Networking is a critical component of any cloud infrastructure. IT teams need to connect resources and optimize application performance -- all of which depend on solid network architecture.
Microsoft Azure networking services offer various capabilities to connect and manage cloud resources. Beyond virtual networks and a number of connectivity options, Azure offers tools to monitor and manage traffic, perform load balancing and ensure secure user connections.
But how do you know which offerings to choose for your project? Review these core Azure networking services.
Azure Virtual Network (VNet). An Azure VNet is an isolated network within the Azure cloud that enables enterprises to securely connect cloud resources, such as VMs. Enterprises use the service to set up and manage virtual private networks (VPNs) and can create multiple VNets within an Azure subscription or region. Enterprises can choose to connect VNets so resources within separate VNets can communicate. They can also set up private network connections between on premises and Azure.
Azure Load Balancer. Azure Load Balancer is an OSI Layer 4 -- the transport layer -- load balancer designed to ensure high availability. IT teams can configure the service to perform internet-facing load balancing, which balances incoming traffic from the internet among Azure VMs, as well as internal load balancing, which manages traffic among VMs in a VPN. This Azure networking service automatically reconfigures itself when admins scale an instance and has monitoring features that cease connections to an instance if it's not performing well.
Azure Application Gateway. Azure Application Gateway is an application delivery controller service that offers load balancing at the application layer -- OSI Layer 7. Its features include HTTP load balancing, URL-based content routing and multisite hosting. Enterprises can use diagnostics tools, such as access logs, as well as monitoring features. A web application firewall also protects from web-based attacks, such as cross-site scripting.
Azure Virtual Private Network Gateway. VPN Gateway is a network gateway service that enables encrypted traffic to travel across multiple types of virtual networks or sites over the internet. IT teams must pick the right VPN cross-premises connection options to best suit their needs, such as Site-to-Site, Point-to-Site, VNet-to-VNet, Multi-Site and Azure ExpressRoute.
Azure Domain Name System (DNS). Azure DNS is a service that hosts a DNS domain and enables admins to manage its records. The service hosts domains on a global network of Azure DNS name servers. Admins manage DNS records through the Azure Portal, Azure PowerShell and the Azure command-line interface. Additionally, it supports internet-facing DNS domains and private DNS zones. Azure Private DNS manages and resolves domain names in a virtual network and, with Private DNS zones, IT teams can use their custom domain names to better customize virtual network architecture to suit enterprise needs.
Azure Content Delivery Network (CDN). CDN is an Azure networking service that delivers high-bandwidth content through CDN caches. The CDN caches are in edge locations around the world to provide content more quickly and with lower latency to end users. It is commonly used for static content, such as documents and files, but teams can also configure the service for dynamic content, such as a PDF.
Azure Front Door. Azure Front Door is a CDN with built-in security, such as web application firewall, bot protection and distributed denial-of-service protection. Similar to Azure CDN, it uses edge computing to reduce latency for end users globally. It also has global load balancing to improve app reliability and performance. Lastly, IT teams can use its reporting analytics feature to gain granular, real-time insights on assets, as well as to monitor CDN traffic. The service is a good fit for enterprises that work with dynamic web application and static content.
Azure Traffic Manager. Microsoft Azure Traffic Manager enables admins to distribute user traffic for Azure VMs, cloud services and web applications to boost availability and prevent downtime. It offers six types of DNS routing -- priority, performance, geographic, weighted round-robin, subnet and multivalue -- to direct user traffic to the most optimal endpoint. The service also includes continuous endpoint monitoring and automatic failover. It is a popular option for enterprises that have on-premises systems and are planning to burst, migrate and failover to the cloud.
Azure ExpressRoute. ExpressRoute is an Azure networking service that privately connects an enterprise's on-premises infrastructure to the Microsoft public cloud via a third-party connectivity provider. Because the connection is private, it offers lower latency and greater reliability than the public internet. Azure ExpressRoute connectivity providers include Comcast, AT&T and Equinix.
Azure Private Link. With Private Link, IT teams can access various Azure PaaS offerings -- as well as Azure-hosted customer-owned services and Microsoft partner services -- via a private endpoint in an enterprise's virtual network. With private endpoints, IT teams do not need to use ExpressRoute or VPN connections, gateways, network address translation devices or public IP addresses. Private endpoints are accessible via on-premises VPN tunnels and peered networks.
Azure Network Watcher. Network Watcher enables IT teams to monitor their Azure networking services. It provides various tools to monitor resources, diagnose problems, view metrics and analyze logs for Azure virtual network resources. While Azure provides monitoring capabilities for each of its individual network resources or services, Network Watcher is designed to provide a more holistic view of the network of IaaS products, such as Azure VMs and Azure Virtual Networks. Enterprises can view the interconnections between resources, as well as their usage.