-VNet connectivity, and hybrid network connectivity using the VPN Gateway and the ExpressRoute Gateway. It provides step-by-step instructions to design and implement an Azure Virtual WAN architecture for enterprise use cases.

Additionally, the book offers detailed guidance on network security design and implementation, application delivery services, private platform service connectivity, and monitoring networks in Azure. Throughout the book, you’ll find hands-on labs carefully integrated to align with the exam objectives of the Azure Network Engineer certification (AZ-700), complemented by practice questions at the end of each chapter, allowing you to test your knowledge.

By the end of this book, you’ll have mastered the fundamentals of Azure networking and be ready to take the AZ-700 exam.

What you will learn

  • Recap the fundamentals of Azure networking
  • Design and implement name resolution
  • Implement cross-VNet and VNet internet connectivity
  • Build site-to-site VPN connections using the VPN gateway
  • Create an ExpressRoute connection
  • Secure your network with Azure Firewall and network security groups
  • Implement private access to Azure services
  • Choose the right load balancing option for your network

Who this book is for

Whether you're an Azure network engineer or a professional looking to enhance your expertise in designing and implementing scalable and secure network solutions, this book is an invaluable resource. A basic understanding of cloud solutions will help you to get the most out of this book.

Table of contents

  1. Designing and Implementing Microsoft Azure Networking Solutions
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Conventions used
    6. Get in touch
    7. Share your thoughts
    8. Download a free PDF copy of this book
  6. Part 1: Design and Implement Core Networking Infrastructure in Azure
  7. Chapter 1: Azure Networking Fundamentals
    1. Technical requirements
    2. Understanding Azure VNet
      1. Azure VNet versus traditional networks
    3. Planning Vnet naming
    4. Planning VNet location
    5. Planning Vnet IP address spaces
    6. Planning Vnet subnet segmentation
      1. Working with platform services in subnets
    7. Hands-on exercise – creating a single-stack VNet in Azure
      1. Task 1 – creating the CharisTech resource group
      2. Task 2 – creating the CoreServicesVNet VNet and subnets
      3. Task 3 – verifying the creation of the VNet and subnets
    8. Hands-on exercise – creating a dual-stack VNet in Azure
      1. Task 1 – creating the dual-stack EngineeringVNet VNet and subnets
      2. Task 2 – verifying the creation of the dual-stack VNet and subnets
    9. Understanding private IP address assignment for subnet workloads
    10. Hands-on exercise – determining the VM location and sizes for future exercises
      1. Task 1 – determining the CPU quota limits for recommended subscription regions
    11. Hands-on exercise – exploring private IP assignments
      1. Task 1 – deploying VMs with dynamic and static private IP assignments
    12. Hands-on exercise – cleaning up resources
    13. Summary
    14. Further reading
  8. Chapter 2: Designing and Implementing Name Resolution
    1. Technical requirements
    2. A hands-on exercise – provisioning resources for the chapter’s exercises
    3. Name resolution scenarios and options
    4. Internal name resolution scenarios and options
      1. Option 1 – Azure-provided name resolution
      2. A hands-on exercise – exploring Azure-provided name resolution
      3. Option 2 – customer-managed DNS servers
      4. A hands-on exercise – implementing a customer-managed DNS server
      5. Option 3 – Azure Private DNS
      6. A hands-on exercise – implementing Azure Private DNS
      7. Option 4 – Azure Private DNS Resolver and Azure Private DNS zones
    5. External name resolution scenarios and options
      1. A hands-on exercise – implementing Azure Public DNS
    6. A hands-on exercise – clean up resources
    7. Summary
    8. Further reading
  9. Chapter 3: Design, Implement, and Manage VNet Routing
    1. Technical requirements
    2. Understanding the default routing for Azure VNet workloads
      1. Understanding default routing for dual-stack subnets
      2. Hands-on exercise – provisioning resources for the chapter’s exercises
      3. Hands-on exercise – explore the default routing of Azure subnet workloads
