Select region for vnet and regions are region/zone because we have for example East US & East US 2
Select region for VPC
Subnet is created in vnet’s region.
Subnet is created in different zones of the region
GCP
coming soon..
Multi-cloud : Public IP
Azure
AWS
GCP
Static IP
Elastic IP
Dynamic IP
Multi-cloud
You can configure VPN between cloud providers (it’s straight forward) and it’s the same as VPN between on-prem and cloud with setting up the Gateway and then we have an encrypted tunnel for the traffic between cloud providers.
Azure, GCP, and AWS support IKEv2 in virtual private network
The Azure Virtual Network (VNet) is like a container that provide traffic isolation and segmentation.
An Azure virtual network (VNet) is a representation of your own network in the cloud. You can control your Azure network settings and define DHCP address blocks, DNS settings, security policies, and routing. You can also further segment your VNet into subnets and deploy Azure IaaS virtual machines (VMs) and PaaS role instances, in the same way you can deploy physical and virtual machines to your on-premises datacenter. In essence, you can expand your network to Azure, bringing your own IP address blocks.
The termes which are used in VNet are as follows:
Virtual Network
Virtual Network Subnet
Gateway Subnet
Virtual Network Gateway
Viurtual VPN Gateway
Network Security Group (NSG) -> Can be assigned to
Virtual Network
Virtual Machine
Sunbet -> at subnet level would be prefered.
User Defined Routing (UDR) -> for customizing traffic.
We can have one to many VNets but of course there’s subscription limitation. All VNets are isolated boundries. But there’s different types of connectivity available between VNets according to the scenario.
Connectivity types
VNets Peering
There’s two different VNets peering: – Global Peering – VNets Peering -> the VNets must be in the same region.
VPN Gateway/ Tunnel
The VPN Gateway is used for different types of connectivity: – VNet-to-VNet (Microsoft Doc) – Site-to-site -> On-premises env to Azure VNet (Microsoft Doc) – Point-to-site -> Laptop to Azure VNet
Express Route
Virtual Network Security
Provide network security with using
Network security group
Using attack simulation to access protection and detection capabilities of azure web application firewall (WAF)
Network Security Group (NSG)
The Network Security is applied to the network via Network Security Groups (NSGs) and it has the following features:
It has a stateful firewalll for inbount and outbound traffic.
– Built-in high availability and auto scale – Network and application traffic filtering – Centralized policy across VNets and subscriptions
Complete VNET protection
Filter Outbound, Inbound, Spoke-Spoke and Hybrid Connections traffic (VPN and ExpressRoute)
Centralized logging
Archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics or Security Integration and Event Management (SIEM) system of choice.
Best for Azure
DevOps integration, FQDN tags, Service Tags, Integration with ASE, Backup and other Azure Services.
Azure Firewall Premium
Next-Gen Firewall features, including TLS inspection, IDPS, and URL Categories.
Multi Cloud Solutions 