AZ-900 Episode 10 | Networking Services | Virtual Network, VPN Gateway, CDN, Load Balancer, App GW

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Join me and learn a bit about Virtual Networks, Subnets, VNet Peerings, VPN Gateways Load Balancers, Application Gateways, and Content Delivery Networks. 🌎☁📽

📺 Video: https://youtu.be/5NMcM4zJPM4

🌐 Site: https://marczak.io/az-900/#ep10

💬 Practice Test: https://marczak.io/az-900/episode-10/practice-test/

EDIT: Hehe, every time I post I get almost instant downvote in the first 5 minutes.

👍︎︎ 6 👤︎︎ u/AdamMarczakIO 📅︎︎ Aug 18 2020 🗫︎ replies

Captions

hello everyone welcome back to azure fundamentals course this is adam and in episode 10 we're covering the basics of azure networking services stay tuned the focus of the 10th episode is around azure networking services and the core services that we will learn today are virtual networks load balancers vpn gateways application gateways and content delivery networks but before we move to those services let's talk about what are networking services in general this is the category of services that allows customers to connect their on-premise and cloud resources but also help with protection and monitoring of the networking for those services as well as helping customers with application delivery and the first service that we will learn about today is azure virtual network imagine you have two resources in azure let's say two virtual machines because virtual machines are representation of the physical hardware in the cloud they also need to be placed into representation of the physical network infrastructure that representation in azure is called azure virtual network virtual networks allow their customers to create manage monitor and secure connectivity between azure resources but also between azure resources and their on-premise environments virtual networks can be segmented into smaller pieces called subnets there are two main purposes for having subnets one is to allow customers to manage their ip address allocation in a more efficient manner but also to group related resources together so that you can apply filters and security rules across multiple resources within the same subnet for example by grouping all the resources hosting your web applications and only allowing web traffic to go to that subnet as a customer you have a freedom of how you manage subnets and virtual networks if you want you can group multiple resources within the same subnet and it is your choice how you want to represent your networking infrastructure in the cloud there are many reasons why you would want to have multiple virtual networks and many technical limitations forcing you to do that for example virtual network can only reside within a single region and spawn resources from that specific region so if you will be building multi-region applications you will end up with multiple virtual networks so if you will want to connect multiple virtual networks you can do one of two things you can either use a feature called v-net peering vignette pairing allows you to combine virtual networks together and allow them to act as one or you can use vpn gateway to do so while there are benefits and drawbacks of using one or another it is a little bit too advanced topic for other fundamentals for now just remember you have two options and those are v-net peering and vpn gateway so let me summarize azure virtual networks is an emulation of a physical network infrastructure in the cloud and it is designed to allow customers for isolation and segmentation of their network to enable communication filtering and routing between azure and on-premise resources remember that virtual networks are scoped to a single region so in multi-region architecture you will have multiple virtual networks which you can connect to each other using either v-net peering or vpn gateway and when it comes to segmentation part you can achieve that using subnets and subnets allow customers to divide virtual networks so that they can better and more effectively manage their ip address allocation but also manage network filtering for something called network security groups or application security groups we will learn more about those in the future video about security and compliance but for today imagine you have two virtual machines within a single virtual network placed in two separate subnets if you want to control the traffic that comes from the internet to that virtual machine you can place a network security group on that subnet and those security groups will only allow specific traffic to reach that virtual machine you can also use network security groups to manage the traffic across subnets it is really a tool for you to manage your networking in secure and efficient manner but we'll get back to that in future episode let me now move to azure portal where i will show you how to create virtual network as usual you go to the left hand side menu you select create a resource and type in virtual network this will allow you to create a virtual network infrastructure in azure just hit create and fill in the form in order to create virtual network you need to select resource group for instance ac900 networking provide a name like am demo v-net next we need to select azure region as i mentioned this is a single region resource so for me this will be west europe now go to the next app called ip addresses where you can allocate address space for your virtual network if you leave it as default it will allocate 65 000 addresses for you to use and at the bottom you have a default subnet default subnet is a requirement for every azure virtual network this is the place where you can allocate part of your address space if you're done move to the next