When you have your Microsoft Azure Architectural Design in place like a HUB-Spoke model this Microsoft documentation can help you with the Security and networking design in Microsoft Azure Cloud services.
The Virtual Data Center (VDC) isn’t just the application workloads in the cloud. It’s also the network, security, management, and infrastructure. Examples are DNS and directory services. It usually provides a private connection back to an on-premises network or datacenter. As more and more workloads move to Azure, it’s important to think about the supporting infrastructure and objects that these workloads are placed in. Think carefully about how resources are structured to avoid the proliferation of hundreds of workload islands that must be managed separately with independent data flow, security models, and compliance challenges.
When you have your Microsoft Azure High Level Design, get your security and network in Azure in place in a manageable way for your Cloud Administrators and your Business. Here are some tips:
Understand the data workflows in your Azure Virtual Data Center.
Make a Detailed network and security design (Low level)
Keep it Simple but Secure.
Before you go into production, do a Security assessment (Pentest) by 3rd party Professionals
( For example via Company CQURE )
This topic helps you evaluate the Software Defined Networking (SDN) features available with Windows Server 2016 Technical Preview 5. In particular, it focuses on using Virtual Machine Manager (VMM) 2016 Technical Preview 5 to deploy a highly available three-node network controller; a new SDN capability in Windows Server Technical Preview. The network controller is a scalable and highly available server role that enables you to automate network infrastructure configuration instead of performing manual network device configuration.
Any developer or IT professional can be productive with Azure. The integrated tools, pre-built templates and managed services make it easier to build and manage enterprise, mobile, Web and Internet of Things (IoT) apps faster, using skills you already have and technologies you already know. Microsoft is also the only vendor positioned as a Leader across Gartner’s Magic Quadrants for Cloud Infrastructure as a Service, Application Platform as a Service, and Cloud Storage Services for the second consecutive year.
In today’s world it is all about mobility and Applications. On your work, at School, at Home, and even when you do Sport like biking or running. I think that’s why
Microsoft makes One Platform Windows 10 to get the best experience with Applications on every Device.
Making your own websites is really Easy with Microsoft Azure and is Cool to work with.
To run all those Web Apps in the Cloud you need Storage and capacity to store your data save in the Cloud with high security policies.
Microsoft Azure has all kind of diffenrent Storage in the Cloud for your data.
Microsoft Azure Data and Storage
Learn about Azure Storage, and how to create applications using Azure blobs, tables, queues, and files :
Of course when you have a lot of data, you like to analyze it for the business and make good Reports or Dashboard to
make the right decisions. Microsoft Azure Cloud Services has Data and Analytics :
Microsoft Azure Data and Analytics
Learn to create Hadoop clusters, process big data, develop solutions using streaming or historical data, and analyze the results :
When you are still working on an On-premises datacenter only, Microsoft makes it’s easy to transform your datacenter into Hybrid Cloud Scenarios.
You can think of a Twin Datacenter for your Core Business Applications, or save your longtime protection data into an Azure Backup Vault.
Microsoft Azure Hybrid Integration
Learn how to integrate the enterprise and the cloud with BizTalk Services :
To make those Microsoft Solutions Available for everyone, you need Developers and Developer Environments.
Microsoft Azure Developer Services
Learn how to detect issues, diagnose crashes and track usage of your mobile apps, and web apps hosted anywhere: on Azure or on your own IIS or J2EE servers :
This is a super simple “getting started” experience for deploying single and multi-container Dockerized applications utilizing Azure Resource Manager templates and the new Docker Extension
You can use Virtual Machine Manager (VMM) to manage your physical and virtualized network infrastructure. In VMM, the foundations of the network configuration are networks—the underlying logical networks and the VM networks—and switches. Switches can be configured as standard virtual switches, but this set of topics describes logical switches, which help you configure switch settings consistently across multiple hosts. To configure these network elements in VMM, use the following overviews and procedures :
You can use Virtual Machine Manager (VMM) to manage your physical and virtualized network infrastructure. Logical networks form the foundation of your network configuration in VMM. You create and name logical networks based on the function they serve in your environment, for example, the “Management,” “Cluster,” “Storage,” or “Tenant” networks. Within each logical network, you create one or more network sites that specify IP subnets, virtual local area networks (VLANs), or subnet/VLAN pairs that represent your environment.
In a logical network, you can provide static IP addressing by creating static IP address pools for the logical network. Dynamic Host Configuration Protocol (DHCP) is also an option.
