SlideShare a Scribd company logo
1 of 68
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Flash Card – Architect
networking Infra in Azure
Prepared by Lai
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
VPN Gateway
Site to Site
connection
Point to Site
connection
Network to
Network
connection
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
VPN Gateway Sizes
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
HA VPN Gateway – Active/Standby
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
HA VPN Gateway – Active/Active
Use BGP
routing
protocol
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
HA VPN Gateway
Express Route
Failover
Zone Redundant
Gateways
Alternative configure
VPN Gateway (failover
path)
Deploy VPN & Express
Route Gateway in diff
AZ
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI Command
Create Virtual
Network
Az network vnet create
Create Subnet Az network vnet subnet create
Create local
network gateway
Az network local-gateway create
Verify Virtual
network
Az network vnet list --output table
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI Command
Verify network
local gateway
Az network local-gateway list
Create virtual
network gateway
Az network vnet-gateway create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Express RouteDedicated &
Private
Reliable
Latency
minimal
Layer 3
connectivity Build in
redundancy
Connectivity to
Microsoft Cloud
Services
Use BGP
Don’t
support
HSRP
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
ExpressRoute Connectivity Model
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Co-location at Cloud
Exchange
Point-point Ethernet
connection
Co-located provider
(ISP) to Microsoft
Cloud
On-prem to Microsoft
Cloud
Any to Any Network
MPLS(private WAN) to
Microsoft Cloud
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
How it’s work? Work with Express Route Partner
Private wire
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Express Route Support Two Peering
To connect Azure PaaS (0365, Dynamic 365)
To connect Azure IaaS & PaaS services deployed inside Azure virtual network Access via private IP
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Express Route Use Case
Low latency connectivity
Accessing high volume system
in the cloud
Consuming Microsoft Cloud
Services (large user)
Migration
Security - data cannot traverse
over public internet
Express Route Benefit
Predictable performance
Data Privacy (secure use MPLS
WAN link)
High throughput, low latency
connection
Availability
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Security
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Network Security
Group (NSG)
Filter network traffic
Assigned to network
interface/subnet
stateful
Rule with lower priority
process first
Deny rule takes
precedence if it process
first
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI
Create NSG Az network nsg create
Create
Application
Security group
Az network asg create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Secure Network Access to PaaS
Use Virtual Network
Service Endpoint
Direct connection to
Azure Services
Secure resources to your
virtual network
Services remain on the
Azure backbone
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Service Endpoint
availability to:
Azure Storage
Azure SQL Database
Azure Key Vault
Azure Service Bus
Azure Data Lake
How to do?
1. Turn off public access to the service
2. Add the service endpoint to a virtual
network
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Service Endpoint
By default not
accessible from on-
prem network. To allow
acess from on-prem,
use NAT IP
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Virtual Network Peering
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Virtual Network Peering
Traffic routed through
Azure Network
Use only private IP
(private)
Connect virtual network in same azure regionVirtual network peering
Global Virtual network
peering
Connect virtual network in different azure region
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Virtual network peering
Reciprocal connection
(need to create on each
virtual network)
Cross subscription
support
Non transitive
(A – B – C)
Gateway transit (on-
prem)
Non overlapping IP
address
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI
Create virtual
network peering
Az network vnet peering create
Check network
peering
Az network vnet peering list
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Traffic Manager
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Traffic
Manager
Act as DNS Load Balancer. Provides DNS load balancing
to application to distribute traffic
Azure Traffic Manager
Routing methods
Weighted routing Performance
routing
Geographic
routing
Multi value
routing
Subnet routing priority routing
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Weighted routing
Distribute traffic
based on weight
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Performance
routing
Send user to the
endpoint that has
best performance
Use Internet
latency table
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Geographic
routing
Directed to
endpoint based
on where their
DNS query
originated
Europe-> Europe
China -> China
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Multi value
routing
Subnet routing
Priority routing
Multiple healthy
endpoint
Map based on set
of IP address
range to endpoint
Contain priority list of
service endpoint
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI
Create Traffic
Manager Profile
Az network traffic-manager profile create
Create Traffic
Manager Endpoint
Az network traffic-manager endpoint
create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Load Balancer
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Load Balancer
Distribute traffic across multiple VM
Scale application
Create HA for VM & services
Availability Set
Availability
Zones
5 tuple hash (default
distribution modes)