section go to the security where you can enable some additional security features for your virtual network like azure firewall devs protection or bastion host if you're satisfied with your selection simply hit review and create and create it only takes about 10-15 seconds for a virtual network to be created once created you can hit go to the resource to review your virtual network this is the place where you will manage everything about that virtual network but i want to show you something more interesting by going to the resource groups and selecting the resource group that i created in the previous episode called az900 vm where i created my virtual machine when you create a virtual machine by default a virtual machine is created with a virtual network with a default setting when you open this there's a cool feature of virtual networks that allows you to draw a diagram of your infrastructure by simply typing diagram here you can select monitoring diagram and azure will draw a diagram for you representing your current networking infrastructure for that specific virtual network as you see we have ac900 vm virtual network with one subnet called default and there is one network interface that is connected directly to this subnet which is used by a virtual machine called am demo vm there is also a public ip connected to this networking interface allowing me to connect to this virtual machine from the public internet and the network security group which controls all the traffic that goes to this virtual machine through this networking interface this diagram not only allows you very easily to see how your networking is organized within this virtual network but it also allows you to quickly find related resources for instance if i would want to manage security rules for this virtual machine i can simply now click on this network security group to do so and all those components that you have seen on the diagram are used to manage everything related to networking to this virtual machine but that's it for now let me move back to the presentation i've also mentioned something called virtual network gateway also called vpn gateway vpn gateway allows you to connect to your on-premise environments so you can enable your virtual network to talk to the network within your on-premise environments this communication is done over the public internet but it is entirely encrypted additionally vpn gateway can be also used to connect virtual networks to each other although this is a less common case it is still able to do that so just remember to use vpn gateway whenever you need to connect on-premise environments to azure over the public internet or if you need to implement cross-regional communications of other virtual networks in the end it will be your decision to decide whenever you will want to use v-net peering or vpn gateway to do so but there will be few details that you will need to read about before deciding which one to use because each is designed for specific use case for today we don't have to deep dive into those topics next on our list is azure load balancer and load balancing simply means distribution of the traffic across multiple resources so if you have two virtual machines you can create a load balancer in front and evenly distribute the traffic across those two virtual machines and there are many reasons to do that one of them is scalability because by adding additional instances scaling out you can scale to accommodate much larger workloads versus scaling up where you simply add more power to the machine and the second reason is high availability so if those virtual machines would be a premium ssd virtual machines by default from microsoft you will get three nines of sla that means each virtual machine is guaranteed to run for 99.9 percent of the time but if you put those virtual machines into separate availability zones and put that in front of the load balancer then microsoft guarantees you already 4 9 of sla in which case you increase sli and availability for your application by 10 times this is because load balancer automatically checks the health of the application components that it's connected to so if one of the virtual machines will stop from working it will automatically redirect the traffic to the second one and the chance for both of them to stop running is significantly lower than with one virtual machine and when you build larger solutions you will also separate your application components into tiers for instance by separating all the components that are handling web traffic into web tier and possibly second tier handling all the data management for the application having its own balancer to manage internal traffic in this case you would have two load balancers one with public ip allowing for public internet traffic to come in that's why this one would be called public load balancer and one without a public ip was just a private ip allowing only the private connectivity between the web tier and data tier this one would be called internal load balancer to summarize azure load balancer allows for even traffic distribution across azure components and it supports both inbound and outbound scenarios so both incoming and outgoing traffic and it is used by customers to provide highly available but also highly scalable applications it supports both tcp and udp applications and supports both internal and external traffic with this public and internal load balancer but azure load balancer is not the only traffic distribution service in azure the next one is application gateway if we are talking about traffic distribution for resources if that traffic is a web traffic so http traffic you usually will want to replace a load balancer with application gateway this is