Category Archives : Networking

16

Aug

Announcing VNet service endpoints general availability for MySQL and PostgreSQL

This blog post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.

We recently made Azure database services for MySQL and PostgreSQL generally available. These services offer the community versions of MySQL and PostgreSQL with built-in high availability, a 99.99 percent availability SLA, elastic scaling for performance, and industry-leading security and compliance on Azure. Since general availability, we have continued to bring new features and capabilities like increased storage and availability across more regions worldwide.

We are excited to announce the general availability of Virtual Network (VNet) service endpoints for Azure Database for MySQL and PostgreSQL in all regions where the service is available for General Purpose and Memory Optimized servers. Visit region expansion for MySQL and PostgreSQL for service availability. VNet service endpoints enable you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. The traffic to Azure Database for MySQL and/or PostgreSQL from your VNet always stays within the Azure backbone network. Preference for this direct route is over any specific ones that route Internet traffic through virtual appliances or on-premises.

There is no additional billing for virtual network access through service endpoints. The current pricing model for Azure Database for MySQL and PostgreSQL applies as is.

Using

13

Aug

How to enhance HDInsight security with service endpoints
How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to

09

Aug

New locations for Azure CDN now available
New locations for Azure CDN now available

Back in May during Microsoft Build, we made our own Content Delivery Network available to Azure customers. Building on our years of experience scaling enterprise-class services, opening up access to this vast amount of infrastructure previously not accessible to customers was a significant milestone for us. In line with our mission to offer the broadest possible range of choice and options when deploying and scaling your web apps using Azure, Microsoft’s own CDN was a natural expansion supplementing our world class partners Akamai and Verizon.

Azure CDN provides a world class platform to let you reduce load times, save bandwidth, and speed responsiveness across your businesses diverse workflows. Azure CDN from Microsoft enables Azure customers to use and deliver content from the same global CDN network leveraged by Microsoft properties such as Office 365, Skype, Bing, OneDrive, Windows, and Xbox.

Connectivity within Microsoft’s network along with new Regional Caching capabilities enables more consistent, more predictable cache fill performance by providing multi-tier caching along direct, private access to content in Azure from each CDN edge point of presence (POP). Azure CDN from Microsoft entered public preview providing access to 54 global Edge POPs in 33 countries and 16 Regional Cache POPs.

09

Aug

New locations for Azure CDN now available
New locations for Azure CDN now available

Back in May during Microsoft Build, we made our own Content Delivery Network available to Azure customers. Building on our years of experience scaling enterprise-class services, opening up access to this vast amount of infrastructure previously not accessible to customers was a significant milestone for us. In line with our mission to offer the broadest possible range of choice and options when deploying and scaling your web apps using Azure, Microsoft’s own CDN was a natural expansion supplementing our world class partners Akamai and Verizon.

Azure CDN provides a world class platform to let you reduce load times, save bandwidth, and speed responsiveness across your businesses diverse workflows. Azure CDN from Microsoft enables Azure customers to use and deliver content from the same global CDN network leveraged by Microsoft properties such as Office 365, Skype, Bing, OneDrive, Windows, and Xbox.

Connectivity within Microsoft’s network along with new Regional Caching capabilities enables more consistent, more predictable cache fill performance by providing multi-tier caching along direct, private access to content in Azure from each CDN edge point of presence (POP). Azure CDN from Microsoft entered public preview providing access to 54 global Edge POPs in 33 countries and 16 Regional Cache POPs.

26

Jul

How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage:

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to

12

Jul

Announcing public preview of Azure Virtual WAN and Azure Firewall

Networking trends such as SDWAN (Software-Defined Wide Area Network) can improve performance by using path selection polices at the branch offices to send Internet-bound traffic directly to the cloud eliminating the backhaul to select breakout points. This traffic can quickly reach Microsoft’s global backbone network with intelligent routing to provide the best network experience.  However, having all branches directly accessing the Internet introduces new challenges such as managing branch connectivity and uniformly enforcing network and security polices at scale. Further complicating network policy management across all the branch offices is the trend of more employees working remotely with ever stricter security, privacy, and compliance requirements polices that vary by country/region.

Network security plays an important role in protecting users, data and applications. Cloud developers and IT teams struggle to stay ahead of security attacks. Cloud native network security solutions better fit the modern dev ops model of building and deploying applications while taking advantage of the economic and scale benefits of the cloud. Customers need turnkey solutions that are easy to deploy, use, and manage that offer high availability and  automatically scale.

To help customers with these massive modernization efforts, we are announcing Azure Virtual WAN to simplify large-scale

03

Jul

Network Performance Monitor is now generally available in UK South region

Network Performance Monitor (NPM) – a cloud-based network monitoring solution for cloud-only, on-premises, and hybrid networking environments, is now generally available in the UK South region.

