Azure Networking Enhancements Announced at Ignite

Azure networking improvements were announced by Microsoft as part of its Ignite Conference being held this week.

The existing Azure Front Door product has new Standard and Premium products at preview, and Azure Firewall has a Premium product at preview, as described earlier. VMware's software-defined (SD) WAN is getting integrated with Microsoft's Virtual WAN. Azure Public IPs now can span multiple regions.

These topics were part of my Friday phone chat with Sinead O'Donovan, director of program management for Azure Networking. You can hear her speak about Azure Front Door and Azure Firewall in this Feb. 18 Microsoft presentation (sign-up required). More about Azure Networking can be heard in the "What's New with Microsoft Azure Infrastructure" Ignite session, hosted by Erin Chapple, corporate vice president of product for Azure Compute.

DevOps for the Cloud
Networking is a traditional IT skill, but it's the DevOps skills that get favored with cloud services.

"It really is actually the developer who does most of the config work," O'Donovan said regarding the cloud. "Developers are having to get more familiar with networking, and that's why we do a lot of investments in software-defined networking. Everything is API driven, everything is infrastructure as code, and fitting into the DevOps model."

The Internet as the Corporate Network
Wide area networks (WANs) are another area where things are getting defined in software, another shift enabled by the cloud.

"A second element of the transition is the actual network that connects users, devices, branch offices and datacenters, where the Internet can be used to transform your corporate network," O'Donovan said. "And that's where SD-WAN and mobile user connectivity comes into play. With the cloud-delivered model, your corporate network becomes a virtual overlay network that sits on a combination of the cloud and last-mile Internet, and that's why we call our service Azure Virtual WAN."  

Azure ExpressRoute is another Microsoft service that comes into play for organizations wanting to establish high-speed private links, apart from public Internet connections, if wanted.

Securing Apps with Azure Front Door
Azure Front Door, with new Standard and Premium product offerings at the preview stage, is Microsoft's content delivery network (CDN) solution that also helps with both application delivery and security. Microsoft uses it for its Office 365 and Xbox services. It serves as a "global load balancer" for apps.

"Azure Front Door is a secure cloud CDN and global load balancer," O'Donovan said. "It has a set of built-in security protections such as WAF [Azure Web Application Firewall], bot and API protections. It sits in front of your applications on the Internet. It manages your certificates, performs SSL termination, runs various threat protection capabilities and routes traffic to your back end."

Microsoft offers the Azure Front Door service worldwide.

"It runs in a dedicated, private, software-defined WAN that spans the globe with network POPs [points of presence] all over the world -- 180 of them -- and it terminates SSL close to the user, so it can accelerate the user experience," O'Donovan added. "It does both static and dynamic caching, minimizing the impact on the origin. You can take a lot of the load off your origin by leveraging Azure Front Door at the network edge."

Microsoft's success story with Azure Front Door is the company LinkedIn (which Microsoft owns). LinkedIn had its own home-grown equivalent of Azure Front Door that required dozens of people to maintain, until they switched to Microsoft's solution. As a result, LinkedIn got "user experience improvements of 30 percent on page load times," without all of the upfront capital expenditures O'Donovan said.

Azure Front Door Premium also has support for Azure Private Link, which removes the need for the application origin to be on the Internet. It can use Azure Storage or Azure Apps Services instead.

"One of the new things that's huge as part of our zero trust story is that customers want the least amount of resources on the Internet," O'Donovan explained regarding Azure Private Link. "So if the whole app back end doesn't need to be on the Internet, that's ideal. Don't give it a public IP. Azure Private Link is a key addition to Azure Front Door."

Azure Firewall Premium Preview
Microsoft also last month announced Azure Firewall Premium at the preview stage. It adds intrusion detection and prevention systems (IDPS), Web Categories, SSL termination and URL filtering over an organization's inbound and outbound traffic.

"Most resources have some need to reach out to the Internet to get different things, such as code updates from GitHub, or Windows updates," O'Donovan said. "Organizations want to have those back-end resources reach out, and so they're using Azure Firewall, primarily as the control point for that. We're also really excited now to have intrusion detection and prevention systems (IDPS) and to support SSL/TLS termination and also to support Web Categories, which give you a more complete security story for this new kind of paradigm."

Azure Public IP Solutions
Microsoft announced at Ignite that it's possible to upgrade a Basic Public Load Balancer to a Standard Public Load Balancer and retain the same IP address. In addition, a public IP address can now span multiple Azure regions, O'Donovan said.

"Now you can have a public IP that spans multiple regions, and we call that a 'global VIP,'" O'Donovan said. "We've added another capability where people can now move their Basic Load Balancer to a Standard Load Balancer without changing the IP, so we're continuing to enhance the software-defined networking pieces."

SD-WAN Integration and Virtual WAN Support
Microsoft announced during Ignite that its Azure Virtual WAN service is now integrated with VMware's software-defined WAN. It's an addition on top of Cisco's SD-WAN, Barracuda's and other SD-WAN providers, O'Donovan noted.

In addition, Microsoft released a preview of a solution called "Virtual WAN Remote User VPN Features." It permits "100,000 remote users to connect to a Virtual WAN hub in a region." Previously, just 10,000 remote user connections were supported per region per hub.

"If you think about the 60-plus global Azure regions, then when you've got 100,000 users in a region it means that we can support a lot of users now in Virtual WAN," O'Donovan explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube