- Purpose: Fundamental building block for private networking in Azure.
- Key Capabilities:
- Isolated network segments within Azure.
- Subnets for segmented network design.
- Network security boundaries and controls.
- Typical Use Cases:
- Host Azure resources securely.
- Extend on-premises networks to the cloud.
- Control inbound and outbound traffic routing.
- Purpose: Logical subdivisions of an Azure VNet for resource segmentation.
- Key Capabilities:
- Control network traffic routes and isolation.
- Enforce security boundaries with Network Security Groups (NSGs).
- Typical Use Cases:
- Micro-segmentation of workloads.
- Separation of front-end, application, and database tiers.
- Purpose: Connects a VM to a VNet, assigning private and/or public IP addresses.
- Key Capabilities:
- One or multiple NICs per VM (dependent on VM size).
- IP configurations for inbound/outbound traffic.
- Typical Use Cases:
- Assigning multiple IP addresses to different subnets.
- Multi-homing scenarios.
- Purpose: Control inbound and outbound traffic at the subnet or NIC level.
- Key Capabilities:
- Rule-based filtering with priority.
- State-aware inspection of TCP traffic.
- Typical Use Cases:
- Restricting access to specific ports or protocols.
- Filtering traffic at scale for multi-tier applications.
- Purpose: Connect two Azure VNets for direct network traffic flow.
- Key Capabilities:
- Low latency, high-bandwidth interconnection.
- No gateway or public internet traversal.
- Typical Use Cases:
- Merging networks across different regions or subscriptions.
- Multi-team or multi-environment connectivity.
- Purpose: Host DNS domains and manage DNS records in Azure.
- Key Capabilities:
- Internal and external DNS zone hosting.
- Integration with Azure-based services and resources.
- Typical Use Cases:
- Custom domain mapping for public-facing apps.
- Private DNS zones for internal name resolution.
- Purpose: Dedicated private connection from on-premises networks to Azure.
- Key Capabilities:
- Higher security, reliability, and speed than typical VPN.
- Bandwidth options up to 100 Gbps.
- Typical Use Cases:
- High-throughput data replication.
- Enterprise-scale hybrid connections.
- Purpose: Provide gateways for VPN or ExpressRoute connections.
- Key Capabilities:
- Configurable gateway SKUs for different throughput levels.
- Site-to-Site, Point-to-Site, and ExpressRoute gateway options.
- Typical Use Cases:
- Secure VPN tunnels to on-premises resources.
- Hybrid cloud scenarios.
- Purpose: Distribute network traffic across multiple VMs.
- Key Capabilities:
- Layer 4 (TCP/UDP) load balancing.
- High availability and network-level redundancy.
- Typical Use Cases:
- Balancing web server workloads.
- Ensuring high availability for backend services.
- Purpose: Application-level (Layer 7) load balancing and web application firewall (WAF).
- Key Capabilities:
- SSL offloading, session affinity, path-based routing.
- Integrated WAF for security.
- Typical Use Cases:
- Secure, scalable web application hosting.
- Advanced traffic routing rules for microservices.
- Purpose: Global, scalable entry point for web applications with intelligent routing.
- Key Capabilities:
- Layer 7 reverse proxy with edge computing capabilities.
- Global load balancing, caching, SSL offloading.
- Typical Use Cases:
- Distributing traffic across multiple regions.
- Accelerated content delivery with edge POPs.
- Purpose: Securely connect services within Azure over a private endpoint.
- Key Capabilities:
- Private connectivity to Azure PaaS services (e.g., Storage, SQL).
- Eliminates exposure to public internet.
- Typical Use Cases:
- High-security networks with restricted internet access.
- Compliance with strict data governance requirements.
- Purpose: Securely connect to Azure VMs without public IP addresses.
- Key Capabilities:
- Browser-based RDP/SSH over SSL.
- Fully managed PaaS service in the Azure portal.
- Typical Use Cases:
- Remote administration of VMs in a locked-down network.
- Enforcing just-in-time access without exposing RDP/SSH ports publicly.