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Availability Set
Protection for hardware
failures within datacenters
Use to isolate VM
resources from each other
when deploy
Run across multiple
physical server, computer,
rack, storage & network
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Availability zone
Protection from entire
datacenter failure
Group of 1 or more datacenter
Independent power, cooling &
networking
Different physical location
within same region
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Basic Load Balancer Standard Load Balancer
Port Forwarding Health Probes
Automatic reconfiguration
Diagnostic through Azure Log
Analytic for public facing load
balancer
Outbound connection through
source network address
translation (SNAT)
HTTPS health probes
Availability Zones
Diagnostic through Azure
Monitor for multi dimensional
metric
Ha ports, Outbound rules
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Five Tuple Hash (Distribution Modes)
Default mode
Directed to different
vm for each session
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Source IP affinity (Distribution Modes)
Session affinity
Request from
specific client are
always sent to the
same VM behind the
load balancer
Example: Remote
Desktop Gateway,
Media Upload
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI
Create new
public ip
Az network public-ip create
Create Load
Balancer
Az network lb create
Monitor status
using LB
Az network lb probe create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Public & Internal LB
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Application Gateway
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Application Gateway
Application Gateway routes traffic to a pool of
web servers based on the URL of a request
Use round robin
approach
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Routing Traffic
Path based routing
Send request with
different path in the
URL to different pool
of back end server
Example:
/video/*-> VM handle
streaming
/Images/* -> VM
handle image
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Routing Traffic
Multi site routing
Register multiple DNS
name (CNAME) for
the IP address of
Application Gateway
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Web Application
Firewall (WAF)
Handle incoming request before they
reach a listener
• SQL injection
• Cross site scripting
• Command injection
• HTTP request smuggling
• HTTP response splitting
• Remote file inclusion
• Bots, crawlers & scanners
• HTTP protocol violation & anomalies
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Routing
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
System Routes
None: Any traffic routed to this
hop type is dropped and doesn't
get routed outside the subnet.
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure CLI
Create route
table
Az network route-table create
Create custom
route table
Az network route-table route create
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
NVA
Network Virtual
Appliance
• Firewall
• WAN
optimizer
• Application
delivery
controllers
• Routers
• Load balancer
• IDS/IPS
• proxies
Available in
marketplace
Control flow of
network traffic
by controlling
routing
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
IP Addressing
Reserve IP .1, .2, .3 and last IP
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Hybrid Networking Capability Matrix
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Designing Hybrid
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Hub & Spoke
Hub = Central
Location
Spoke = Branch
1
Spoke = Branch
2
Virtual
network
peering
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Hub & Spoke
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Express Route
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Secure Network Design Azure Virtual network
Azure DNS
Azure Application Gateway
Azure Traffic Manager
Azure Load Balancer
Perimeter network
NACL NSG
Route
Control
Network Virtual
Appliance
Express Route
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Hub & Spoke
Security
NSG
Perimeter
network
Network
Virtual
Appliance
Express Route
Azure Firewall
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Firewall
Stateful network firewall
Policy enforcement
Enforce across virtual
network, region &
subscription
Integrate with Azure
Monitor Logs
Log stored in Azure Storage Account,
steamed to Azure Event Hub or sent to
Azure Monitor Log
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Monitoring
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Network
Watcher
Central place to diagnose the health of Azure
network
Monitoring
tools
Diagnostic
tools
Topology
Connection
Monitor
Network
Performance
Monitor
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Topology
Generate a graphical display of Azure virtual network , its
resources, its interconnections, and their relationships with
each other.
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Connection
Monitor
to check that connections work between Azure
resources.
Network
Performance Monitor
enables you to track and alert on latency and packet
drops over time. It gives you a centralized view of your
network
Diagnostic
tools
IP Flow verify
Next Hop
Packet capture
Security Group
View
Connection
Troubleshoot
VPN
Troubleshoot
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
IP Flow verify Next Hop
Security Group
View
tells you if packets are
allowed or denied for
a specific virtual
machine
you can determine
how a packet gets
from a VM to any
destination
displays all the
effective NSG rules
applied to a network
interface
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Packet capture
Connection
Troubleshoot
VPN
Troubleshoot
to record all of the
packets sent to and
from a VM
to check TCP
connectivity between
a source and
destination VM
to diagnose problems
with virtual network
gateway connections
© 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Thank You

