We are always looking for ways to improve the customer experience and allow our partners to complement our offerings. In support of these efforts we are sharing the Azure Networking Managed Service Provider (MSP) program along with partners that deliver value added managed cloud network services to help enterprise customers connect, operationalize, and scale their mission critical applications running in Azure.
Azure Networking MSP Partner Program enables partners such as networking focused MSPs, network carriers, and systems integrators (SIs) to use their rich networking experience to offer cloud and hybrid networking services around Azure’s growing portfolio of Azure Networking products and services.
Azure’s Networking services are fundamental building blocks critical to cloud migration, optimal connectivity, and security of applications. New networking services such as Virtual WAN, ExpressRoute, Azure Firewall, and Azure Front Door further enrich this portfolio allowing customers to deploy richer applications in the cloud. The Networking MSP partners can help customers deploy and manage Azure Networking services.
Azure Networking MSPs
Azure MSPs play a critical role in enterprise cloud transformation by bringing their deep knowledge and real-world experience to help enterprise customers migrate to Azure. Azure MSPs and the Azure Expert MSP program make it easy for customers
This post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.
Today we are happy to share several key Azure Firewall capabilities as well as update on recent important releases into general availability (GA) and preview.
Multiple public IPs soon to be generally available Availability Zones now generally available SQL FQDN filtering now in preview Azure HDInsight (HDI) FQDN tag now in preview Central management using partner solutions
Azure Firewall is a cloud native firewall-as-a-service offering which enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.
Multiple public IPs soon to be generally available
You can now associate up to 100 public IP addresses with your firewall. This enables the following scenarios:
DNAT – You can translate multiple standard port instances to your backend servers. For example, if you have two public IP addresses, you can translate TCP port 3389 (RDP) for both IP addresses. SNAT – Additional ports are available for outbound SNAT connections, reducing
For many customers around the world, securely connecting from the outside to workloads and virtual machines on private networks can be challenging. Exposing virtual machines to the public Internet to enable connectivity through Remote Desktop Protocol (RDP) and Secure Shell (SSH), increases the perimeter, rendering your critical networks and attached virtual machines more open and harder to manage.
RDP and SSH are both a fundamental approach through which customers connect to their Azure workloads. To connect to their virtual machines, most customers either expose their virtual machines to the public Internet or deploy a bastion host, such as jump-server or jump-boxes.
So today, I’m excited to announce the preview of Azure Bastion.
Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). This is completed without any exposure of the public IPs on your virtual machines. Azure Bastion provisions directly in your Azure Virtual Network, providing bastion host or jump server as-a-service and integrated connectivity to all virtual machines in your virtual networking using RDP/SSH directly from and through your browser and the Azure portal experience. This can be executed with just two clicks and
We recently released Azure Application Gateway V2 and Web Application Firewall (WAF) V2. These SKUs are named Standard_v2 and WAF_v2 respectively and are fully supported with a 99.95% SLA. The new SKUs offer significant improvements and additional capabilities to customers:
Autoscaling allows elasticity for your application by scaling the application gateway as needed based on your application’s traffic pattern. You no longer need to run application gateway at peak provisioned capacity, thus significantly saving on the cost. Zone redundancy enables your application gateway to survive zonal failures, offering better resilience to your application Static VIP feature ensures that your endpoint address will not change over its lifecycle Header Rewrite allows you to add, remove or update HTTP request and response headers on your application gateway, thus enabling various scenarios such as HSTS support, securing cookies, changing cache controls etc. without the need to touch your application code. Faster provisioning and configuration update time Improved performance for your application gateway helps reduce overall cost
We highly recommend that customers use the V2 SKUs instead of the V1 SKU for new applications/workloads.
Customers who have existing applications behind the V1 SKUs of Application Gateway/WAF should also consider migrating to the V2
This post was co-authored by Andy Randall, VP of Business Development, Kinvolk Gmbh
We are pleased to share the availability of Calico Network Policies in Azure Kubernetes Service (AKS). Calico policies lets you define filtering rules to control flow of traffic to and from Kubernetes pods. In this blog post, we will explore in more technical detail the engineering work that went into enabling Azure Kubernetes Service to work with a combination of Azure CNI for networking and Calico for network policy.
