Category Archives : Networking

06

Nov

Secure incoming traffic to HDInsight clusters in a virtual network with private endpoint

We are excited to announce the general availability of private endpoint in HDInsight clusters deployed in a virtual network. This feature enables enterprises to better isolate access to their HDInsight clusters from the public internet and enhance their security at the networking layer.

Previously, when customers deployed an HDI cluster in a virtual network, there was only one public endpoint available in the form of https://<CLUSTERNAME>.azurehdinsight.net. This endpoint resolves to a public IP for accessing the cluster. Customers who wanted to restrict the incoming traffic had to use network security group (NSG) rules. Specifically, they had to white-list the IPs of both the HDInsight management traffic as well as the end users who wanted to access the cluster. These end users might have already been located inside the virtual network, but they had to be white-listed to be able to reach the public endpoint. It was hard to identify and white-list these end users’ dynamic IPs, as they would often change.

With the introduction of private endpoint, customers can now use NSG rules to separate access from the public internet and end users that are within the virtual network’s trusted boundary. The virtual network can be extended to the on-premise

Share

24

Sep

Application Gateway Analytics via GoAccess
Application Gateway Analytics via GoAccess

Azure Application Gateway provides an access log for customers that records traffic patterns and useful information, such as caller’s IP, requested URL, return code, and more. These logs can be pushed to Azure Storage and parsed with different tools for analysis such as Azure Log Analytics, Excel, and Power BI. The level of difficulty in setting up and using these mechanisms largely depends on customers’ familiarity and preferences.

Customers need traffic analytics for a variety of scenarios, some of which are:

Live monitoring during an anticipated high traffic event such as a promotional campaign. Debugging and troubleshooting operational issues, including security incidents. Understand who their customers are based on observed traffic (client stats). Understand which parts or URLs of their application are in high demand (top requested URLs). Understand how well their application is performing (failures and latency).

We are pleased to add to the existing Application Gateway traffic analytics toolkit the integration of Application Gateway access logs with the popular open source GoAccess real-time log analyzer framework via a published Azure Quickstart template. This integration gives customers another choice for deriving insights on AppGW traffic flow. GoAccess presents data in a rich dashboard for multiple output formats such as

Share

24

Sep

Announcing public preview of Azure Front Door Services
Announcing public preview of Azure Front Door Services

This blog was co-authored by Sharad Agrawal, Senior Program Manager, Azure Networking

Every day we see you, our customers, pushing the boundaries of availability, performance and scalability. We hear you asking not just for the ability to scale two times, five times, but 10 times and 100 times instantly, without sacrificing performance or security. These same needs arose in Microsoft’s own cloud journey over the last 10 years and led us to build large, enterprise grade network and application infrastructure to solve reliability, scalability, performance and agility problems across Microsoft. Solving these enterprise-grade challenges for both consumer and enterprise services from Bing, Office, Skype, Azure, etc. led to developing unique infrastructure and services, battle-tested by years of constant support for Microsoft’s largest businesses.  

Today, we are excited to bring one of these enterprise-grade services to you as we announce the public preview of our newest addition to the Azure Networking and Azure’s application delivery suite of products, Azure Front Door Service. This service, your application’s new Front Door, is a secure and highly available entry point for delivering your high performance global hyperscale apps.

Front Door provides your web and mobile applications, APIs, and/or cloud services with always-on reliability, high performance,

Share

24

Sep

Azure Networking Fall 2018 update
Azure Networking Fall 2018 update

Announcing: 100 Gbps, fastest connectivity in public cloud and availability of branch connectivity, new cloud native security capabilities and application performance services

As enterprises move ever more demanding mission-critical workloads to the cloud, we strive to provide comprehensive networking services that are easy to deploy, manage, scale, and monitor. Customers continue to ask for better ways to connect to the cloud, better protection of their cloud workloads, optimal application performance delivery, and more comprehensive monitoring services.

In terms of how to Connect, customers have asked for significantly higher bandwidth solutions as they struggle to transit massive amounts of data into the cloud to take advantage of advanced analytics and machine learning. Software Defined Wide Area Networking (SDWAN) holds tremendous promise to reduce costs by intelligently routing more traffic onto the Internet and helping customers better manage connectivity to their branch offices. The concept of the virtual datacenter has taken hold but building such solutions on a global scale remain a challenge. With 54+ Azure regions and more on the way our global network continues to expand to new locations while we increase its overall capacity. Customers have asked us for new ways to take advantage of our global WAN. We

Share

16

Aug

Announcing VNet service endpoints general availability for MySQL and PostgreSQL

This blog post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.

