AZ-305 – Microsoft Azure Solutions Architect Expert- Design a Networking Strategy Part 2

3. Virtual WAN Networking Topology

So another type of network architecture we have to be aware of for this exam is the virtual Wan. Now, wide area networks or WANs, have been around for decades. I can remember them back in the earliest days of my career in technology. The idea here is that you have several offices, several completely separate geographic locations, and you need to interconnect them, need users in one office to be able to communicate privately and seamlessly to users in the other access files. Those networks need to be connected. Now, traditionally you may have purchased a high speed connection, a direct connection between your offices. Paid a lot of money for that.

Then came along the idea of the Win, which is again another type of hub and spoke, if you think about it, where you’ve got in this particular case, Microsoft Azure being the hub and all of the networks in your other locations as being the spokes. So if somebody in your headquarters needs to access a file that happens to live within your branch network, it goes and accesses the hub, which in this case is Microsoft Azure. And the request can be directed down to the spoke. So this diagram very much shows a hub and spoke type architecture. But instead of it being virtual networks that we saw in the hub and spoke video, the last couple of videos, what you have are complete Office networks.

So it is possible to set up a wide area network within Microsoft Azure, which would eliminate the need for you to have separate private communication channels between your branches, if that’s the way you wanted to go with that. So that’s called a Win, and there’s going to basically be a separate type of Win device that you would install on a network that can allow all of this connectivity to happen. So this is a hobby spoke network, but if you wanted to set it up using a Wan device, wan is specifically a Microsoft cloud managed service. And so you can basically install the Wan device within Azure. And you can have several types of devices that connect to the Wan device. To set up this network for your headquarters, you may want to install the Express route, which is a very high speed dedicated connection for the branches. It might just be a site to site VPN, which requires a VPN gateway device on those locations, but can travel over the public Internet. So it doesn’t have to be private connections, but if you use the right device, it’ll be encrypted and secure.

What you care about, obviously it’s being fast, you can see here, even in the diagram, remote users work from Home is a big trend. You can have your Point to Site VPN instead of connecting to specific branches. You can connect into Azure using your point to Site VPN. And you’re part of the same network that has access to the branches and to the headquarters as well. So the wan device is what enables this type of architecture in this particular setup. Now, this might not make sense globally, right? If you have your virtual Wan device installed in the US region, if your branch offices are in Asia or in Europe or in Australia, that might be a latency of a connection that might be too far. And so the next concept is the Virtual Wan hub, where you’ve got your hubs installed in multiple locations and you’ve got within Azure hub to hub connectivity that allows you to have basically two wands that are connected to each other. So that’s another type of network architecture.

Instead of having one centralized Wan, you’ve got Win hubs. So you can find all this in the Azure Portal, in the marketplace if you do a search for when now there’s a lot of different Wan devices. Of course, this is technology that’s been around for, like I said, decades. But if you do a search for Microsoft Virtual Wan, you’ll find the Microsoft edition. And so it’s just a matter of going through and setting up this device onto your Azure subscription. And then you can then hook it up into your express route into virtual site to site networks, etc.

4. Azure Public DNS

So in this video, we’re going to talk about domain name services. And the two Microsoft provided services that are relevant are the Azure DNS service and the private DNS service. Did a search in the marketplace for DNS and I filtered it based on Microsoft publisher. So basically, we have a public facing DNS. In a private DNS, I’ll talk about the differences between them. Now, if you don’t know, a domain name service is the service on the Internet that can turn a domain name into an IP address. So if you type in MyDomain. com, there is a server out there who claims to be the authority on that domain name. And then it’s able to return an IP address so that your computer can then go and directly open a connection with that web server over port 80. So Microsoft does have this service. It’s called the public DNS or Azure DNS. Now, this is a very basic DNS service.

So if I had my own private domain name that I’ve registered, then I’m able to go allow Microsoft Azure to manage it. From there, I can use any of my public facing IP addresses and assign those two domains. So if you have a virtual machine and it has a public IP address, we know that you can create a fully qualified domain name on an IP address. Actually, I can show that to you. If we look for IP public IP addresses in the Hub and spoke model, I created one, at least two of them. And you can see here that it’s got a public facing IP address, but it doesn’t have a name associated with it in this case. So what I can do is I can give it a name. So I can call this bastion IP or my bastion IP. And you’ll see that it’s got this fully qualified centralus cloud app, Azure. com. And the green checkmark means it’s available. So this is a domain name, but let’s say you don’t want your service to have such a domain name. It’s very difficult to remember and it may not be something you want associated with your company. So how do you create your own domain name?

Well, you can register a domain and then you can go into the Azure DNS service and you can basically allow Azure to manage the domain. And what it will do is you’ll be able to manage the domain that you registered to direct traffic to this IP address. And you’d have to set this up specifically. It wouldn’t work unless you go in here and tell the Azure DNS that this is the IP address. So that’s basically the gist of what public DNS services are. Now, your registrar would have it. There are some public DNS companies that will provide the service to you. And again, Microsoft Azure provides the service. What it doesn’t provide is the ability to register domain names. There’s no domain registry in Azure. So you’re going to have to go to your own domain, register to register it, and then allow Azure DNS to manage the domain using their name services. And you would set that up in the Azure DNS public DNS. So let’s go to Azure DNS. And you can see there’s many companies that provide DNS servers. This is a third option, is basically running your own DNS server, obviously.

So you got the Azure created services, and then you can also just get your own virtual machine. You can see that there are costs sometimes associated with that. So we can create our own DNS service and then we can then tell it that the domain name what we want to manage. So you’ll see that I can define a location for it and the zone is actually your domain. So I am basically telling Microsoft that they can go and manage the domain for my website@cloudskills. com. Now, this doesn’t take effect until I go to the domain registry and use the Azure Name Services. So even just doing this isn’t going to change anything until I go to my registry and set that up. Now, we won’t do that for now. We’re going to switch over to the next video and talk about the concept of the private DNS.

5. Azure Private DNS

Now the private DNS zone on the other hand, is actually pretty interesting. It is a DNS service only accessible to your Azure resources. And so instead of it being a domain name that you go and register with a registrar and anyone in the world can use that domain name. What we’re doing with a private DNS is effectively giving names to IP addresses that are private IP addresses. And so what you can end up doing is having, let’s say you’ve got two back end servers.

One is a database server, one is an application server. Neither of them are available on the public Internet. You do not want traffic traveling from the public Internet to your database server, but you still don’t necessarily want to hard code the IP address to the database server. You could move it at any time. You could upgrade it at some point in the future. You can see that private IP address going away. And so what you then do is you have a private DNS zone and then you can give a label to your database server. Let’s call it database local. And then you can use the label on any of your virtual machines and not have to rely on hard coding the private IP address anywhere within your network. So showing me here that by calling something local, there are some historical multicast things that might have an interference with.

But this is pretty much the standard. So you could have development local, production local, staging local. We can put this in central US. So we can create a private DNS zone. Call it or call it my server local. And then you can have database myserver local production myserver local like one DNS zone that is set up to handle all your internal private DNS needs. And so this is actually pretty cool. And what you end up doing is linking virtual networks to your private DNS zone. And so again, the virtual network takes care of resolving the name to a private IP address. And again, it’s not publicly accessible. This does not leave azure. This does not leave your subscription. It’s private just for your resources. And I think that’s pretty cool.

• Category: Uncategorized