This document discusses Azure infrastructure services including virtual networks, network security groups, VPN gateways, load balancers, and traffic managers. It provides an overview of how these services provide logical isolation, private IP addressing, security controls, and connectivity between on-premises networks and Azure virtual networks. Examples of configurations including virtual network peering and point-to-site VPN connections are presented. The document concludes with an announcement of an upcoming demo of Azure web apps working with an Azure virtual network.

1. Azure Network & Infrastructure
Phi Huynh
R&D Manager
NashTech Vietnam

2. Azure Infrastructure Services
Virtual Network
Network Security Groups
VPN Gateway
Agenda
Load Balancer
Demos (Azure Web Apps working with AzureVirtual Network)

3. Azure Data Centers

4. Infrastructure-as-a-Service (IaaS)

5. Azure
Infrastructure
Services
(IaaS)

6. Virtual Network
Virtual Networks
Database subnet Web subnet
Internet
Logical Isolation
Stable & persistant IP Addresses
Subnets with private IP Addresses
Bring your own DNS
Azure-provided DNS
Works with AzureVM, Cloud Service
andWeb Apps
VM1 VM2 VM3 VM4
192.168.0.0/24 192.168.1.0/24

7. Virtual Network (10.1.0.0/16)
Virtual Networks
Peering
VM1
Connect 2VNets in the same region
Connection within Azure Infrastructure
Must be no overlapping IP Addresses
VM2
Virtual Network (10.2.0.0/16)
VM3 VM4
PEERING

8. Virtual Network
Network Interfaces
(NIC)
VM
Internet
One private, more publics
Dynamic/Static internal IPAddress
Dynamic/Static public IP Address
Bind to Network Security Group
Belong to aVNet
NIC
Public IP Address
Private
IPAddress

9. Virtual Network
Public IP Addresses
VM
Internet
On-Premises
Dynamic/static Public IP Address
(first-5 static for free)
Instance Level Public IP Address
(Classic)
VIP (Classic)
Reserved IP Address (Classic) VPN
Gateway
Site-to-site
VPN
Load balancer
VM1 VM2
Public IP
Public IP
Public IP

10. Virtual Network
Network Security
Group
Backend MidTier Frontend
InternetOn-Premises
DMZ Scenarios
Access Control List
Associate withVMs or Subnets
ACL can be updated independently VPN
Gateway
Site-to-site
VPN

11. Virtual Network
Virtual Network
Gateway
Backend Frontend
On-Premises
Point-to-site
Site-to-site & Multi-site
VNet-to-VNet
Express Route
VPN
Gateway
Site-to-siteVPN
(IPSec/IKE
tunnel)
VPN Client
Point-to-siteVPN
(SSTPTunnel)
Virtual Network
VPN
Gateway
Site-to-siteVPN
(IPSec/IKE
tunnel)

12. Load Balancer
Hashed-based distribution
Port forwarding
Automatic configuration
Service monitoring
…

13. Application Gateway
Web Appication Firewall
HTTP Load Balancing
Cookie-based session affinity
SSL Offload
Websocket Support
…

14. Traffic Manager
Improve availability
Improve responsiveness
Combine on-premises & cloud
Distribute traffic for complex
deployment

15. Virtual Network
Demo
Azure Web Apps working
with AzureVNet
Backend
Frontend
On-Premises
Virtual Network
Point-to-siteVPN
Network Security Group
Virtual Network Peering
VPN
Gateway
Point-to-siteVPN
…
Internet
192.168.1.0/24 192.168.0.0/24

16. THANK YOU
www.nashtechglobal.com