CCIE Security Blog

So what Azure has to do with CCIE? Well not much beside the point that cloud computing is very hot these days and will not cull down very soon. So, being in the IT sector, soon or latter we will be engaged in some form of cloud computing. My recent engagement involved Azure so here we are, need to get better understanding or Azure computing, terms and usage…

Some basic terminologies related to Azure. Of course you read thru tons of online docs but for my own benefit, i am putting some pointers and common terms here.. Feel free to use it…

– Azure VNet Peering: VNet peering enables a seamless connection between VNets in Azure. Traffic uses Microsoft’s private network when routed via VNet peering. Azure supports the following types of peering: 
– Virtual network peering: Connect virtual networks within the same Azure region. 
– Global virtual network peering: Connecting virtual networks across Azure regions.

– Azure Route Table (UDR): Azure Route Table is a flexible way to route traffic in Azure VNets. User Defined Route (UDR) takes precedence over the system routes. UDR supports various next-hop options such as network virtual appliance (NVA), VNet, Internet, and none. 

– Azure Network Security Group (NSG): Azure network security group is similar to access-control-list; it filters network traffic from and to Azure resources in VNet. Security rules in NSG that can allow or deny inbound and outbound traffic. NSG is a layer four construct; you can specify source and destination, port, and protocol. 

– Azure Network Virtual Appliance (NVA): Azure defined third party network and security appliance as NVA. Azure UDR lets you forward traffic to NVA for security and routing. Cisco ASAv, and NGFWv are also available in the Azure marketplace. 

– Azure Availability Zone (AZ): Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. 

– Azure Availability Set (AVS): Availability sets are another datacenter configuration to provide VM redundancy and availability. This configuration within a datacenter ensures that at least one virtual machine is available during either a planned or unplanned maintenance event. 

– Azure Internal Load Balancer (ILB): Azure Internal Balancer operates at layer four, and it distributes traffic flows that arrive at the load balancer’s frontend IP to backend pool instances. The load balancing rule defines how traffic should be load balanced to the backend instances. ILB provides the flexibility of enabling health probes to track the health of the backend instances. For the scalable and resilient design, ILB load balances traffic to multiple Cisco Instances. In order to add NVA in the backend pool NVA be in Availability Set or Availability Zone. 

– Azure External Load Balancer (ELB): Azure Public Load Balancer or External Load Balancer operates at layer four, and it distributes traffic flows that arrive at the load balancer’s frontend IP to backend pool instances. The load balancing rule defines how traffic should be load balanced to the backend instances. ELB provides the flexibility of enabling health probes to track the health of the backend instances. For the scalable and resilient design, ELB load balances traffic to multiple Cisco Instances. In order to add NVA in the backend pool NVA be in Availability Set or Availability Zone. 

– Azure Traffic Manager (ATM): Azure Traffic Manager is a DNS-based traffic load balancer that enables traffic distribution in global Azure regions. Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint. Traffic Manager engages a variety of load balancing methods and service endpoint health probe. 

– Azure Resource Manager Template (ARM Template): Azure Resource Manager (ARM) templates provide a flexible way to implement infrastructure as code in the Azure environment. ARM template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration. More info can be located here: Cisco Live Breakout Session covers how to create ARM templates (BRKSEC-3093 – Search BRKSEC-3093, Cisco Live Login Required). 
– Azure Marketplace: Azure Marketplace third party application that can be used by Azure Customers hosts, Cisco provide wide range of NVA and services in Azure marketplace.