Azure Virtual Network

The Azure Virtual Network (VNet) is like a container that provide traffic isolation and segmentation.

An Azure virtual network (VNet) is a representation of your own network in the cloud. You can control your Azure network settings and define DHCP address blocks, DNS settings, security policies, and routing. You can also further segment your VNet into subnets and deploy Azure IaaS virtual machines (VMs) and PaaS role instances, in the same way you can deploy physical and virtual machines to your on-premises datacenter. In essence, you can expand your network to Azure, bringing your own IP address blocks.

The termes which are used in VNet are as follows:

  • Virtual Network
    • Virtual Network Subnet
    • Gateway Subnet
  • Virtual Network Gateway
    • Viurtual VPN Gateway
  • Network Security Group (NSG) -> Can be assigned to
    • Virtual Network
    • Virtual Machine
    • Sunbet -> at subnet level would be prefered.
  • User Defined Routing (UDR) -> for customizing traffic.

We can have one to many VNets but of course there’s subscription limitation. All VNets are isolated boundries. But there’s different types of connectivity available between VNets according to the scenario.

Connectivity types

VNets PeeringThere’s two different VNets peering:
– Global Peering
– VNets Peering -> the VNets must be in the same region.
VPN Gateway/ TunnelThe VPN Gateway is used for different types of connectivity:
– VNet-to-VNet (Microsoft Doc)
– Site-to-site -> On-premises env to Azure VNet (Microsoft Doc)
– Point-to-site -> Laptop to Azure VNet
Express Route

Virtual Network Security

The Network Security is applied to the network via Network Security Groups (NSGs) and it has the following features:

  • It has a stateful firewalll for inbount and outbound traffic.

References

Azure Service Bus

Service bus is available on azure platform with three different messaging possibilities:

  • Service Bus Queue
  • Service Bus Topic
  • Service Bus Relay
Service Bus QueueIt’s available for Basic Price Tier.
Service Bus TopicIt’s available for Standard / Premium Price Tier.
Service Bus Relay

Service Bus is usually for the enterprise level solutions, where the following items must be considered in the solution:

  • Multi components communicate with each other via brokered messaging
  • Communication is discrete.
  • A broker is needed to distribute the messages between components.
  • The message order is important (FIFO).
  • The application can have multi-tier architecture.
  • The application is hybrid (partially on-prem and partially cloud-based).
  • The applicaions of different departments must communicate with each other.

Service bus is created as a namespace and the message streamings are defined in the namespace and the price tier is defined at namespace level.

With Premium price tier is possible to define the Message Units. The message unit, isolate the workload processing in CPU and Memory. therefore, the partitioning option is removed from Create Queue and Topic blade. Two are features for premium are:

  • Event -> for automation
  • Firewall and virtual networks

Bus Service Overview

It’s available in Premium Price Tier

Shared Access Policies: in this blade we access the primary & secondary key & connection.

This is available in premium price tier

Queues: Add serveral queues.

Topics: Add several topics.

Secure Acceess

Uses the Shared Access Signature (SAS) with full access. This is generated by creating the service bus namesapace.

For Developers

The development has two parts

  • Sending message to the service bus queue
  • Handling/ process the messages in the service bus queue

Resources

Azure Monitor & Alert

What’s alert?

  • A proactive notificaion when an important notification found in monitoring (response to incidents).
  • Alert is raised before customer identifies and addresses an issue.
  • Unified alerts are managed by log analytics and application insights.
  • The previous type of alert are classic alerts.
  • Alerts are raised for matrics and logs. Ex. Metric values, Log search queries, Activity log event, Health of the underlying azure platform, test for website availability.

Alert states

Alert stateDescription
NewIssue has been detected but has not been reviewed.
AcknowlagedAdministrator has reviewed the alert and started working on it.
ClosedIssue has been resolved.

NOTE : The state changes are stored in alert’s history.

Alert states are independent of Monitor condition (fired or resolved).

Different type of reaction to an incident

  • Alerts & alert rules & action group
  • Classic alerts
  • Metric alerts
  • Log alerts
  • Activity log alerts
  • common alert schema
  • Smart groups (aggregation of lalerts base on machine learning algorithms)
  • Auto scale
  • Change analysis

Permission and privilages

We can use the Role-based access control (RBAC) at different levels

  • Subscription Level
  • Resource Level

The RBACs which are available for Azure Monitor service are the following:

  • Monitoring Contributor
  • Monitoring Metrics Publisher
  • Monitoring Reader

Ex. A user with the Monitoring contributor access for VM1 can only consume and mange the alert that have been generated for VM1.

Add new Alert

Alerts are defined via Azure Minitor Service blade.

Go to Azure portal > Monitor service> Go to Alerts section > Use add alert rule button.

According to the seleced resource there’s different signals available.

Signal types

  • Metrics
  • Activity logs

The alert configuration is different respectively. But without considering the signal types always we need the following items for creating an alert rule in Azure Monitor Service.

Resource
(For the scope of Alert Rule)
The scope of alert is specified in this step.
– Subscription level
– Resource Group level
– Region
– A specific resource
– One Alert Rule for multiple resources with the same Resource Type is available.
ConditionThe monitoring criteria.
Action GroupCollection of notifications.

Resources

Azure Subscription

In Azure Subscription features:

Subscription blade

How to see all available Resources Providers on Azure Portal

  1. Go to Azure Portal.
  2. Go to Subscription Resources.
  3. Select one of your active subscriptions.
  4. Subscription’s blade gets open.
  5. Go to Resource Providers item in the left panel.

The list of all resources providers/ all available resources is listed.