Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Virtual Network Manager by M...

Azure Zurich User Group
PRO
May 11, 2023
Technology
0
24

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Having control over you hybrid network is key because many services require rock-solid and secure connectivity. There are multiple options available today to deploy, maintain and extend your network environment. But which one is the best fit for you? The latest service that Microsoft released recently to address this is ‘Azure Virtual Network Manager’ (AVNM). In this session, Marcel introduces you to this new service and gives you a behind-the-scenes view so that you are weaponized to use it out in the wild.
🙂 MARCEL ZEHNER ⚡️ Microsoft Cloud Champion @ SoftwareONE | Microsoft Regional Director & Azure MVP

Azure Zurich User Group
PRO

May 11, 2023
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
[Nov24]: Bringing your first LLM into Production or Beware of your Boss’s Nephew by Christian Hidber
azurezurich
PRO
0
16
[Nov24] ChatGPT OverYour Own Data by Marco Gerber
azurezurich
PRO
0
13
Bicep and Terraform Code generation (without AI) by Thomas Hafermalz
azurezurich
PRO
0
29
ABS2024: FinOps in Azure by Francisco Teles
azurezurich
PRO
0
90
ABS2024: Model Platform by Arindam Mitra, Anass Alhyar, Raj Subramani
azurezurich
PRO
0
47
ABS2024: Azure AI Deep Dive with Ausgleichskasse Basel Stadt by Jörg Bieri & Ivan Babic
azurezurich
PRO
0
65
ABS2024: Breaching the Cloud: How to Exploit and Mitigate Common Security Risks by Hans-Peter Weiss & Jan Schneider
azurezurich
PRO
0
81
ABS2024: Building an Enterprise Data Platform with Microsoft Fabric by Gerald Reif & Weili Gao
azurezurich
PRO
0
140
ABS2024: ChatGPT Over Your Own Data by Marco Gerber & Michael Rüefli
azurezurich
PRO
0
71

Other Decks in Technology

See All in Technology
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
SSMRunbook作成の勘所_20241120
koichiotomo
2
130
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
複雑なState管理からの脱却
sansantech
PRO
1
140
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
300
いざ、BSC討伐の旅
nikinusu
2
780
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Being A Developer After 40
akosma
86
590k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Gamification - CAS2011
davidbonilla
80
5k
Designing for humans not robots
tammielis
250
25k
Practical Orchestrator
shlominoach
186
10k
How STYLIGHT went responsive
nonsquared
95
5.2k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Navigating Team Friction
lara
183
14k

Transcript

  1. Azure Virtual Network Manager: The future of network management? Marcel

    Zehner | SoftwareONE Microsoft RD & MVP

  2. Marcel Zehner SoftwareONE 4x Microsoft Regional Director 11x Microsoft Azure

    MVP IT & Tech Geek Community Champion Poker Player

  3. Introduction

  4. ▪ Secure communications between ▪ Azure services ▪ Internet services

    ▪ On-premises and Azure services (hybrid) ▪ IaaS (e.g. virtual machines) ▪ PaaS (e.g. SQL databases) ▪ SaaS (e.g. Power BI service) Azure Virtual Networks

  5. ▪ Vnets are bound to a region ▪ Vnets are

    bound to a subscription ▪ Vnets are isolated from other virtual networks ▪ Virtual networks contain subnets ▪ Subnets can be protected using network security groups (NSGs) Azure Virtual Networks

  6. ▪ Network peerings can be used to connect multiple Vnets

    ▪ Strategies ▪ Hub-Spoke ▪ Mesh Peerings

  7. Mesh

  8. Hub-Spoke

  9. ▪ Lots of resources and configurations to manage ▪ Virtual

    Networks ▪ Peerings ▪ Network Security Groups ▪ Route Tables ▪ Custom Roles ▪ Azure Policies ▪ Etc. ▪ Resources distributed across regions & subscriptions The Challenges

  10. AVNM ▪ Best of both worlds ▪ Better than manual,

    easier than IaC ▪ Great control & rollback capabilities IaC ▪ Complex coding & deployment ▪ Best control, portability, trackability ▪ Most secure Manual ▪ Easiest to learn and execute ▪ No portability ▪ Error prone ▪ No testing & rollback How to tackle this?

  11. Deployment

  12. ▪ AVNM must be deployed in Azure ▪ Azure resource

    ▪ One or multiple instances ▪ Select the management scope ▪ Management Groups ▪ Subscriptions Deployment

  13. ▪ Select features for the AVNM instance ▪ Connectivity ▪

    Security admin Features

  14. Demo: Creation of an AVNM Instance

  15. Connectivity

  16. ▪ Group Vnets that should be managed into Network Groups

    ▪ Static membership ▪ Manually added/removed ▪ Dynamic membership ▪ Added/removed using Azure Policy ▪ Existing and future Vnets Connectivity

  17. ▪ Cross-tenant Vnet management supported ▪ Provider or managed service

    scenario ▪ Customer needs to give access to provider ▪ Invite user as guest ▪ Assign network contributor permissions to appropriate scope Connectivity

  18. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment

  19. Whiteboard & Demo: Creation & Deployment of a Connectivity Configuration

  20. Security Admin Rules

  21. ▪ Network Security Groups ▪ Layer 4 paket filters ▪

    Create and configure rule set ▪ Inbound and outbound traffic ▪ Applied at subnet or NIC level Network Security Groups (NSG)

  22. ▪ Security Admin Rules ▪ Configured using AVNM ▪ Applied

    at Vnet level ▪ Can be used to override or add NSG rules ▪ Priority > 1-99 (processes before NSG rules) ▪ Deny > Denied, not matter if NSG allows it ▪ Allow > Allowed if NSG does not block it ▪ AlwaysAllow > NSG is bypassed Security Admin Rules

  23. Security Admin Rules Network Security Group Rules Source Target

  24. Security Admin Rules Security Admin Rules Network Security Group Rules

    Source Target

  25. Security Admin Rules: Block Security Admin Rules Network Security Group

    Rules Source Target

  26. Security Admin Rules: Allow Security Admin Rules Network Security Group

    Rules Source Target

  27. Security Admin Rules: AlwaysAllow Security Admin Rules Network Security Group

    Rules Source Target

  28. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment

  29. Whiteboard & Demo: Creation & Deployment of Security Admin Rules

  30. Takeaways

  31. 1. New method to manage your network in a controlled

    way 2. Brand new, more features to expect soon 3. Pricing per subscription with AVNM- managed networks 4. Give it a try! Takeaways
  32. None

  33. Azure Virtual Network Manager: The future of network management? Marcel

    Zehner | SoftwareONE Microsoft RD & MVP