We recently made Azure database services for MySQL and PostgreSQL generally available. These services offer the community versions of MySQL and PostgreSQL with built-in high availability, a 99.99 percent availability SLA, elastic scaling for performance, and industry-leading security and compliance on Azure. Since general availability, we have continued to bring new features and capabilities like increased storage and availability across more regions worldwide.

We are excited to announce the general availability of Virtual Network (VNet) service endpoints for Azure Database for MySQL and PostgreSQL in all regions where the service is available for General Purpose and Memory Optimized servers. Visit region expansion for MySQL and PostgreSQL for service availability. VNet service endpoints enable you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. The traffic to Azure Database for MySQL and/or PostgreSQL from your VNet always stays within the Azure backbone network. Preference for this direct route is over any specific ones that route Internet traffic through virtual appliances or on-premises.

There is no additional billing for virtual network access through service endpoints. The current pricing model for Azure Database for MySQL and PostgreSQL applies as is.

Using

Share

13

Aug

How to enhance HDInsight security with service endpoints
How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to

Share

09

Aug

New locations for Azure CDN now available
New locations for Azure CDN now available

Back in May during Microsoft Build, we made our own Content Delivery Network available to Azure customers. Building on our years of experience scaling enterprise-class services, opening up access to this vast amount of infrastructure previously not accessible to customers was a significant milestone for us. In line with our mission to offer the broadest possible range of choice and options when deploying and scaling your web apps using Azure, Microsoft’s own CDN was a natural expansion supplementing our world class partners Akamai and Verizon.

Azure CDN provides a world class platform to let you reduce load times, save bandwidth, and speed responsiveness across your businesses diverse workflows. Azure CDN from Microsoft enables Azure customers to use and deliver content from the same global CDN network leveraged by Microsoft properties such as Office 365, Skype, Bing, OneDrive, Windows, and Xbox.

Connectivity within Microsoft’s network along with new Regional Caching capabilities enables more consistent, more predictable cache fill performance by providing multi-tier caching along direct, private access to content in Azure from each CDN edge point of presence (POP). Azure CDN from Microsoft entered public preview providing access to 54 global Edge POPs in 33 countries and 16 Regional Cache POPs.

Share

09

Aug

New locations for Azure CDN now available
New locations for Azure CDN now available

Back in May during Microsoft Build, we made our own Content Delivery Network available to Azure customers. Building on our years of experience scaling enterprise-class services, opening up access to this vast amount of infrastructure previously not accessible to customers was a significant milestone for us. In line with our mission to offer the broadest possible range of choice and options when deploying and scaling your web apps using Azure, Microsoft’s own CDN was a natural expansion supplementing our world class partners Akamai and Verizon.

Azure CDN provides a world class platform to let you reduce load times, save bandwidth, and speed responsiveness across your businesses diverse workflows. Azure CDN from Microsoft enables Azure customers to use and deliver content from the same global CDN network leveraged by Microsoft properties such as Office 365, Skype, Bing, OneDrive, Windows, and Xbox.

Connectivity within Microsoft’s network along with new Regional Caching capabilities enables more consistent, more predictable cache fill performance by providing multi-tier caching along direct, private access to content in Azure from each CDN edge point of presence (POP). Azure CDN from Microsoft entered public preview providing access to 54 global Edge POPs in 33 countries and 16 Regional Cache POPs.

Share

26

Jul

How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage:

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to

Share

12

Jul

Announcing public preview of Azure Virtual WAN and Azure Firewall

Networking trends such as SDWAN (Software-Defined Wide Area Network) can improve performance by using path selection polices at the branch offices to send Internet-bound traffic directly to the cloud eliminating the backhaul to select breakout points. This traffic can quickly reach Microsoft’s global backbone network with intelligent routing to provide the best network experience.  However, having all branches directly accessing the Internet introduces new challenges such as managing branch connectivity and uniformly enforcing network and security polices at scale. Further complicating network policy management across all the branch offices is the trend of more employees working remotely with ever stricter security, privacy, and compliance requirements polices that vary by country/region.

Network security plays an important role in protecting users, data and applications. Cloud developers and IT teams struggle to stay ahead of security attacks. Cloud native network security solutions better fit the modern dev ops model of building and deploying applications while taking advantage of the economic and scale benefits of the cloud. Customers need turnkey solutions that are easy to deploy, use, and manage that offer high availability and  automatically scale.

To help customers with these massive modernization efforts, we are announcing Azure Virtual WAN to simplify large-scale

Share