hello everyone welcome back to azure fundamentals course this is adam and in

episode 10 we're covering the basics of azure networking services stay tuned the
focus of the 10th episode is around azure networking services and the core
services that we will learn today are virtual networks load balancers vpn
gateways application gateways and content delivery networks but before we move
to those services let's talk about what are networking services in general this
is the category of services that allows customers to connect their on-premise and
cloud resources but also help with protection and monitoring of the networking
for those services as well as helping customers with application delivery and
the first service that we will learn about today is azure virtual network imagine
you have two resources in azure let's say two virtual machines because virtual
machines are representation of the physical hardware in the cloud they also need
to be placed into representation of the physical network infrastructure that
representation in azure is called azure virtual network virtual networks allow
their customers to create manage monitor and secure connectivity between azure
resources but also between azure resources and their on-premise environments
virtual networks can be segmented into smaller pieces called subnets there are
two main purposes for having subnets one is to allow customers to manage their ip
address allocation in a more efficient manner but also to group related resources
together so that you can apply filters and security rules across multiple
resources within the same subnet for example by grouping all the resources
hosting your web applications and only allowing web traffic to go to that subnet
as a customer you have a freedom of how you manage subnets and virtual networks
if you want you can group multiple resources within the same subnet and it is
your choice how you want to represent your networking infrastructure in the cloud
there are many reasons why you would want to have multiple virtual networks and
many technical limitations forcing you to do that for example virtual network can
only reside within a single region and spawn resources from that specific region
so if you will be building multi-region applications you will end up with
multiple virtual networks so if you will want to connect multiple virtual
networks you can do one of two things you can either use a feature called v-net
peering vignette pairing allows you to combine virtual networks together and
allow them to act as one or you can use vpn gateway to do so while there are
benefits and drawbacks of using one or another it is a little bit too advanced
topic for other fundamentals for now just remember you have two options and
those are v-net peering and vpn gateway so let me summarize azure virtual
networks is an emulation of a physical network infrastructure in the cloud and it
is designed to allow customers for isolation and segmentation of their network
to enable communication filtering and routing between azure and on-premise
resources remember that virtual networks are scoped to a single region so in
multi-region architecture you will have multiple virtual networks which you can
connect to each other using either v-net peering or vpn gateway and when it
comes to segmentation part you can achieve that using subnets and subnets allow
customers to divide virtual networks so that they can better and more
effectively manage their ip address allocation but also manage network filtering
for something called network security groups or application security groups we
will learn more about those in the future video about security and compliance
but for today imagine you have two virtual machines within a single virtual
network placed in two separate subnets if you want to control the traffic that
comes from the internet to that virtual machine you can place a network security
group on that subnet and those security groups will only allow specific traffic
to reach that virtual machine you can also use network security groups to manage
the traffic across subnets it is really a tool for you to manage your networking
in secure and efficient manner but we'll get back to that in future episode let
me now move to azure portal where i will show you how to create virtual network
as usual you go to the left hand side menu you select create a resource and type
in virtual network this will allow you to create a virtual network infrastructure
in azure just hit create and fill in the form in order to create virtual network
you need to select resource group for instance ac900 networking provide a name
like am demo v-net next we need to select azure region as i mentioned this is a
single region resource so for me this will be west europe now go to the next app
called ip addresses where you can allocate address space for your virtual network
if you leave it as default it will allocate 65 000 addresses for you to use and
at the bottom you have a default subnet default subnet is a requirement for
every azure virtual network this is the place where you can allocate part of your
address space if you're done move to the next section go to the security where
you can enable some additional security features for your virtual network like
azure firewall devs protection or bastion host if you're satisfied with your
selection simply hit review and create and create it only takes about 10-15
seconds for a virtual network to be created once created you can hit go to the
resource to review your virtual network this is the place where you will manage
everything about that virtual network but i want to show you something more
interesting by going to the resource groups and selecting the resource group that
i created in the previous episode called az900 vm where i created my virtual
machine when you create a virtual machine by default a virtual machine is created
with a virtual network with a default setting when you open this there's a cool
feature of virtual networks that allows you to draw a diagram of your
infrastructure by simply typing diagram here you can select monitoring diagram
and azure will draw a diagram for you representing your current networking
infrastructure for that specific virtual network as you see we have ac900 vm
virtual network with one subnet called default and there is one network interface
that is connected directly to this subnet which is used by a virtual machine
called am demo vm there is also a public ip connected to this networking
interface allowing me to connect to this virtual machine from the public internet
and the network security group which controls all the traffic that goes to this
virtual machine through this networking interface this diagram not only allows
you very easily to see how your networking is organized within this virtual
network but it also allows you to quickly find related resources for instance if
i would want to manage security rules for this virtual machine i can simply now
click on this network security group to do so and all those components that you
have seen on the diagram are used to manage everything related to networking to
this virtual machine but that's it for now let me move back to the presentation
i've also mentioned something called virtual network gateway also called vpn
gateway vpn gateway allows you to connect to your on-premise environments so you
can enable your virtual network to talk to the network within your on-premise
environments this communication is done over the public internet but it is
entirely encrypted additionally vpn gateway can be also used to connect virtual
networks to each other although this is a less common case it is still able to do
that so just remember to use vpn gateway whenever you need to connect on-premise
environments to azure over the public internet or if you need to implement
cross-regional communications of other virtual networks in the end it will be
your decision to decide whenever you will want to use v-net peering or vpn
gateway to do so but there will be few details that you will need to read about
before deciding which one to use because each is designed for specific use case