because application gateway is still a traffic distribution service but it is designed to support web traffic so simply it has more features that allow customers to better manage their web traffic let me just stop here for a second and mention that while i'm using virtual machines in pretty much every example here services like app services can also be used so those services allow you to redirect traffic to any public ip or address you are not limited to virtual machines when building scalable distributed applications so in case of building multi-tier application like previously you would replace that public load balancer with application gateway the summarize application gateway is your web traffic load balancer in azure with some features like web application firewall allowing you to scan for all the incoming traffic redirection capabilities session affinity when you want to be sure that your users are always directed to the same servers url routing or ssl termination which allows customers to decrypt the traffic on the application gateway and send unencrypted version to the backend services to reduce the processing power required to decrypt every single request going to the back end increasing even more the scalability of your solution but for the fundamentals exam you don't have to remember every single feature of application gateway just remember this is a load balancer that is designed to help you with distribution of web-based traffic and our last service for today is a content delivery network in short cdn cdn is one of those networking services that helps customers to build their applications so let's take a web application as an example every web application has some static content like javascript files style sheets static pages or images normally if developers don't know about the existence of services like content delivery network what they will do is bundle this application and put it into app service and host that app service in one of the azure regions around the world for instance in west u.s so when the user from alaska tries to connect to our web application his request will have to go through 1 600 miles to get this page and all of the content so if our web page has 50 elements on it that user has to make 50 requests 50 separate requests with each having hundred milliseconds delay this might not be an issue yet but if our users will start connecting from different continents in this case the distance they need to cover is much greater so the latency for every single request they make will be much greater when compared to users connecting from alaska to help with that scenario you ask your developers to upload all the static content into content delivery network allowing service to distribute that content all around the world so that the users will connect to the closest location with their content available reducing the latency but also the workload required by your front-end services so azure cdn allows for delivery of web content to users to minimize the latency for web applications so that you can build more scalable web applications and minimize the workload required by your front-end services and all that content is spread across multiple pop locations so-called points of presence microsoft has over 120 locations available worldwide so as you can imagine this is more than azure regions available that means there might be points of presence closer to you that there are to the closest azure region but that's pretty much it when it comes to content delivery network so let me summarize all of the networking services that we've learned today first of all we have other virtual networks this is the service that allows us to represent our physical networking in the cloud and allow us to group filter and segment the network and all the related resources additionally we've learned about vpn gateway a service that allows us to connect our on-premise networks with the cloud networks and allow them code to communicate to each other additionally the service allows us to also connect virtual networks in azure in this case remember that v-net peering as a feature also allows for that so definitely something to ponder on we've also learned about two load balancing solutions one called azure load balancer which is designed for non-web traffic for even distribution of that traffic across multiple services and if our traffic is a web-based then we use application gateway to distribute the traffic because it has additional features for filtering and security of web-based traffic and lastly we've learned about content delivery network in short cdn this is the service that distributes and caches the content across multiple pop locations around the world to offload our front end services but also reduce latency required to deliver the content to our users which helps with scalability of our applications but also gives us better user experience which brings us to our last slide remember about the materials available on my website check out the cheat sheets and practice tests and that's it and that's it when it comes to networking services in azure if you like this episode hit thumbs up leave a comment and subscribe to support the channel if you want to go to the next episode simply hit on the icon on the side or follow the playlist and see you in the next episode

Info

Channel: Adam Marczak - Azure for Everyone

Views: 164,774

Rating: undefined out of 5

Keywords: AZ-900, Microsoft Azure, Microsoft Azure Fundamentals, Azure Fundamentals, Full Course, Certification, Exam, az 900, virtual network, vnet, cdn, content delivery network, app gateway, load balancer, vpn gateway

Id: 5NMcM4zJPM4

Channel Id: undefined

Length: 17min 13sec (1033 seconds)

Published: Tue Aug 18 2020