Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Azure Zurich User Group
PRO
May 11, 2023
Technology
0
20

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Having control over you hybrid network is key because many services require rock-solid and secure connectivity. There are multiple options available today to deploy, maintain and extend your network environment. But which one is the best fit for you? The latest service that Microsoft released recently to address this is ‘Azure Virtual Network Manager’ (AVNM). In this session, Marcel introduces you to this new service and gives you a behind-the-scenes view so that you are weaponized to use it out in the wild.
🙂 MARCEL ZEHNER ⚡️ Microsoft Cloud Champion @ SoftwareONE | Microsoft Regional Director & Azure MVP

Azure Zurich User Group
PRO

May 11, 2023
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
Navigating the Azure Cloud at Digitec Galaxus: Our Journey and Lessons Learned by Olivier Girard & Gerald Schermann
azurezurich
PRO
0
56
How Criminals Breach your Azure Environment by Marco Schmidt & Manu Meyer
azurezurich
PRO
0
18
GitHub Copilot has Come to Stay!
azurezurich
PRO
0
56
Synapse Real-Time Analytics in Fabric by Alvaro Videla
azurezurich
PRO
0
50
Data Engineering in the Large Language Models era by Ismaël Mejía
azurezurich
PRO
0
78
Aug23 [Slides]: HPC on Azure in the Financial Services Industry by Darko Mocelj
azurezurich
PRO
0
22
Container App Service Deep Dive by Mohammad Nofal
azurezurich
PRO
0
88
KEDA - Mastering Scale to Zero by Daniel Hasselwander
azurezurich
PRO
0
45
AzureBootcamp2023: Data Clean Rooms & Confidential Computing by David Sturzenegger & Primo Amrein
azurezurich
PRO
0
36

Other Decks in Technology

See All in Technology
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.3k
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
130
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.5k
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
290
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
190
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
2
6k
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
230
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
web-application-security
matsuihidetoshi
0
140
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.4k

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Happy Clients
brianwarren
92
6.4k
Building a Scalable Design System with Sketch
lauravandoore
456
32k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
How to name files
jennybc
65
93k
The Mythical Team-Month
searls
216
42k
Unsuck your backbone
ammeep
663
57k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Atom: Resistance is Futile
akmur
259
25k
The Cult of Friendly URLs
andyhume
74
5.7k

Transcript

  1. Azure Virtual Network Manager: The future of network management? Marcel

    Zehner | SoftwareONE Microsoft RD & MVP

  2. Marcel Zehner SoftwareONE 4x Microsoft Regional Director 11x Microsoft Azure

    MVP IT & Tech Geek Community Champion Poker Player

  3. Introduction

  4. ▪ Secure communications between ▪ Azure services ▪ Internet services

    ▪ On-premises and Azure services (hybrid) ▪ IaaS (e.g. virtual machines) ▪ PaaS (e.g. SQL databases) ▪ SaaS (e.g. Power BI service) Azure Virtual Networks

  5. ▪ Vnets are bound to a region ▪ Vnets are

    bound to a subscription ▪ Vnets are isolated from other virtual networks ▪ Virtual networks contain subnets ▪ Subnets can be protected using network security groups (NSGs) Azure Virtual Networks

  6. ▪ Network peerings can be used to connect multiple Vnets

    ▪ Strategies ▪ Hub-Spoke ▪ Mesh Peerings

  7. Mesh

  8. Hub-Spoke

  9. ▪ Lots of resources and configurations to manage ▪ Virtual

    Networks ▪ Peerings ▪ Network Security Groups ▪ Route Tables ▪ Custom Roles ▪ Azure Policies ▪ Etc. ▪ Resources distributed across regions & subscriptions The Challenges

  10. AVNM ▪ Best of both worlds ▪ Better than manual,

    easier than IaC ▪ Great control & rollback capabilities IaC ▪ Complex coding & deployment ▪ Best control, portability, trackability ▪ Most secure Manual ▪ Easiest to learn and execute ▪ No portability ▪ Error prone ▪ No testing & rollback How to tackle this?

  11. Deployment

  12. ▪ AVNM must be deployed in Azure ▪ Azure resource

    ▪ One or multiple instances ▪ Select the management scope ▪ Management Groups ▪ Subscriptions Deployment

  13. ▪ Select features for the AVNM instance ▪ Connectivity ▪

    Security admin Features

  14. Demo: Creation of an AVNM Instance

  15. Connectivity

  16. ▪ Group Vnets that should be managed into Network Groups

    ▪ Static membership ▪ Manually added/removed ▪ Dynamic membership ▪ Added/removed using Azure Policy ▪ Existing and future Vnets Connectivity

  17. ▪ Cross-tenant Vnet management supported ▪ Provider or managed service

    scenario ▪ Customer needs to give access to provider ▪ Invite user as guest ▪ Assign network contributor permissions to appropriate scope Connectivity

  18. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment

  19. Whiteboard & Demo: Creation & Deployment of a Connectivity Configuration

  20. Security Admin Rules

  21. ▪ Network Security Groups ▪ Layer 4 paket filters ▪

    Create and configure rule set ▪ Inbound and outbound traffic ▪ Applied at subnet or NIC level Network Security Groups (NSG)

  22. ▪ Security Admin Rules ▪ Configured using AVNM ▪ Applied

    at Vnet level ▪ Can be used to override or add NSG rules ▪ Priority > 1-99 (processes before NSG rules) ▪ Deny > Denied, not matter if NSG allows it ▪ Allow > Allowed if NSG does not block it ▪ AlwaysAllow > NSG is bypassed Security Admin Rules

  23. Security Admin Rules Network Security Group Rules Source Target

  24. Security Admin Rules Security Admin Rules Network Security Group Rules

    Source Target

  25. Security Admin Rules: Block Security Admin Rules Network Security Group

    Rules Source Target

  26. Security Admin Rules: Allow Security Admin Rules Network Security Group

    Rules Source Target

  27. Security Admin Rules: AlwaysAllow Security Admin Rules Network Security Group

    Rules Source Target

  28. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment

  29. Whiteboard & Demo: Creation & Deployment of Security Admin Rules

  30. Takeaways

  31. 1. New method to manage your network in a controlled

    way 2. Brand new, more features to expect soon 3. Pricing per subscription with AVNM- managed networks 4. Give it a try! Takeaways
  32. None

  33. Azure Virtual Network Manager: The future of network management? Marcel

    Zehner | SoftwareONE Microsoft RD & MVP