More Related Content

What's hot

Flash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in AzureFlash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in AzureYoong Seng Lai
 
Evacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup ApplianceEvacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup ApplianceYoong Seng Lai
 
Flash card introduction to azure vm
Flash card introduction to azure vmFlash card introduction to azure vm
Flash card introduction to azure vmYoong Seng Lai
 
AWS re:Inforce 2019 re:Cap Opening and Closing
AWS re:Inforce 2019 re:Cap Opening and ClosingAWS re:Inforce 2019 re:Cap Opening and Closing
AWS re:Inforce 2019 re:Cap Opening and ClosingHayato Kiriyama
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Amazon Web Services
 
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Securing AWS Environments
Securing AWS EnvironmentsSecuring AWS Environments
Securing AWS EnvironmentsAshish Kaushik
 
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...Amazon Web Services
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
Integrating security testing into your container build pipeline - SDD308 - AW...
Integrating security testing into your container build pipeline - SDD308 - AW...Integrating security testing into your container build pipeline - SDD308 - AW...
Integrating security testing into your container build pipeline - SDD308 - AW...Amazon Web Services
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Amazon Web Services
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Amazon Web Services
 
New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...Amazon Web Services
 
Cisco Connect Ottawa 2018 multi cloud connect, protect, and consume
Cisco Connect Ottawa 2018 multi cloud   connect, protect, and consumeCisco Connect Ottawa 2018 multi cloud   connect, protect, and consume
Cisco Connect Ottawa 2018 multi cloud connect, protect, and consumeCisco Canada
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Amazon Web Services
 
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Amazon Web Services
 

What's hot (20)

Flash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in AzureFlash Card Module 10-Implement Resource Management Security in Azure
Flash Card Module 10-Implement Resource Management Security in Azure
 
Evacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup ApplianceEvacuate Backup Data from Normal Repository to Dedup Appliance
Evacuate Backup Data from Normal Repository to Dedup Appliance
 
Flash card introduction to azure vm
Flash card introduction to azure vmFlash card introduction to azure vm
Flash card introduction to azure vm
 
AWS re:Inforce 2019 re:Cap Opening and Closing
AWS re:Inforce 2019 re:Cap Opening and ClosingAWS re:Inforce 2019 re:Cap Opening and Closing
AWS re:Inforce 2019 re:Cap Opening and Closing
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019 Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
Security benefits of the Nitro architecture - SEP401-R - AWS re:Inforce 2019
 
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...
Don’t be a haven for attackers: Mitigate misconfigurations with AWS Service C...
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Securing AWS Environments
Securing AWS EnvironmentsSecuring AWS Environments
Securing AWS Environments
 
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...
Compliance automation: Set it up fast, then code it your way - GRC330-R - AWS...
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
 
Integrating security testing into your container build pipeline - SDD308 - AW...
Integrating security testing into your container build pipeline - SDD308 - AW...Integrating security testing into your container build pipeline - SDD308 - AW...
Integrating security testing into your container build pipeline - SDD308 - AW...
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
 
New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...
 
Cisco Connect Ottawa 2018 multi cloud connect, protect, and consume
Cisco Connect Ottawa 2018 multi cloud   connect, protect, and consumeCisco Connect Ottawa 2018 multi cloud   connect, protect, and consume
Cisco Connect Ottawa 2018 multi cloud connect, protect, and consume
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...
 