Plan your logical networks, network sites, and IP address pools
Logical networks created by default
Guidelines for network sites: VLAN and IP subnet settings
Guidelines for IP address pools
VM networks for VLAN configuration
In Virtual Machine Manager (VMM), after you complete the planning described in Overview: plan logical networks, network sites, and IP address pools in VMM, you can plan your VM networks. Use this table for more information:
You can support multiple tenants (also called clients or customers) with their own networks, isolated from the networks of others, by using VM networks configured for network virtualization.
Direct access to the logical network (“no isolation”): described in this table
A VM network can provide direct access to a logical network. No planning is needed, other than to identify the logical network to give access to. This is the type of VM network typically used for management networks (for example, the network used for managing a host).
In Virtual Machine Manager (VMM), you can use logical switches (and the port profiles inside them) to help you configure switch settings consistently across multiple hosts. A logical switch is like a template for a virtual switch—it acts as a container for the switch settings and capabilities that you want to use. Instead of configuring switch settings individually for each network adapter, you can specify settings and capabilities in a logical switch, and then use the logical switch to apply those settings consistently across network adapters on multiple hosts.
This topic helps you evaluate the Software Defined Networking (SDN) features in Windows Server 2016 Technical Preview and Virtual Machine Manager 2016 Technology Preview 3. In particular, this topic is focused on scenarios that incorporate VMM with the Microsoft Network Controller, a new feature in Windows Server 2016 Technical Preview. For more information about the Microsoft Network Controller, see Network Controller.
HNV is a fundamental building block of Microsoft’s updated Software Defined Networking (SDN) solution, and is fully integrated into the SDN stack.
Microsoft’s new Network Controller pushes HNV policies down to a Host Agent running on each host using Open vSwitch Database Management Protocol (OVSDB) as the SouthBound Interface (SBI). The Host Agent stores this policy using a customization of the VTEP schema and programs complex flow rules into a performant flow engine in the Hyper-V switch.
The flow engine inside the Hyper-V switch is the same as Microsoft Azure’s, which has been proven at hyper-scale in the Microsoft Azure public cloud. Additionally, the entire SDN stack up through the Network Controller, and Network Resource Provider (details coming soon) is consistent with Microsoft Azure, thus bringing the power of the Microsoft Azure public cloud to our enterprise and hosting service provider customers.
The Virtual eXtensible Local Area Network (VXLAN – RFC 7348) protocol has been widely adopted in the market place, with support from vendors like Cisco, Brocade, Dell, HP and others. Microsoft’s HNV also now supports this encapsulation scheme using MAC distribution mode through the Microsoft Network Controller to program mappings for tenant overlay network IP addresses (Customer Address – CA) to the physical underlay network IP addresses (Provider Address – PA). Both NVGRE and VXLAN Task Offloads are supported for improved performance through third-party drivers.
Windows Server 2016 Technical Preview includes a software load balancer (SLB) with full support for virtual network traffic and seamless interaction with HNV. The SLB is implemented through the performant flow engine in the data plane v-Switch and controlled by the Network Controller for Virtual IP (VIP) / Dynamic IP (DIP) mappings.
HNV implements correct L2 Ethernet headers to ensure interoperability with third-party virtual and physical appliances that depend on industry-standard protocols. Microsoft ensures that all transmitted packets have compliant values in all fields to ensure this interoperability. In addition, support for Jumbo Frames (MTU > 1780) in the physical L2 network will be required to account for packet overhead introduced by encapsulation protocols (NVGRE, VXLAN) while ensuring guest Virtual Machines attached to an HNV Virtual Network maintain a 1514 MTU.
Part of a series of specialized guides on System Center, this book is specifically designed for architects and cloud fabric administrators who want to understand what de…cisions to make during the design process and the implications of those decisions, what constitutes best practice, and, ultimately, what to do to build out a virtualized network solution that meets today’s business requirements while also providing a platform for future growth and expansion. This second edition includes coverage of the Hyper-V Network Virtualization gateway, designing a solution that extends an on-premises virtualized network solution to an external (hosted) environment, details of how to troubleshoot and diagnose some of the key connectivity challenges, and a look at the Cloud Platform System (CPS) and some of the key considerations that went into designing and building the network architecture and solution for that environment.
Microsoft Azure HUB-Spoke Model
Read this Awesome Microsoft Azure Virtual Data Center documentation from a Network perspective here
Cloud and Datacenter Management Blog 