Category Archives : Networking



Running SD-WAN virtual appliances natively in Azure Virtual WAN

Today we’re announcing the preview of the new ability to deploy and run third-party Network Virtual Appliances such as SD-WAN natively within the Azure Virtual WAN hubs.

As enterprises increasingly adopt the cloud while reducing their costs, IT teams looking to consolidate, accelerate, or even revamp connectivity models should consider Azure Virtual WAN. Modern enterprises require ubiquitous connectivity between hyper-distributed applications, data, and users across the cloud and on-premises.

Since we announced automated and integrated transit capabilities with Azure Virtual WAN as the first in the public cloud back in 2018, the interest to take advantage of Azure when building or re-architecting branch networks for the cloud has grown fast.

Azure Virtual WAN provides a service architecture to take full advantage of Microsoft’s fast global network. Virtual WAN makes it easy to connect Virtual Networks (VNets), Azure ExpressRoute, VPN, and now SD-WAN in “virtual hubs.” The connectivity agnostic approach allows full transit between branches, sites, mobile users, and services using Azure’s global infrastructure.


Barracuda is the first Virtual WAN partner to bring the advantage of this deep integration allowing customers to take advantage of SD-WAN (Software-Defined Wide Area Network) to improve performance while taking advantage of existing investments




Introducing Azure Load Balancer insights using Azure Monitor for Networks

We are excited to announce that Azure Load Balancer customers now have instant access to a packaged solution for health monitoring and configuration analysis. Built as part of Azure Monitor for Networks, customers now have topological maps for all their Load Balancer configurations and health dashboards for their Standard Load Balancers preconfigured with relevant metrics.

Through this, you have a window into the health and configuration of your networks, enabling rapid fault localization and informed design decisions. You can access this through the Insights blade of each Load Balancer resource and Azure Monitor for Networks, a central hub that provides access to health and connectivity monitoring for all your network resources.

Visualize functional dependencies

The functional dependency view will enable you to picture even the most complex load balancer setups. With visual feedback on Load Balancing rules, Inbound NAT rules, and backend pool resources, you can make updates while keeping a complete picture of your configuration in mind.

For Standard Load Balancers, your backend pool resources are color-coded with Health Probe status empowering you to visualize the current availability of your network to serve traffic. Alongside the above topology you are presented with a time-wise graph of health status,




Streamline connectivity and improve efficiency for remote work using Azure Virtual WAN

Today, we see a huge shift to remote work due to the global pandemic. Organizations around the world need to enable more of their employees to work remotely. We are working to address common infrastructure challenges businesses face when helping remote employees stay connected at scale.

A common operational challenge is to seamlessly connect remote users to on-premises resources. Even within Microsoft, we’ve seen our typical remote access of roughly 55,000 employees spike to as high as 128,000 employees while we’re working to protect our staff and communities during the global pandemic. Traditionally, you planned for increased user capacity, deployed additional on-premises connectivity resources, and had time to re-arrange routing infrastructure to meet organization transit connectivity and security requirements. Today’s dynamic environment demands rapid enablement of remote connectivity. Azure Virtual WAN supports multiple scenarios providing large scale connectivity and security in a few clicks.

Azure Virtual WAN provides network and security in a unified framework. Typically deployed with a hub and spoke topology, the Azure Virtual WAN architecture enables scenarios such as:

Branch connectivity via connectivity automation provided by Virtual WAN VPN/SD-WAN partners. IPsec VPN connectivity. Remote User VPN (Point-to-Site) connectivity. Private (ExpressRoute) connectivity. Intra cloud connectivity (transitive connectivity for




Rules Engine for Azure Front Door and Azure CDN is now generally available

Today we are announcing the general availability of the Rules Engine feature on both Azure Front Door and Azure Content Delivery Network (CDN). Rules Engine places the specific routing needs of your customers at the forefront of Azure’s global application delivery services, giving you more control in how you define and enforce what content gets served from where. Both services offer customers the ability to deliver content fast and securely using Azure’s best-in-class network. We have learned a lot from our customers during the preview and look forward to sharing the latest updates going into general availability.

How Rules Engine works

We recently talked about how we are building and evolving the architecture and design of Azure Front Door Rules Engine. The Rules Engine implementation for Content Delivery Network follows a similar design. However, rather than creating groups of rules in Rules Engine Configurations, all rules are created and applied to each Content Delivery Network endpoint. Content Delivery Network Rules Engine also boasts the concept of a global rule which acts as a default rule for each endpoint that always triggers its action.

General availability capabilities

Azure Front Door

The most important feedback we heard during the Azure Front Door




Announcing Azure Front Door Rules Engine in preview

Starting today, customers of Azure Front Door (AFD) can take advantage of new rules to further customize their AFD behavior to best meet the needs of their customers. These rules bring the specific routing needs of your customers to the forefront of application delivery on Azure Front Door, giving you more control in how you define and enforce what content gets served from where.