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
 

Similar to Flash card architect network infra in azure

Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyAmazon Web Services
 
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS Summit
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS SummitIntroduction to AWS IoT Greengrass - SVC305 - Chicago AWS Summit
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS SummitAmazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteIntroduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteAmazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverIntroduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverAmazon Web Services
 
Flash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azureFlash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azureYoong Seng Lai
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Amazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoIntroduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoAmazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Amazon Web Services
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAmazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Amazon Web Services
 
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoIntroduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoAmazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS SummitSecurely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS SummitAmazon Web Services
 
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...Amazon Web Services
 
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS Summit
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS SummitAWS IoT Greengrass Workshop - SVC303 - Anaheim AWS Summit
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS SummitAmazon Web Services
 

Similar to Flash card architect network infra in azure (20)

Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
 
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS Summit
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS SummitIntroduction to AWS IoT Greengrass - SVC305 - Chicago AWS Summit
Introduction to AWS IoT Greengrass - SVC305 - Chicago AWS Summit
 
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - CharlotteIntroduction to the AWS Cloud - AWSome Day 2019 - Charlotte
Introduction to the AWS Cloud - AWSome Day 2019 - Charlotte
 
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - VancouverIntroduction to the AWS Cloud - AWSome Day 2019 - Vancouver
Introduction to the AWS Cloud - AWSome Day 2019 - Vancouver
 
Flash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azureFlash card architect storage infrastructure in azure
Flash card architect storage infrastructure in azure
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
 
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoIntroduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud Innovation
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
 
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - ChicagoIntroduction to the AWS Cloud - AWSome Day 2019 - Chicago
Introduction to the AWS Cloud - AWSome Day 2019 - Chicago
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
 
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS SummitSecurely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
 
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS Summit
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS SummitAWS IoT Greengrass Workshop - SVC303 - Anaheim AWS Summit
AWS IoT Greengrass Workshop - SVC303 - Anaheim AWS Summit
 

More from Yoong Seng Lai

Flash card security-azure disk
Flash card security-azure diskFlash card security-azure disk
Flash card security-azure diskYoong Seng Lai
 
Flash card managing using azure cli
Flash card managing using azure cliFlash card managing using azure cli
Flash card managing using azure cliYoong Seng Lai
 
Flash card caching and performance in azure storage disk
Flash card caching and performance in azure storage diskFlash card caching and performance in azure storage disk
Flash card caching and performance in azure storage diskYoong Seng Lai
 
Flash card azure automation state
Flash card azure automation stateFlash card azure automation state
Flash card azure automation stateYoong Seng Lai
 
Extending Availability to the Cloud
Extending Availability to the CloudExtending Availability to the Cloud
Extending Availability to the CloudYoong Seng Lai
 
Business Continuity with Disaster Recovery
Business Continuity with Disaster RecoveryBusiness Continuity with Disaster Recovery
Business Continuity with Disaster RecoveryYoong Seng Lai
 

More from Yoong Seng Lai (7)

Flash card security-azure disk
Flash card security-azure diskFlash card security-azure disk
Flash card security-azure disk
 
Flash card managing using azure cli
Flash card managing using azure cliFlash card managing using azure cli
Flash card managing using azure cli
 
Flash card caching and performance in azure storage disk
Flash card caching and performance in azure storage diskFlash card caching and performance in azure storage disk
Flash card caching and performance in azure storage disk
 
Flash card azure disk
Flash card azure diskFlash card azure disk
Flash card azure disk
 
Flash card azure automation state
Flash card azure automation stateFlash card azure automation state
Flash card azure automation state
 
Extending Availability to the Cloud
Extending Availability to the CloudExtending Availability to the Cloud
Extending Availability to the Cloud
 
Business Continuity with Disaster Recovery
Business Continuity with Disaster RecoveryBusiness Continuity with Disaster Recovery
Business Continuity with Disaster Recovery
 

Recently uploaded

Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 

Recently uploaded (20)

Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 

Flash card architect network infra in azure

  • 1. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Flash Card – Architect networking Infra in Azure Prepared by Lai
  • 2. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. VPN Gateway Site to Site connection Point to Site connection Network to Network connection
  • 3. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. VPN Gateway Sizes
  • 4. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
  • 5. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. HA VPN Gateway – Active/Standby
  • 6. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. HA VPN Gateway – Active/Active Use BGP routing protocol
  • 7. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. HA VPN Gateway Express Route Failover Zone Redundant Gateways Alternative configure VPN Gateway (failover path) Deploy VPN & Express Route Gateway in diff AZ
  • 8. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Command Create Virtual Network Az network vnet create Create Subnet Az network vnet subnet create Create local network gateway Az network local-gateway create Verify Virtual network Az network vnet list --output table
  • 9. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Command Verify network local gateway Az network local-gateway list Create virtual network gateway Az network vnet-gateway create
  • 10. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Express RouteDedicated & Private Reliable Latency minimal Layer 3 connectivity Build in redundancy Connectivity to Microsoft Cloud Services Use BGP Don’t support HSRP
  • 11. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. ExpressRoute Connectivity Model
  • 12. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Co-location at Cloud Exchange Point-point Ethernet connection Co-located provider (ISP) to Microsoft Cloud On-prem to Microsoft Cloud Any to Any Network MPLS(private WAN) to Microsoft Cloud
  • 13. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. How it’s work? Work with Express Route Partner Private wire
  • 14. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Express Route Support Two Peering To connect Azure PaaS (0365, Dynamic 365) To connect Azure IaaS & PaaS services deployed inside Azure virtual network Access via private IP
  • 15. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Express Route Use Case Low latency connectivity Accessing high volume system in the cloud Consuming Microsoft Cloud Services (large user) Migration Security - data cannot traverse over public internet Express Route Benefit Predictable performance Data Privacy (secure use MPLS WAN link) High throughput, low latency connection Availability
  • 16. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
  • 17. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Security
  • 18. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Network Security Group (NSG) Filter network traffic Assigned to network interface/subnet stateful Rule with lower priority process first Deny rule takes precedence if it process first
  • 19. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Create NSG Az network nsg create Create Application Security group Az network asg create
  • 20. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Secure Network Access to PaaS Use Virtual Network Service Endpoint Direct connection to Azure Services Secure resources to your virtual network Services remain on the Azure backbone
  • 21. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Service Endpoint availability to: Azure Storage Azure SQL Database Azure Key Vault Azure Service Bus Azure Data Lake How to do? 1. Turn off public access to the service 2. Add the service endpoint to a virtual network
  • 22. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Service Endpoint By default not accessible from on- prem network. To allow acess from on-prem, use NAT IP
  • 23. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
  • 24. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Virtual Network Peering
  • 25. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Virtual Network Peering Traffic routed through Azure Network Use only private IP (private) Connect virtual network in same azure regionVirtual network peering Global Virtual network peering Connect virtual network in different azure region
  • 26. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Virtual network peering Reciprocal connection (need to create on each virtual network) Cross subscription support Non transitive (A – B – C) Gateway transit (on- prem) Non overlapping IP address
  • 27. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Create virtual network peering Az network vnet peering create Check network peering Az network vnet peering list
  • 28. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Traffic Manager
  • 29. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Traffic Manager Act as DNS Load Balancer. Provides DNS load balancing to application to distribute traffic Azure Traffic Manager Routing methods Weighted routing Performance routing Geographic routing Multi value routing Subnet routing priority routing
  • 30. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Weighted routing Distribute traffic based on weight
  • 31. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Performance routing Send user to the endpoint that has best performance Use Internet latency table
  • 32. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Geographic routing Directed to endpoint based on where their DNS query originated Europe-> Europe China -> China
  • 33. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Multi value routing Subnet routing Priority routing Multiple healthy endpoint Map based on set of IP address range to endpoint Contain priority list of service endpoint
  • 34. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Create Traffic Manager Profile Az network traffic-manager profile create Create Traffic Manager Endpoint Az network traffic-manager endpoint create
  • 35. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Load Balancer
  • 36. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Load Balancer Distribute traffic across multiple VM Scale application Create HA for VM & services Availability Set Availability Zones 5 tuple hash (default distribution modes)