Customers in this region can now use various capabilities of NPM, such as:

Performance Monitor to monitor connectivity between various locations on the network, visualize the health of all paths on the network, and troubleshoot issues. The Network State Recorder feature allows for the debugging of transient network issues that may have occurred in the past. ExpressRoute Monitor to monitor the availability of ExpressRoute circuits. The health of end to end connectivity, spanning on-premises locations, service provider network (ExpressRoute circuit), and one or more VNETs in Azure can be monitored. Recent additions enable monitoring of Microsoft peering, i.e., connectivity to Office 365, Dynamics, SharePoint, and other productivity services. Service Connectivity Monitor to monitor network connectivity to web based (SaaS and internal line of business) applications and URIs from various locations. The Service Connectivity Monitor correlates application responsiveness with network performance and helps determine if the poor application experience is impacted by network issues.

Chart of application response time and network latency. Significant variation in network latency (represented by the orange line) at noon,

03

Jul

Network Performance Monitor is now generally available in UK South region

Network Performance Monitor (NPM) – a cloud-based network monitoring solution for cloud-only, on-premises, and hybrid networking environments, is now generally available in the UK South region.

Customers in this region can now use various capabilities of NPM, such as:

Performance Monitor to monitor connectivity between various locations on the network, visualize the health of all paths on the network, and troubleshoot issues. The Network State Recorder feature allows for the debugging of transient network issues that may have occurred in the past. ExpressRoute Monitor to monitor the availability of ExpressRoute circuits. The health of end to end connectivity, spanning on-premises locations, service provider network (ExpressRoute circuit), and one or more VNETs in Azure can be monitored. Recent additions enable monitoring of Microsoft peering, i.e., connectivity to Office 365, Dynamics, SharePoint, and other productivity services. Service Connectivity Monitor to monitor network connectivity to web based (SaaS and internal line of business) applications and URIs from various locations. The Service Connectivity Monitor correlates application responsiveness with network performance and helps determine if the poor application experience is impacted by network issues.

Chart of application response time and network latency. Significant variation in network latency (represented by the orange line) at noon,

26

Jun

New zone-redundant VPN and ExpressRoute gateways now in public preview

As with all of Azure, we are continuously innovating, upgrading, and refining our virtual network gateways to further increase reliability and availability.

Today, we are sharing the public preview of zone-redundant VPN Gateway and ExpressRoute virtual network gateways. By adding support for Azure Availability Zones, we bring increased resiliency, scalability, and higher availability to virtual network gateways.

You can now deploy VPN and ExpressRoute gateways in Azure Availability Zones. This physically and logically separates them into different Availability Zones protecting your on-premises network connectivity to Azure from zone-level failures. Additionally, we have made fundamental performance improvements including reducing the deployment time to create a virtual network gateway.

To automatically deploy your virtual network gateways across availability zones, you can use zone-redundant virtual network gateways.

Zone-redundant virtual network gateways use specific new gateway SKUs for VPN Gateway and ExpressRoute. To begin using zone-redundant, you can self-enroll your subscription in the public preview. Once you enroll, you will start seeing the new gateway SKUs in all the Azure Availability Zone regions. See the getting started guide for steps to self-enroll, to view information about the new gateway SKUs, and for configuration information.

The new gateway SKUs also support other deployment options

26

Jun

New zone-redundant VPN and ExpressRoute gateways now in public preview

As with all of Azure, we are continuously innovating, upgrading, and refining our virtual network gateways to further increase reliability and availability.

Today, we are sharing the public preview of zone-redundant VPN Gateway and ExpressRoute virtual network gateways. By adding support for Azure Availability Zones, we bring increased resiliency, scalability, and higher availability to virtual network gateways.

You can now deploy VPN and ExpressRoute gateways in Azure Availability Zones. This physically and logically separates them into different Availability Zones protecting your on-premises network connectivity to Azure from zone-level failures. Additionally, we have made fundamental performance improvements including reducing the deployment time to create a virtual network gateway.

To automatically deploy your virtual network gateways across availability zones, you can use zone-redundant virtual network gateways.

Zone-redundant virtual network gateways use specific new gateway SKUs for VPN Gateway and ExpressRoute. To begin using zone-redundant, you can self-enroll your subscription in the public preview. Once you enroll, you will start seeing the new gateway SKUs in all the Azure Availability Zone regions. See the getting started guide for steps to self-enroll, to view information about the new gateway SKUs, and for configuration information.

The new gateway SKUs also support other deployment options