    3. Modifying the default routing behavior
      1. Implementing custom routing with user-defined routes
      2. Hands-on exercise – route network traffic with a route table
      3. Implementing dynamic custom routing with BGP
      4. Hands-on exercise – implementing BGP dynamic routing with Azure Route Server
      5. Route selection and priority
    4. Hands-on exercise – cleaning up resources
    5. Summary
    6. Further reading
  10. Chapter 4: Design and Implement Cross-VNet Connectivity
    1. Technical requirements
    2. Understanding cross-VNet connectivity options
    3. Connecting VNets using VNet peering
      1. Planning VNet peering implementation
      2. Understanding VNet peering architecture considerations
      3. Understanding VNet peering and transitive routing
      4. Configuring VNet peering
      5. VNet peering in a hub-and-spoke architecture
    4. Connecting VNets using a VPN gateway connection
      1. Understanding VPN Gateway architecture considerations
    5. Connecting VNets using a vWAN
    6. Hands-on exercise – provisioning resources for the chapter
      1. Task 1 – initializing the template deployment in GitHub
    7. Hands-on exercise – implementing cross-region VNet connectivity using the vWAN
      1. Task 1 – creating a vWAN
      2. Task 2 – creating a virtual hub in each VNet location in the vWAN
      3. Task 3 – connecting the VNets to the regional virtual hubs
      4. Task 4 – verifying effective routes on the VNets and the virtual hubs
      5. Task 5 – verifying the connectivity between the VNets
    8. Comparing the three cross-VNet connectivity options
    9. Hands-on exercise – clean up resources
    10. Summary
    11. Further reading
  11. Part 2: Design, Implement, and Manage Hybrid Networking
  12. Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
    1. Technical requirements
    2. Understanding Azure hybrid network connection options
      1. Understanding the Azure VPN gateway
      2. Choosing the right VPN gateway SKU and generation
      3. Selecting between route-based or policy-based VPN types
      4. Selecting high-availability options for VPN connections
      5. Understanding third-party device compatibility
    3. Hands-on exercise – provision resources for chapter exercises
      1. Task 1: Initialize template deployment in GitHub, complete parameters, and deploy the template to Azure
    4. Hands-on exercise: implement a BGP-enabled VPN connection in Azure
      1. Task 1: Create the gateway subnet
      2. Task 2: Deploy the VPN gateway into the subnet (with an existing public IP)
      3. Task 3: Create the local network gateway
      4. Task 4: Configure the VPN connection
      5. Task 5: Verify VPN connection status and BGP peering
      6. Task 6: Verify connectivity between the on-premises network and the Azure VNet
    5. Understanding point-to-site connections
      1. Defining a connection pool for P2S VPN connectivity
      2. Selecting the tunnel type(s) for P2S VPN connectivity
      3. Selecting the authentication type for P2S VPN connectivity
    6. Hands-on exercise – implement a P2S VPN connection with Azure certificate authentication
      1. Task 1: Connect to the remote user’s PC via RDP
      2. Task 2: Configure the P2S VPN gateway settings
      3. Task 3: Configure settings for VPN clients
      4. Task 4: Verify connectivity between the remote PC and the Azure VNet
    7. Troubleshoot Azure VPN Gateway using diagnostic logs
    8. Hands-on exercise – clean up resources
    9. Summary
  13. Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
    1. Technical requirements
    2. Understanding what ExpressRoute is and its main use cases
      1. Choosing between private peering and public peering
    3. Understanding ExpressRoute components
    4. Deciding on an ExpressRoute connectivity model
      1. Understanding the provider model
      2. Understanding the ExpressRoute direct model
    5. Selecting the right ExpressRoute circuit SKU
    6. Selecting the right ExpressRoute gateway SKU
      1. Implementing ExpressRoute with zone redundancy
      2. Modifying a gateway SKU
      3. Implementing the gateway subnet
    7. Improving data path performance with ExpressRoute FastPath
      1. Understanding FastPath unsupported scenarios
      2. Configuring FastPath for new or existing connections
    8. Designing and implementing cross-network connectivity over ExpressRoute
      1. Enhancing cross-network connectivity using VNet peering
      2. Enhancing cross-network connectivity using multiple ExpressRoute VNet connections
      3. Enhancing cross-network connectivity using ExpressRoute Global Reach
    9. Understanding the implementation of encryption over ExpressRoute
    10. Understanding the implementation of BFD
    11. Hands-on exercise – implementing an ExpressRoute gateway
      1. Task 1 – create a VNet and gateway subnet
      2. Task 2 – deploy the ExpressRoute VNet gateway service
      3. Task 3 – create and provision an ExpressRoute circuit
      4. Task 4 – retrieve your service key (you need to send this to your SP)
      5. Task 5 – check serviceProviderProvisioningState status
      6. Task 6 – connect the ExpressRoute gateway to the ExpressRoute circuit
      7. Task 7 – deprovision an ExpressRoute circuit
      8. Task 8 – clean up resources
    12. Summary
  14. Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
    1. Technical requirements
    2. Designing a scalable network topology in Azure
      1. The standard hub-and-spoke topology
      2. The Azure vWAN hub-and-spoke topology
    3. Understanding the design considerations of a vWAN hub
      1. Selecting the regions for the VWAN hub
      2. Selecting an IP address space for the VWAN hub
      3. Configuring the routing infrastructure for the VWAN hub
      4. Configuring the VWAN hub routing preference
      5. Connecting VNets together using VWAN
    4. Understanding the routing and SD-WAN configuration in a virtual hub
      1. Understanding VNet connection route table association
      2. Understanding VNet connection route propagation
      3. Implementing BGP peering between an NVA and a virtual hub
      4. Implementing a third-party SD-WAN NVA in a virtual hub
    5. Hands-on exercise 1 – provision resources for chapter exercises
      1. Task 1 – initialize template deployment in GitHub
    6. Configuring Site-to-Site connectivity using VWAN
      1. Understanding the scalability considerations of a VWAN hub S2S VPN
      2. Understanding the availability considerations of a VWAN hub S2S VPN
      3. Understanding the performance considerations of a VWAN hub S2S VPN
    7. Hands-on exercise 2 – implement site-to-site VPN connectivity using VWAN
      1. Task 1 – add a site-to-site gateway to VWAN
      2. Task 2 – create a VPN site in VWAN
      3. Task 3 – connect the VPN site to a VWAN hub
      4. Task 4 – obtain VPN configuration information
      5. Task 5 – configure the “on-premises” VPN device
      6. Task 6 – verify routes and connectivity to the “on-premises” site through VWAN
      7. Task 7 – clean up the resources
    8. Implementing a global transit network architecture using VWAN
    9. Understanding the security considerations of a virtual hub
      1. Approach 1 – deploy Azure Firewall in the virtual hub
      2. Approach 2 – deploy a third-party security virtual appliance in the virtual hub
      3. Approach 3 – deploy a third-party network virtual appliance in a connected VNet and route traffic to it for inspection
      4. Comparing virtual hub NVA deployment options
    10. Summary
    11. Further reading
  15. Chapter 8: Designing and Implementing Network Security
    1. Technical requirements
    2. Securing the Azure virtual network perimeter
    3. Implementing DDoS protection
      1. Understanding Azure DDoS Protection service tiers
    4. Hands-on exercise 1 – provisioning resources for Chapter 8’s exercises
    5. Hands-on exercise 2 – implementing DDoS Protection, monitoring, and validation
      1. Task 1 – creating a DDoS Protection plan
      2. Task 2 – enabling DDoS Protection on a virtual network
      3. Task 3 – reviewing DDoS metrics for telemetry
      4. Task 4 – configure DDoS diagnostic logs forwarding
      5. Task 5 – configuring DDoS alerts
      6. Task 6 – creating a BreakingPoint Cloud account and authorizing your Azure subscription
      7. Task 7 – running a DDoS Test
      8. Task 8 – reviewing DDoS test results
    6. Implementing Azure Firewall
      1. Understanding Azure Firewall service tiers
      2. Understanding Azure Firewall’s features
      3. Understanding some considerations for an Azure Firewall deployment
    7. Hands-on exercise 3 – deploying Azure Firewall into a VNet and a Virtual WAN Hub