for today we don't have to deep dive into those topics next on our list is azure
load balancer and

load balancing simply means distribution of the traffic across multiple resources
so if you have two virtual machines you can create a load balancer in front and
evenly distribute the traffic across those two virtual machines and there are
many reasons to do that one of them is scalability because by adding additional
instances scaling out you can scale to accommodate much larger workloads versus
scaling up where you simply add more power to the machine and the second reason
is high availability so if those virtual machines would be a premium ssd virtual
machines by default from microsoft you will get three nines of sla that means
each virtual machine is guaranteed to run for 99.9 percent of the time but if
you put those virtual machines into separate availability zones and put that in
front of the load balancer then microsoft guarantees you already 4 9 of sla in
which case you increase sli and availability for your application by 10 times
this is because load balancer automatically checks the health of the application
components that it's connected to so if one of the virtual machines will stop
from working it will automatically redirect the traffic to the second one and
the chance for both of them to stop running is significantly lower than with one
virtual machine and when you build larger solutions you will also separate your
application components into tiers for instance by separating all the components
that are handling web traffic into web tier and possibly second tier handling
all the data management for the application having its own balancer to manage
internal traffic in this case you would have two load balancers one with public
ip allowing for public internet traffic to come in that's why this one would be
called public load balancer and one without a public ip was just a private ip
allowing only the private connectivity between the web tier and data tier this
one would be called internal load balancer to summarize azure load balancer
allows for even traffic distribution across azure components and it supports
both inbound and outbound scenarios so both incoming and outgoing traffic and it
is used by customers to provide highly available but also highly scalable
applications it supports both tcp and udp applications and supports both
internal and external traffic with this public and internal load balancer but
azure load balancer is not the only traffic distribution service in azure the
next one is application gateway if we are talking about traffic distribution for
resources if that traffic is a web traffic so http traffic you usually will want
to replace a load balancer with application gateway this is because application
gateway is still a traffic distribution service but it is designed to support web
traffic so simply it has more features that allow customers to better manage
their web traffic let me just stop here for a second and mention that while i'm
using virtual machines in pretty much every example here services like app
services can also be used so those services allow you to redirect traffic to any
public ip or address you are not limited to virtual machines when building
scalable distributed applications so in case of building multi-tier application
like previously you would replace that public load balancer with application
gateway the summarize application gateway is your web traffic load balancer in
azure with some features like web application firewall allowing you to scan for
all the incoming traffic redirection capabilities session affinity when you want
to be sure that your users are always directed to the same servers url routing
or ssl termination which allows customers to decrypt the traffic on the
application gateway and send unencrypted version to the backend services to
reduce the processing power required to decrypt every single request going to the
back end increasing even more the scalability of your solution but for the
fundamentals exam you don't have to remember every single feature of application
gateway just remember this is a load balancer that is designed to help you with
distribution of web-based traffic and our last service for today is a content
delivery network in short cdn cdn is one of those networking services that helps
customers to build their applications so let's take a web application as an
example every web application has some static content like javascript files
style sheets static pages or images normally if developers don't know about the
existence of services like content delivery network what they will do is bundle
this application and put it into app service and host that app service in one of
the azure regions around the world for instance in west u.s so when the user
from alaska tries to connect to our web application his request will have to go
through 1 600 miles to get this page and all of the content so if our web page
has 50 elements on it that user has to make 50 requests 50 separate requests with
each having hundred milliseconds delay this might not be an issue yet but if our
users will start connecting from different continents in this case the distance
they need to cover is much greater so the latency for every single request they
make will be much greater when compared to users connecting from alaska to help
with that scenario you ask your developers to upload all the static content into
content delivery network allowing service to distribute that content all around
the world so that the users will connect to the closest location with their
content available reducing the latency but also the workload required by your
front-end services so azure cdn allows for delivery of web content to users to
minimize the latency for web applications so that you can build more scalable web
applications and minimize the workload required by your front-end services and
all that content is spread across multiple pop locations so-called points of
presence microsoft has over 120 locations available worldwide so as you can
imagine this is more than azure regions available that means there might be
points of presence closer to you that there are to the closest azure region but
that's pretty much it when it comes to content delivery network so let me
summarize all of the networking services that we've learned today first of all
we have other virtual networks this is the service that allows us to represent
our physical networking in the cloud and allow us to group filter and segment
the network and all the related resources additionally we've learned about vpn
gateway a service that allows us to connect our on-premise networks with the
cloud networks and allow them code to communicate to each other additionally the
service allows us to also connect virtual networks in azure in this case
remember that v-net peering as a feature also allows for that so definitely
something to ponder on we've also learned about two load balancing solutions one
called azure load balancer which is designed for non-web traffic for even
distribution of that traffic across multiple services and if our traffic is a
web-based then we use application gateway to distribute the traffic because it
has additional features for filtering and security of web-based traffic and
lastly we've learned about content delivery network in short cdn this is the
service that distributes and caches the content across multiple pop locations
around the world to offload our front end services but also reduce latency
required to deliver the content to our users which helps with scalability of our
applications but also gives us better user experience which brings us to our last
slide remember about the materials available on my website check out the cheat
sheets and practice tests and that's it and that's it when it comes to
networking services in azure if you like this episode hit thumbs up leave a
comment and subscribe to support the channel if you want to go to the next
episode simply hit on the icon on the side or follow the playlist and see you in
the next episode