  • 37. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Availability Set Protection for hardware failures within datacenters Use to isolate VM resources from each other when deploy Run across multiple physical server, computer, rack, storage & network
  • 38. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Availability zone Protection from entire datacenter failure Group of 1 or more datacenter Independent power, cooling & networking Different physical location within same region
  • 39. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Basic Load Balancer Standard Load Balancer Port Forwarding Health Probes Automatic reconfiguration Diagnostic through Azure Log Analytic for public facing load balancer Outbound connection through source network address translation (SNAT) HTTPS health probes Availability Zones Diagnostic through Azure Monitor for multi dimensional metric Ha ports, Outbound rules
  • 40. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Five Tuple Hash (Distribution Modes) Default mode Directed to different vm for each session
  • 41. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Source IP affinity (Distribution Modes) Session affinity Request from specific client are always sent to the same VM behind the load balancer Example: Remote Desktop Gateway, Media Upload
  • 42. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Create new public ip Az network public-ip create Create Load Balancer Az network lb create Monitor status using LB Az network lb probe create
  • 43. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Public & Internal LB
  • 44. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Application Gateway
  • 45. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Application Gateway Application Gateway routes traffic to a pool of web servers based on the URL of a request Use round robin approach
  • 46. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Routing Traffic Path based routing Send request with different path in the URL to different pool of back end server Example: /video/*-> VM handle streaming /Images/* -> VM handle image
  • 47. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Routing Traffic Multi site routing Register multiple DNS name (CNAME) for the IP address of Application Gateway
  • 48. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Web Application Firewall (WAF) Handle incoming request before they reach a listener • SQL injection • Cross site scripting • Command injection • HTTP request smuggling • HTTP response splitting • Remote file inclusion • Bots, crawlers & scanners • HTTP protocol violation & anomalies
  • 49. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Routing
  • 50. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. System Routes None: Any traffic routed to this hop type is dropped and doesn't get routed outside the subnet.
  • 51. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure CLI Create route table Az network route-table create Create custom route table Az network route-table route create
  • 52. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. NVA Network Virtual Appliance • Firewall • WAN optimizer • Application delivery controllers • Routers • Load balancer • IDS/IPS • proxies Available in marketplace Control flow of network traffic by controlling routing
  • 53. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. IP Addressing Reserve IP .1, .2, .3 and last IP
  • 54. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Hybrid Networking Capability Matrix
  • 55. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Designing Hybrid
  • 56. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Hub & Spoke Hub = Central Location Spoke = Branch 1 Spoke = Branch 2 Virtual network peering
  • 57. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Hub & Spoke
  • 58. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Express Route
  • 59. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Secure Network Design Azure Virtual network Azure DNS Azure Application Gateway Azure Traffic Manager Azure Load Balancer Perimeter network NACL NSG Route Control Network Virtual Appliance Express Route
  • 60. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Hub & Spoke Security NSG Perimeter network Network Virtual Appliance Express Route Azure Firewall
  • 61. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Firewall Stateful network firewall Policy enforcement Enforce across virtual network, region & subscription Integrate with Azure Monitor Logs Log stored in Azure Storage Account, steamed to Azure Event Hub or sent to Azure Monitor Log
  • 62. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Monitoring
  • 63. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Azure Network Watcher Central place to diagnose the health of Azure network Monitoring tools Diagnostic tools Topology Connection Monitor Network Performance Monitor
  • 64. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Topology Generate a graphical display of Azure virtual network , its resources, its interconnections, and their relationships with each other.
  • 65. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Connection Monitor to check that connections work between Azure resources. Network Performance Monitor enables you to track and alert on latency and packet drops over time. It gives you a centralized view of your network Diagnostic tools IP Flow verify Next Hop Packet capture Security Group View Connection Troubleshoot VPN Troubleshoot
  • 66. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. IP Flow verify Next Hop Security Group View tells you if packets are allowed or denied for a specific virtual machine you can determine how a packet gets from a VM to any destination displays all the effective NSG rules applied to a network interface
  • 67. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Packet capture Connection Troubleshoot VPN Troubleshoot to record all of the packets sent to and from a VM to check TCP connectivity between a source and destination VM to diagnose problems with virtual network gateway connections
  • 68. © 2019 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. Thank You