SlideShare a Scribd company logo
1 of 25
Welcome to Azure Saturday 2019 Munich
18.05.2019 – Microsoft Munich – azuresaturday.de -- @azuresaturday
#AzureSaturday
The hidden secrets of Azure Networking
#AzureSaturday
Speaker: Mohamed Wali
18.05.2019 – Microsoft Munich – azuresaturday.de – @azuresaturday
Agenda
VNet Service Endpoints
Secure the Connection between Azure App Services and Databases
DHCP on Azure
Gateway Transit
Connecting Azure and AWS
Q&A
VNet Service Endpoints
• Extend VNet to Azure Services
• Make use of Microsoft Azure backbone network
• Faster, Reliable and Secure
How Service Endpoints Works?
Services
support
Service
Endpoints
Azure Storage
Azure SQL Database
Azure SQL Data Warehouse
Azure Database for PostgreSQL server
Azure Database for MySQL server
Azure Database for MariaDB
Azure Cosmos DB
Azure Key Vault
Azure Service Bus
Azure Event Hub
Azure Data Lake Store Gen 1
Azure Container Registry Preview!
Demo: Service Endpoints
Service Endpoint Policies
• Prevent unauthorized access to storage accounts
• Restrict Virtual Network access to specific Azure Storage Accounts
• Granular access control over service endpoints
Demo: Service Endpoint Policies
Secure the Connection between Azure
App Services and the Databases
Securing Web App to DB Connection Patterns
App Service
Internet
Azure Virtual Network
Point to Site VPN
App Service
Environment
Azure Virtual Network
Azure Storage
Azure SQL
Service Endpoints
Pattern 1: VNet Integration
Pattern 2: Extending VNets
New VNet Integration
• No gateway needed
• Support for ExpressRoute and Service Endpoints
• Require Subnet delegation to allow the access between App service
and Azure SQL
App Service
Internet
Azure Virtual
Network
Azure SQL
Service Endpoints
Delegated subnet
Demo: New VNet Integration
DHCP on Azure
• Can I use my own DHCP for Azure services?
• What about Azure DHCP to On-Prem?
• Is the hybrid scenario for DHCP valid?
• What is the best model to implement DHCP for Cloud
Native/Hybrid Model?
Gateway Transit
VNet1 VNet2
Express Route
Starting Point
VNet2
Express Route
Challenge: Add more peered VNets
VNet3 VNet4 VNet5VNet1 VNet6
VNet Gateway
Express Route
VNet3VNet4
VNet1 VNet2
Azure Firewall/NVA
Gateway Transit
Demo: Gateway Transit
Connecting Azure and AWS
RRAS WS 2012R2
VPNTunnel
VPNTunnel
Pattern 1: Integrating Gateways Pattern 2: Integrating Azure Gateway with RRAS
Pattern 1: Integrating Gateways Limitations
• Amazon Virtual Private Gateway is not a supported platform
• BGP cannot be used (depends on the settings)
Pattern 2: Integrating Azure Gateway with RRAS Limitations
• Single Connection, Not stable
• More Operations
Session objectives and takeaways
• Service Endpoints and its policies in the next big thing for securing the connection
between azure resources with low latency
• New VNet integration is coming to make your resources integration more seamless and
efficient
• NEVER EVER FOREVER think about deploying DHCP in Azure
• Make use of Gateway Transit to streamline your networking problems in Azure
• Connecting Azure and AWS is going to make your life much better if you have resources
deployed across them
Q&A
Keep in touch
@_MWaly
https://vlacticcloud.wordpress.com

More Related Content

What's hot

React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
Amazon Web Services
 

What's hot (20)

Serverless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel AvivServerless Architectures on AWS - Pop-up Loft Tel Aviv
Serverless Architectures on AWS - Pop-up Loft Tel Aviv
 
Overview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesOverview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled Kubernetes
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage Overview
 
Introduction to windows azure
Introduction to windows azureIntroduction to windows azure
Introduction to windows azure
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 
Global Azure Bootcamp 2017 - How to build a twitter bot in 15 minutes
Global Azure Bootcamp 2017 - How to build a twitter bot in 15 minutesGlobal Azure Bootcamp 2017 - How to build a twitter bot in 15 minutes
Global Azure Bootcamp 2017 - How to build a twitter bot in 15 minutes
 
How to Manage VMware vSphere Like AWS and Azure
How to Manage VMware vSphere Like AWS and AzureHow to Manage VMware vSphere Like AWS and Azure
How to Manage VMware vSphere Like AWS and Azure
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
 
Microsoft Azure News - 2018 June
Microsoft Azure News - 2018 JuneMicrosoft Azure News - 2018 June
Microsoft Azure News - 2018 June
 
Citrix on Azure
Citrix on AzureCitrix on Azure
Citrix on Azure
 
Azure Big Picture
Azure Big PictureAzure Big Picture
Azure Big Picture
 
Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)
 
Microsoft Azure News - Nov 2016
Microsoft Azure News - Nov 2016Microsoft Azure News - Nov 2016
Microsoft Azure News - Nov 2016
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Introducing Cloudera Director at Big Data Bash
Introducing Cloudera Director at Big Data BashIntroducing Cloudera Director at Big Data Bash
Introducing Cloudera Director at Big Data Bash
 
