Term | Definition |
Compute Network Components | Service Fabric, Container Service, Azure Virtual Machines, and Azure Cloud Services |
Networking Network Components | Virtual Network, Azure DNS, Application Gateway, Traffic Manager, ExpressRoute, Load Balancer |
Data & Storage Network Components | Storage, DocumentDB, Azure SQL Database, StorSimple |
Web & Mobile Network Components | Web Apps, Mobile Apps, Notification Hub |
Other Services Network Components | Service Bus, Azure AD, Azure AD DS, MFA, Automation, Scheduler, Azure Backup, Site Recovery, Key Vault, Azure Security Center |
Virtual Networks | The fundamental piece that acts as an org's network. Used to connect resources and used as overlays to configure and control connectivity between resources. |
IP addresses | VMs, load balancers, app gateways in a single VNET require unique IPs. Two main types, private: allocated dynamically or statically. Public: assigned dynamically directly to VM or load balancer |
Subnets | You can further divide your network by using subnets for logical and security isolation of Azure resources. Each subnet contains a range of IP addresses that fall within the virtual network address space. |
NIC | VMs communicate with other VMs and other resources on the network by using virtual network interface cards (NICs). Virtual NICs configure VMs with private and optional public IP address. VMs can have more than one NIC for different network configurations. |
DNS | The DNS enables clients to resolve user-friendly FQDNs, such as www.adatum.com, to ip address. Azure proves a DNS to support many scenarios. There is ability to configure an external DNS for hybrid configurations. |
Internal Load Balancer | The internal load balancer enables you to load balance traffic between VMs in the same cloud service (for classic model), or between VMs and a virtual network with a regional scope, where the input IP address of the load balancer is a private IP address. |
Internet-facing load balancer | The internet-facing load balancer enables you to load balance incoming Internet traffic to VMs. |
Application Gateway | provide load-balanced solutions for net traffic based on HTTP protocol. Use routing rules as application-level policies that can offload SSL processing from balanced VMs. Can be used for cookie based session affinity scenario |
Traffic Manager | Used to load balance between endpoints that are located in different Azure regions, at hosted providers or on premises datacenters. Can be configured for priority or to ensure that users connect to an endpoint that is close to geolocal. |
Network Security Groups | Used to define rules that can allow or deny specific traffic to individual VMs or subnets. Enables you to design your VNET to provide a network experience that is similar to an on premises network. Allows for DMZs |
User Defined Routes | User Defined Routes (UDR) control network traffic by defining routes that specify the next hop of the traffic flow. You can assign User Defined Routes to virtual network subnets. |
Forced Tunneling | With forced tunneling you can redirect internet bound traffic back to the company’s on-premises infrastructure. Forced tunneling is commonly used in scenario where organizations want to implement packet inspection or corporate audit. |
Regional Virtual Networks | A VNET is bound to a subscription. Not possible for multiple subs to use the same VNET. Must use site-to-site VNET connections or Azure ExpressRoute to connect them. All new VNETs are RVNs, they can span a complete Azure region or datacenter. |
Cross-premises network connectivity | point-to-site VPN, site-to-site VPN, Express Route, VNet-to-VNet VPN |