Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Azure Zurich User Group
PRO
May 11, 2023
Technology
0
9

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Having control over you hybrid network is key because many services require rock-solid and secure connectivity. There are multiple options available today to deploy, maintain and extend your network environment. But which one is the best fit for you? The latest service that Microsoft released recently to address this is ‘Azure Virtual Network Manager’ (AVNM). In this session, Marcel introduces you to this new service and gives you a behind-the-scenes view so that you are weaponized to use it out in the wild.
🙂 MARCEL ZEHNER ⚡️ Microsoft Cloud Champion @ SoftwareONE | Microsoft Regional Director & Azure MVP

Azure Zurich User Group
PRO

May 11, 2023
Tweet

More Decks by Azure Zurich User Group

See All by Azure Zurich User Group
Aug23 [Slides]: HPC on Azure in the Financial Services Industry by Darko Mocelj
azurezurich
PRO
0
11
Container App Service Deep Dive by Mohammad Nofal
azurezurich
PRO
0
52
KEDA - Mastering Scale to Zero by Daniel Hasselwander
azurezurich
PRO
0
15
AzureBootcamp2023: Data Clean Rooms & Confidential Computing by David Sturzenegger & Primo Amrein
azurezurich
PRO
0
21
AzureBootcamp2023: Azure PaaS, but as private as possible by Stephan Graber
azurezurich
PRO
0
7
AzureBootcamp2023: Azure API Management by Michael Rüefli
azurezurich
PRO
0
6
AzureBootcamp2023: Eventdriven Systems on Azure done right by Robin Konrad
azurezurich
PRO
0
6
AzureBootcamp2023: Azure Networking vNext by Eric Berg
azurezurich
PRO
0
14
AzureBootcamp2023: Building a Lakehouse Platform on Azure by Hansjörg Wingeier & Mathias Herzog
azurezurich
PRO
0
12

Other Decks in Technology

See All in Technology
自作WASMランタイムをKernelに改造する試み.pdf
riru
2
470
失敗から学ぶAPIファースト / API first learning from failure
yokawasa
14
4.3k
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.6k
Towards sustainable learning, designing, and decision-making
emgsilva
2
100
R Not Only in Production
karawoo
0
130
サーバーレスで仮想待合室を作ろう! / Serverless Virtual Waiting Room
_kensh
3
720
動画配信サービスの 人気番組配信のスパイクアクセスに、 サーバレスキャッシュで立ち向かう
miu_crescent
1
290
知らなくていい、知っても役に立たないDNSの豆知識
th0x0472
0
400
Azure OpenAI Service リファレンスアーキテクチャからみる本番システムレベルの LLM アプリに必要な検討項目の解説 / From Azure OpenAI Reference Architecture to Production-Ready LLM Apps #serverlessdays #serverlesstokyo
koudaiii
4
920
Better PHP - Keep your code up to date
wernerkrauss
1
120
[PHPカンファレンス沖縄2023]【実践編】良いプロダクト作りのための組織育成 健全なコードは健全な組織、健全なチームから
ikezoemakoto
1
190
アジャイルリーダークイズ王 2023 #scrummikawa / agile leader quiz king 2023
kyonmm
PRO
1
320

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Why Our Code Smells
bkeepers
PRO
329
56k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k
Designing for humans not robots
tammielis
246
24k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
Mobile First: as difficult as doing things right
swwweet
214
8.2k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
9.8k
Being A Developer After 40
akosma
52
580k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
184
15k

Transcript

  1. Azure Virtual Network Manager:
    The future of network
    management?
    Marcel Zehner | SoftwareONE
    Microsoft RD & MVP

    View Slide

  2. Marcel Zehner
    SoftwareONE
    4x Microsoft Regional
    Director
    11x Microsoft Azure
    MVP
    IT & Tech Geek
    Community Champion
    Poker Player

    View Slide

  3. Introduction

    View Slide

  4. ▪ Secure communications between
    ▪ Azure services
    ▪ Internet services
    ▪ On-premises and Azure services (hybrid)
    ▪ IaaS (e.g. virtual machines)
    ▪ PaaS (e.g. SQL databases)
    ▪ SaaS (e.g. Power BI service)
    Azure Virtual Networks

    View Slide

  5. ▪ Vnets are bound to a region
    ▪ Vnets are bound to a subscription
    ▪ Vnets are isolated from other virtual
    networks
    ▪ Virtual networks contain subnets
    ▪ Subnets can be protected using
    network security groups (NSGs)
    Azure Virtual Networks

