Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

AzureBootcamp2023: Virtual Network Manager by Marcel Zehner

Having control over you hybrid network is key because many services require rock-solid and secure connectivity. There are multiple options available today to deploy, maintain and extend your network environment. But which one is the best fit for you? The latest service that Microsoft released recently to address this is ‘Azure Virtual Network Manager’ (AVNM). In this session, Marcel introduces you to this new service and gives you a behind-the-scenes view so that you are weaponized to use it out in the wild.
🙂 MARCEL ZEHNER ⚡️ Microsoft Cloud Champion @ SoftwareONE | Microsoft Regional Director & Azure MVP

More Decks by Azure Zurich User Group

Other Decks in Technology


  1. Marcel Zehner SoftwareONE 4x Microsoft Regional Director 11x Microsoft Azure

    MVP IT & Tech Geek Community Champion Poker Player
  2. ▪ Secure communications between ▪ Azure services ▪ Internet services

    ▪ On-premises and Azure services (hybrid) ▪ IaaS (e.g. virtual machines) ▪ PaaS (e.g. SQL databases) ▪ SaaS (e.g. Power BI service) Azure Virtual Networks
  3. ▪ Vnets are bound to a region ▪ Vnets are

    bound to a subscription ▪ Vnets are isolated from other virtual networks ▪ Virtual networks contain subnets ▪ Subnets can be protected using network security groups (NSGs) Azure Virtual Networks
  4. ▪ Network peerings can be used to connect multiple Vnets

    ▪ Strategies ▪ Hub-Spoke ▪ Mesh Peerings
  5. ▪ Lots of resources and configurations to manage ▪ Virtual

    Networks ▪ Peerings ▪ Network Security Groups ▪ Route Tables ▪ Custom Roles ▪ Azure Policies ▪ Etc. ▪ Resources distributed across regions & subscriptions The Challenges
  6. AVNM ▪ Best of both worlds ▪ Better than manual,

    easier than IaC ▪ Great control & rollback capabilities IaC ▪ Complex coding & deployment ▪ Best control, portability, trackability ▪ Most secure Manual ▪ Easiest to learn and execute ▪ No portability ▪ Error prone ▪ No testing & rollback How to tackle this?
  7. ▪ AVNM must be deployed in Azure ▪ Azure resource

    ▪ One or multiple instances ▪ Select the management scope ▪ Management Groups ▪ Subscriptions Deployment
  8. ▪ Group Vnets that should be managed into Network Groups

    ▪ Static membership ▪ Manually added/removed ▪ Dynamic membership ▪ Added/removed using Azure Policy ▪ Existing and future Vnets Connectivity
  9. ▪ Cross-tenant Vnet management supported ▪ Provider or managed service

    scenario ▪ Customer needs to give access to provider ▪ Invite user as guest ▪ Assign network contributor permissions to appropriate scope Connectivity
  10. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment
  11. ▪ Network Security Groups ▪ Layer 4 paket filters ▪

    Create and configure rule set ▪ Inbound and outbound traffic ▪ Applied at subnet or NIC level Network Security Groups (NSG)
  12. ▪ Security Admin Rules ▪ Configured using AVNM ▪ Applied

    at Vnet level ▪ Can be used to override or add NSG rules ▪ Priority > 1-99 (processes before NSG rules) ▪ Deny > Denied, not matter if NSG allows it ▪ Allow > Allowed if NSG does not block it ▪ AlwaysAllow > NSG is bypassed Security Admin Rules
  13. ▪ Deploy the configuration to one or multiple regions &

    Vnets ▪ Check current vs. new state ▪ Remove previously applied configurations (rollback) Configuration & Deployment
  14. 1. New method to manage your network in a controlled

    way 2. Brand new, more features to expect soon 3. Pricing per subscription with AVNM- managed networks 4. Give it a try! Takeaways