- Helps you optimize application performance & scalability
- Links compute resources and provides access to applications
- Configure & control traffic into and out of Azure efficiently e.g. from on-premises to Azure and vice versa.
- Architecture behind Azure
- Different services/components that sends and receives data from one another
- They have little to no knowledge about other components.
- See also micro-services.
- 💡 Recommended because:
- Can be updated independently: Allows non-breaking changes as long as communication strategy is consistent.
- Allows services to be changed without significant impact to the rest of the system.
- Can be scaled proportionally.
- Scale up/down, out/in only services that are relevant.
- 💡 Take advantage of asynchronous messaging in Azure for communication for scalability.
- Can be used to build loosely coupled architectures.
- Divides an application into two or more logical tiers.
- A higher tier can access services from a lower tier, but a lower tier should never access a higher tier.
- Tiers help separate concerns and are ideally designed to be reusable.
- Simplifies maintenance: Tiers can be updated or replaced independently, and new tiers can be inserted if needed.
- Three-tier refers to an n-tier application that has three e.g.
- Web tier (front-end)
- Application tier (back-end that runs application logic)
- Data tier (database)
- Observe that each tier can access services only from a lower tier.
- Read more
- One or more Azure data centers within a specific geographic location
- E.g. East US, West US, and North Europe
- Enable you to group and isolate related systems
- Logically isolated network on Azure
- Allows Azure resources to securely communicate with • each other • VPNS • the internet • on-premises networks
- ❗ Scoped to a single region
- 💡📝 Virtual networks, subnets, NICs (network interfaces) are free (no $$) resources
- Public IP addresses, reserved IP, network appliances such as VPN Gateway & Application Gateway are charged.
- You choose which networks your virtual network can reach, whether that's the public internet or other networks in the private IP address space.
- A virtual network can be segmented into one or more subnets.
- Help you organize and secure your resources in discrete sections.
- E.g. users interact with the web tier directly, so that VM has a public IP address along with a private IP address.
- Users don't interact with the application or data tiers, so these VMs each have a private IP address only.
- 📝 Also called virtual network gateway
- 📝 Provide a secure connection between an Azure Virtual Network and an on-premises location over the internet.
- 📝 Your on-premises network is represented as Local network gateway object in Azure.
- E.g. enables you to keep your data tiers in on-premises network, and web tier in cloud.
- Azure manages the physical hardware for you, virtual networks & gateways are configured through software.
- 📝❗ Must be deployed in a subnet called gateway subnet.
- 📝 Control what traffic can flow through a virtual network.
- Allows or denies inbound network traffic to your Azure resources.
- Can be thought as a cloud-level firewall for your network.
- E.g. web tier allows inbound traffic on ports 22 (SSH) and 80 (HTTP).
- Port 22 enables you to connect directly to Linux systems over SSH.
- You might configure VPN access to your virtual network to increase security.
- Port 22 enables you to connect directly to Linux systems over SSH.
- 💡 Configure a NSG to accept traffic only from known sources, such as IP addresses that you trust.
- Azure ExpressRoute
- Connects to Azure over high-bandwidth dedicated secure connections
- Azure Network Watcher
- Monitors and diagnoses network issues using scenario-based analysis
- Azure Virtual WAN
- Creates a unified wide area network (WAN), connecting local and remote sites
- Network protection services: • Azure DDoS Protection • Azure Firewall