Toyko azure meetup # 1 azure paa s overview
Toyko azure meetup # 1   azure paa s overviewToyko azure meetup # 1   azure paa s overview
Toyko azure meetup # 1 azure paa s overview
 
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
 
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 

Similar to The hidden secrets of azure networking

DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
DevOps_Fest
 

Similar to The hidden secrets of azure networking (20)

Demystifying Azure App Service Networking
Demystifying Azure App Service NetworkingDemystifying Azure App Service Networking
Demystifying Azure App Service Networking
 
Demystifying azure networking for on premises-azure databases
Demystifying azure networking for on premises-azure databasesDemystifying azure networking for on premises-azure databases
Demystifying azure networking for on premises-azure databases
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
 
IDERA Slides: Managing the Transition to Hybrid Cloud
IDERA Slides: Managing the Transition to Hybrid CloudIDERA Slides: Managing the Transition to Hybrid Cloud
IDERA Slides: Managing the Transition to Hybrid Cloud
 
Perth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updatesPerth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updates
 
XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
 
Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016
 
Why a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is EssentialWhy a Multi-cloud Strategy is Essential
Why a Multi-cloud Strategy is Essential
 
Azure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to KnowAzure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to Know
 
Micro services
Micro servicesMicro services
Micro services
 
Azure Express Route
Azure Express RouteAzure Express Route
Azure Express Route
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
 
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
 
Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12
 
Azure Service Fabric - Hamida Rebai - CCDays
Azure Service Fabric - Hamida Rebai - CCDaysAzure Service Fabric - Hamida Rebai - CCDays
Azure Service Fabric - Hamida Rebai - CCDays
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

Recently uploaded (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 

The hidden secrets of azure networking

  • 1. Welcome to Azure Saturday 2019 Munich 18.05.2019 – Microsoft Munich – azuresaturday.de -- @azuresaturday #AzureSaturday
  • 2. The hidden secrets of Azure Networking #AzureSaturday Speaker: Mohamed Wali 18.05.2019 – Microsoft Munich – azuresaturday.de – @azuresaturday
  • 3. Agenda VNet Service Endpoints Secure the Connection between Azure App Services and Databases DHCP on Azure Gateway Transit Connecting Azure and AWS Q&A
  • 4. VNet Service Endpoints • Extend VNet to Azure Services • Make use of Microsoft Azure backbone network • Faster, Reliable and Secure
  • 6. Services support Service Endpoints Azure Storage Azure SQL Database Azure SQL Data Warehouse Azure Database for PostgreSQL server Azure Database for MySQL server Azure Database for MariaDB Azure Cosmos DB Azure Key Vault Azure Service Bus Azure Event Hub Azure Data Lake Store Gen 1 Azure Container Registry Preview!
  • 8. Service Endpoint Policies • Prevent unauthorized access to storage accounts • Restrict Virtual Network access to specific Azure Storage Accounts • Granular access control over service endpoints
  • 10. Secure the Connection between Azure App Services and the Databases
  • 11. Securing Web App to DB Connection Patterns App Service Internet Azure Virtual Network Point to Site VPN App Service Environment Azure Virtual Network Azure Storage Azure SQL Service Endpoints Pattern 1: VNet Integration Pattern 2: Extending VNets
  • 12. New VNet Integration • No gateway needed • Support for ExpressRoute and Service Endpoints • Require Subnet delegation to allow the access between App service and Azure SQL App Service Internet Azure Virtual Network Azure SQL Service Endpoints Delegated subnet
  • 13. Demo: New VNet Integration
  • 14. DHCP on Azure • Can I use my own DHCP for Azure services? • What about Azure DHCP to On-Prem? • Is the hybrid scenario for DHCP valid? • What is the best model to implement DHCP for Cloud Native/Hybrid Model?
  • 17. VNet2 Express Route Challenge: Add more peered VNets VNet3 VNet4 VNet5VNet1 VNet6
  • 18. VNet Gateway Express Route VNet3VNet4 VNet1 VNet2 Azure Firewall/NVA Gateway Transit
  • 20. Connecting Azure and AWS RRAS WS 2012R2 VPNTunnel VPNTunnel Pattern 1: Integrating Gateways Pattern 2: Integrating Azure Gateway with RRAS
  • 21. Pattern 1: Integrating Gateways Limitations • Amazon Virtual Private Gateway is not a supported platform • BGP cannot be used (depends on the settings)
  • 22. Pattern 2: Integrating Azure Gateway with RRAS Limitations • Single Connection, Not stable • More Operations
  • 23. Session objectives and takeaways • Service Endpoints and its policies in the next big thing for securing the connection between azure resources with low latency • New VNet integration is coming to make your resources integration more seamless and efficient • NEVER EVER FOREVER think about deploying DHCP in Azure • Make use of Gateway Transit to streamline your networking problems in Azure • Connecting Azure and AWS is going to make your life much better if you have resources deployed across them
  • 24. Q&A