Networking

Helps you optimize application performance & scalability
Links compute resources and provides access to applications
Configure & control traffic into and out of Azure efficiently e.g. from on-premises to Azure and vice versa.

Loosely Coupled Architecture

Architecture behind Azure
Different services/components that sends and receives data from one another
- They have little to no knowledge about other components.
See also micro-services.
💡 Recommended because:
- Can be updated independently: Allows non-breaking changes as long as communication strategy is consistent.
- Allows services to be changed without significant impact to the rest of the system.
- Can be scaled proportionally.
  - Scale up/down, out/in only services that are relevant.
  - 💡 Take advantage of asynchronous messaging in Azure for communication for scalability.

Can be used to build loosely coupled architectures.
Divides an application into two or more logical tiers.
- A higher tier can access services from a lower tier, but a lower tier should never access a higher tier.
Tiers help separate concerns and are ideally designed to be reusable.
Simplifies maintenance: Tiers can be updated or replaced independently, and new tiers can be inserted if needed.
Three-tier refers to an n-tier application that has three e.g.
- Web tier (front-end)
- Application tier (back-end that runs application logic)
- Data tier (database)
  - Observe that each tier can access services only from a lower tier.
Read more

Enable you to group and isolate related systems
Logically isolated network on Azure
Allows Azure resources to securely communicate with • each other • VPNS • the internet • on-premises networks
❗ Scoped to a single region
💡📝 Virtual networks, subnets, NICs (network interfaces) are free (no $$) resources
- Public IP addresses, reserved IP, network appliances such as VPN Gateway & Application Gateway are charged.
You choose which networks your virtual network can reach, whether that’s the public internet or other networks in the private IP address space.

A virtual network can be segmented into one or more subnets.
Help you organize and secure your resources in discrete sections.
E.g. users interact with the web tier directly, so that VM has a public IP address along with a private IP address.
- Users don’t interact with the application or data tiers, so these VMs each have a private IP address only.

📝 Also called virtual network gateway
📝 Provide a secure connection between an Azure Virtual Network and an on-premises location over the internet.
📝 Your on-premises network is represented as Local network gateway object in Azure.
E.g. enables you to keep your data tiers in on-premises network, and web tier in cloud.
Azure manages the physical hardware for you, virtual networks & gateways are configured through software.
📝❗ Must be deployed in a subnet called gateway subnet.

📝 Control what traffic can flow through a virtual network.
Allows or denies inbound network traffic to your Azure resources.
Can be thought as a cloud-level firewall for your network.
E.g. web tier allows inbound traffic on ports 22 (SSH) and 80 (HTTP).
- Port 22 enables you to connect directly to Linux systems over SSH.
  - You might configure VPN access to your virtual network to increase security.
💡 Configure a NSG to accept traffic only from known sources, such as IP addresses that you trust.

Azure ExpressRoute
- Connects to Azure over high-bandwidth dedicated secure connections
Azure Network Watcher
- Monitors and diagnoses network issues using scenario-based analysis
Azure Virtual WAN
- Creates a unified wide area network (WAN), connecting local and remote sites
Network protection services: • Azure DDoS Protection • Azure Firewall