    View Slide

  6. ▪ Network peerings can be used to
    connect multiple Vnets
    ▪ Strategies
    ▪ Hub-Spoke
    ▪ Mesh
    Peerings

    View Slide

  7. Mesh

    View Slide

  8. Hub-Spoke

    View Slide

  9. ▪ Lots of resources and configurations to
    manage
    ▪ Virtual Networks
    ▪ Peerings
    ▪ Network Security Groups
    ▪ Route Tables
    ▪ Custom Roles
    ▪ Azure Policies
    ▪ Etc.
    ▪ Resources distributed across regions &
    subscriptions
    The Challenges

    View Slide

  10. AVNM
    ▪ Best of both
    worlds
    ▪ Better than
    manual, easier
    than IaC
    ▪ Great control &
    rollback
    capabilities
    IaC
    ▪ Complex
    coding &
    deployment
    ▪ Best control,
    portability,
    trackability
    ▪ Most secure
    Manual
    ▪ Easiest to learn
    and execute
    ▪ No portability
    ▪ Error prone
    ▪ No testing &
    rollback
    How to tackle this?

    View Slide

  11. Deployment

    View Slide

  12. ▪ AVNM must be deployed in Azure
    ▪ Azure resource
    ▪ One or multiple instances
    ▪ Select the management scope
    ▪ Management Groups
    ▪ Subscriptions
    Deployment

    View Slide

  13. ▪ Select features for the AVNM instance
    ▪ Connectivity
    ▪ Security admin
    Features

    View Slide

  14. Demo:
    Creation of an AVNM
    Instance

    View Slide

  15. Connectivity

    View Slide

  16. ▪ Group Vnets that should be managed
    into Network Groups
    ▪ Static membership
    ▪ Manually added/removed
    ▪ Dynamic membership
    ▪ Added/removed using Azure Policy
    ▪ Existing and future Vnets
    Connectivity

    View Slide

  17. ▪ Cross-tenant Vnet management
    supported
    ▪ Provider or managed service scenario
    ▪ Customer needs to give access to
    provider
    ▪ Invite user as guest
    ▪ Assign network contributor permissions
    to appropriate scope
    Connectivity

    View Slide

  18. ▪ Deploy the configuration to one or
    multiple regions & Vnets
    ▪ Check current vs. new state
    ▪ Remove previously applied
    configurations (rollback)
    Configuration & Deployment

    View Slide

  19. Whiteboard & Demo:
    Creation & Deployment of a
    Connectivity Configuration

    View Slide

  20. Security Admin Rules

    View Slide

  21. ▪ Network Security Groups
    ▪ Layer 4 paket filters
    ▪ Create and configure rule set
    ▪ Inbound and outbound traffic
    ▪ Applied at subnet or NIC level
    Network Security Groups (NSG)

    View Slide

  22. ▪ Security Admin Rules
    ▪ Configured using AVNM
    ▪ Applied at Vnet level
    ▪ Can be used to override or add NSG rules
    ▪ Priority > 1-99 (processes before NSG rules)
    ▪ Deny > Denied, not matter if NSG allows it
    ▪ Allow > Allowed if NSG does not block it
    ▪ AlwaysAllow > NSG is bypassed
    Security Admin Rules

    View Slide

  23. Security Admin Rules
    Network
    Security
    Group Rules
    Source Target

    View Slide

  24. Security Admin Rules
    Security
    Admin Rules
    Network
    Security
    Group Rules
    Source Target

    View Slide

  25. Security Admin Rules: Block
    Security
    Admin Rules
    Network
    Security
    Group Rules
    Source Target

    View Slide

  26. Security Admin Rules: Allow
    Security
    Admin Rules
    Network
    Security
    Group Rules
    Source Target

    View Slide

  27. Security Admin Rules: AlwaysAllow
    Security
    Admin Rules
    Network
    Security
    Group Rules
    Source Target

    View Slide

  28. ▪ Deploy the configuration to one or
    multiple regions & Vnets
    ▪ Check current vs. new state
    ▪ Remove previously applied
    configurations (rollback)
    Configuration & Deployment

    View Slide

  29. Whiteboard & Demo:
    Creation & Deployment of
    Security Admin Rules

    View Slide

  30. Takeaways

    View Slide

  31. 1. New method to manage your
    network in a controlled way
    2. Brand new, more features to expect
    soon
    3. Pricing per subscription with AVNM-
    managed networks
    4. Give it a try!
    Takeaways

    View Slide

  32. View Slide

  33. Azure Virtual Network Manager:
    The future of network
    management?
    Marcel Zehner | SoftwareONE
    Microsoft RD & MVP

    View Slide