Microsoft Azure offers a variety of networking services to its users. These services can also be used together with other services offered by Azure. These networking services are divided into these 4 major categories:
- Connectivity services: they connect on-premises resources to Azure resources through the following networking services: Azure DNS, VNet “Virtual Network”, Virtual WAN, VPN Gateway, ExpressRoute, Azure Bastion, Peering service, etc.
- Application protection services: they protect an organization’s application using the following Azure networking services: Firewall, Load Balancer, DDoS protection, Web Application Firewall, Private Link, Virtual Network Endpoints, etc.
- Application delivery services: They ensure the delivery of applications in the Azure cloud using the following services: Traffic Manager, Content Delivery Network “CDN”, Internet Analyzer, etc.
- Network monitoring services: they allow the monitoring of the organization’s cloud resources using the following services: Azure Monitor, Network Watcher, VNet Terminal Access Point “TAP”, ExpressRoute Monitor, etc. (Microsoft, 2022)
One of the most important networking services offered by Microsoft Azure is Azure Virtual Network “VNet”. VNet allows the following:
- Communication between Azure resources: it allows secure communication between, for example, Virtual Machines that are hosted in the Azure Cloud and other Azure services such as Azure Kubernetes Service ‘AKS’.
- Communication between virtual networks: it allows an organization to create more than one virtual network and connect them with each other. These virtual networks can either be on the same or a different Azure cloud.
- Communication to the internet: it allows, by default, resources in the VNet to communicate outbound to the internet. Inbound communication into the VNet is also possible after assigning it a public IP address.
- Communication with the on-premise network: it allows secure communication between the Azure virtual network and the organization’s physical network and computers (Microsoft, 2022)
Moreover, VPN Gateway is another very useful networking service offered by Azure. VPN Gateway service allows organizations to securely link any Azure virtual network to its on-premise network over the public internet through encrypted traffic. VPN Gateway can also send encrypted traffic between virtual networks hosted on the same Azure cloud. However, each virtual network on Azure may only have one VPN Gateway and multiple connections can be made to it from other virtual networks on the Azure cloud that have their own VPN Gateway service (Microsoft, 2022)
Another important networking service offered by Azure is ExpressRoute. ExpressRoute is a service that allows organizations to extend their on-premises network into the cloud over a secure private connection. This secure ExpressRoute connection can link company computers and servers to any Microsoft Azure or Microsoft 365 service. However, an ExpressRoute connection does not use the public internet, instead, it supports any-to-any “IP VPN” network, a point-to-point Ethernet network, etc. This type of secure connection allows for a highly secure, faster, latency-consistent, and more reliable connection than other type of connections over the public internet. (Microsoft, 2022)
Azure DNS service is a service by Microsoft Azure infrastructure that allows hosting for DNS domains which provides name resolution (mapping a human-readable value “domain name” to a machine-readable value “IP address”). It allows the management of DNS records using the same tools, APIs, credentials, and billing (Microsoft, 2022). Azure DNS, also, allows the organization to either buy a domain name or use a third-party domain name to be managed and hosted on Azure DNS. Azure DNS offers the following features: security, reliability, ease of use, customization, etc.
The Cybersecurity blog 