      1. Task 1 – deploying an Azure Firewall test environment template with the Azure CLI
      2. Task 2 – reviewing the firewall service and the firewall policy
      3. Task 3 – testing connectivity through the firewall
    8. Implementing a WAF in Azure
      1. Understanding managed rule sets and WAF policies
      2. Understanding custom rule sets
      3. Understanding WAF policy modes and rule actions
      4. Understanding WAF policy associations
      5. Understanding WAF policy limitations
    9. Implementing central management with Firewall Manager
    10. Summary
    11. Further reading
  16. Part 3: Design and Implement Traffic Management and Network Monitoring
  17. Chapter 9: Designing and Implementing Application Delivery Services
    1. Technical requirements
    2. Understanding Azure’s load-balancing and application delivery services
      1. Understanding Azure load-balancing and application delivery services categories
    3. Designing and implementing an Azure Load Balancer service
      1. Understanding use cases for the Basic SKU
      2. Understanding use cases for the Standard SKU
      3. Hands-on exercise 1 – Provisioning resources for this chapter’s exercises
      4. Hands-on exercise 2 – Creating and configuring a global (cross-region) load balancer
    4. Designing and implementing an Azure Application Gateway service
      1. Understanding Azure Application Gateway tiers
      2. Understanding the scalability and performance of the tiers
      3. Considerations for the Application Gateway subnet
      4. Understanding Azure Application Gateway components
    5. Designing and implementing an Azure Front Door load balancer service
      1. Understanding Azure Front Door tiers
      2. Understanding Front Door components
      3. Hands-on exercise 1 – Creating and configuring an Azure Front Door service
    6. Designing and implementing an Azure Traffic Manager service
      1. Configuring a traffic routing method
      2. Configuring Traffic Manager endpoints
    7. Choosing an optimal load-balancing and application delivery solution
    8. Summary
  18. Chapter 10: Designing and Implementing Platform Service Connectivity
    1. Technical requirements
    2. Implementing platform service network security
      1. Understanding the platform service firewall and its exceptions
      2. Understanding service endpoints
      3. Hands-on exercise 1 – provisioning the resources for this chapter’s exercises
      4. Hands-on exercise 2 – configuring service endpoints for a storage account
      5. Designing and implementing Azure Private Link and Azure private endpoints
      6. Hands-on exercise 3 – configuring an Azure private endpoint for an Azure WebApp
    3. Summary
    4. Further reading
  19. Chapter 11: Monitoring Networks in Azure
    1. Technical requirements
    2. Introducing Azure Network Watcher for monitoring, network diagnostics, and logs
    3. Understanding the network monitoring tools of Network Watcher
      1. Topology visualization
      2. Connection monitor
    4. Understanding the Network diagnostic tools of Network Watcher
      1. Connection troubleshoot
      2. IP flow verify
      3. NSG diagnostics
      4. Next hop
      5. VPN troubleshoot
      6. Packet capture
    5. Hands-on exercise 1 – provisioning the resources for the chapter's exercises
      1. Task 1 – initialize template deployment in GitHub, complete the parameters, and deploy a template to Azure
    6. Hands-on exercise 2 – implementing the network monitoring tools of Network Watcher
      1. Task 1 – visualize the topology of an Azure VNet
      2. Task 2 – create an Azure Network Watcher connection monitor
      3. Task 3 – Trigger a network issue and review Connection Monitor
    7. Understanding NSG flow logs
      1. NSG flow logs limitations and use cases
    8. Hands-on exercise 3 – enabling NSG flow logs
      1. Task 1 – enable an NSG flow log
      2. Task 2 – download and review the flow log
    9. Summary
    10. Further reading
  20. Index
    1. Why subscribe?
  21. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share your thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Designing and Implementing Microsoft Azure Networking Solutions
  • Author(s): David Okeyode
  • Release date: August 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781803242033