First, some background. Simplifying somewhat, there are three parts to container networking:
Allocating an IP address to each container as it’s created, this is IP address management or IPAM. Routing the packets between container endpoints, which in turn splits into: Routing from host to host (inter-node routing). Routing within the host between the external network interface and the container, as well as routing between containers on the same host (intra-node routing). Ensuring that packets that should not be allowed are blocked (network policy).
Typically, a single network plug-in technology addresses all these aspects. However, the open API used by Kubernetes Container Network Interface (CNI), actually allows
We are pleased to share the capability to rewrite HTTP headers in Azure Application Gateway. With this, you can add, remove, or update HTTP request and response headers while the request and response packets move between the client and backend application. You can also add conditions to ensure that the headers you specify are rewritten only when the conditions are met. The capability also supports several server variables which help store additional information about the requests and responses, thereby enabling you to make powerful rewrite rules.
Figure 1: Application Gateway removing the port information from the X-Forwarded-For header in the request and modifying the Location header in the response.
Rewriting the headers helps you accomplish several important scenarios. Some of the common use cases are mentioned below.
Remove port information from the X-Forwarded-For header
Application gateway inserts X-Forwarded-For header to all requests before it forwards the requests to the backend. The format of this header is a comma-separated list of IP:Port. However, there may be scenarios where the backend applications require the header to contain only the IP addresses. One such scenario is when the backend application is a Content Management System (CMS) because most CMS are not able
Every internet facing web application, whether serving a large audience or a small set of users in a single region, is by default a global application. Whether you are running a large news website with millions of users across the globe, running a B2B application for managing your sales channels or a local pastry shop in a city – your users are distributed/roaming across multiple locations, or your application demands deployment into multiple locations for high availability or disaster recovery scenarios. As a global application, your distributed users and/or application deployments place demands on you to maximize performance for your end users and ensure the application is always-on across failures and attacks.
Today I am excited to announce the general availability of Azure Front Door Service (AFD) which we launched in preview last year – a scalable and secure entry point for fast delivery of your global applications. AFD is your one stop solution for your global website/application and provides:
Application and API acceleration with anycast and using Microsoft’s massive private global network to directly connect to your Azure deployed backends means your app runs with lower latency and higher throughput to your end users. Global HTTP load balancing enables
Azure Front Door, ExpressRoute Direct and Global Reach now generally available
Today I’m excited to announce the availability of innovative and industry leading Azure services that will help the attendees of NAB realize their future vision to deliver for their audiences – Azure Front Door Service (AFD), ExpressRoute Direct and Global Reach, as well as some cool new additions to both AFD and our Content Delivery Network (CDN).
This coming week, Microsoft will be at NAB Show 2019 in Las Vegas, bringing together an industry centered centered on the ablity to deliver richer content experiences or audienes around the word. The media and entertainment industry will gather together for an in-depth view of the current, as well as the future of media technology and innovation, showcasing new and innovative cloud services to optimize and scale rich content experiences.
Bringing the media industry to the cloud has a tremendous impact on the entire content workflow; from production, post, delivery and IT operations, cloud services enable companies to scale their ability to innovate, create, and bring more content to market. This transformation however starts somewhere else; it starts with the most critical piece, which is the users or consumers of services.
You have a great web application, and users from all over the world love it. Well, so do malicious attackers. Cyber-attacks grow each year in frequency and sophistication, and being unprotected against them exposes you to the risks of service interruptions, data loss, and tarnished reputation.
We have heard from many of you that security is a top priority when moving web applications onto the cloud. Today, we are very excited to announce our public preview of the Web Application Firewall (WAF) for the Azure Front Door service. By combining the global application and content delivery network with natively integrated WAF engine, we now offer a highly available platform helping you deliver your web applications to the world, secure and fast!
WAF with Front Door service leverages the scale of and the deep security investments we have made at the Azure edge, and it is designed to protect you from multiple attack vectors such as injection type attacks and volumetric DoS attacks. It inspects each incoming request at Azure’s network edge, stops unwanted traffic before they enter your backend servers, and offers protection at scale without sacrificing on performance. With WAF for Front Door, you have the option to fine