Azure Front Door provides Azure customers the ability to deliver content fast and securely using Azure’s best-in-class network. We’ve heard from customers how important it is to have the ability to customize the behavior of your web application service, and we’re excited to announce Rules Engine, a new functionality on Azure Front Door, in preview today. Rules Engine is for all current and new Azure Front Door customers but is particularly important for customers looking to streamline security and content delivery at the edge.

New scenarios in Azure Front Door

Rules Engine allows you to specify how HTTP requests are handled at the edge.

The malleable nature of Rules Engine makes it the ideal solution to address legacy application migrations, where you don’t want to worry about users accessing old applications or not knowing how to




Use Azure Firewall for secure and cost-effective Windows Virtual Desktop protection

This post was co-authored by Pavithra Thiruvengadam, Program Manager, Windows Virtual Desktop

Work from home policies require many IT organizations to address fundamental changes in capacity, network, security, and governance. Many employees aren’t protected by the layered security policies associated with on-premises services while working from home. Virtual desktop infrastructure (VDI) deployments on Azure can help organizations rapidly respond to this changing environment.  However, you need a way to protect inbound or outbound internet access to and from these VDI deployments.

Windows Virtual Desktop is a comprehensive desktop and application virtualization service running in Azure. It’s the only VDI that delivers simplified management, multi-session Windows 10, and optimizations for Office 365. You can deploy and scale your Windows desktops and apps on Azure in minutes and get built-in security and compliance features. In this post, we explore how to use Azure Firewall for secure and cost-effective Windows Virtual Desktop protection.

Windows Virtual Desktop components

The Windows Virtual Desktop service is delivered in a shared responsibility model:

Customer-managed RD clients connect to Windows desktops and applications from their favorite client device from anywhere on the internet. Microsoft-managed Azure service handles connections between RD clients and Windows Virtual Machines in Azure




How Azure VPN helps organizations scale remote work
How Azure VPN helps organizations scale remote work

In the weeks and months we have all been grappling with the global pandemic, there’s no doubt about the impact it has had on the lives of people everywhere. A shift to remote work is one of the widespread effects of the global pandemic, and we heard from organizations around the world who are looking for ways to enable more of their employees to work remotely for their safety and that of the community. With this shift, we’re working to address common infrastructure challenges businesses face when helping employees stay connected at scale.

Common challenges for businesses expanding secure, remote access

One of the major challenges while setting up remote access is providing workers/employees access to key internal resources, which may reside on-premises or Azure, for example, healthcare or government organizations who have sensitive patient or tax information in on-premises datacenters and other sensitive information in Azure.

Another challenge that the businesses around the world now face is how to quickly scale an existing VPN setup, which is typically targeted at a small portion of an organization’s workforce, to now accommodate all or most workers. Even within Microsoft, we’ve seen our typical remote access at 50,000+ employee spike to as




Microsoft partners with the industry to unlock new 5G scenarios with Azure Edge Zones

Cloud, edge computing, and IoT are making strides to transform whole industries and create opportunities that weren’t possible just a few years ago. With the rise of 5G mobile connectivity, there are even more possibilities to deliver immersive, real-time experiences that have demanding, ultra-low latency, and connectivity requirements. 5G opens new frontiers with enhanced mobile broadband up to 10x faster, reliable low-latency communication, and very high device density up to 1 million devices per square kilometer.

Today we’re announcing transformative advances to combine the power of Azure, 5G, carriers, and technology partners around the world to enable new scenarios for developers, customers, and partners, with the preview of Azure Edge Zones.

New 5G customer scenarios with Azure Edge Zones

Azure Edge Zones and Azure Private Edge Zones deliver consistent Azure services, app platform, and management to the edge with 5G unlocking new scenarios by enabling:

Development of distributed applications across cloud, on-premises, and edge using the same Azure Portal, APIs, development, and security tools. Local data processing for latency critical industrial IoT and media services workloads. Acceleration of IoT, artificial intelligence (AI), and real-time analytics by optimizing, building, and innovating for robotics, automation, and mixed reality. New frontiers for developers




Azure Container Registry Private Link support preview for virtual networks

Azure Container Registry announces preview support for Azure Private Link, a means to limit network traffic of resources within the Azure network.

With Private Link, the registry endpoints are assigned private IP addresses, routing traffic within a customer-defined virtual network. Private network support has been one of the top customer asks, allowing customers to benefit from the Azure management of their registry while benefiting from tightly controlled network ingress and egress.

Private Links are available across a wide range of Azure resources with more coming soon, allowing a wide range of container workloads with the security of a private virtual network.

Private Endpoints and Public Endpoints

Private Link provides private endpoints to be available through private IPs. In the above case, the registry has a private IP of which is only available to resources in contoso-aks-eastus-vnet. This allows the resources in this VNet to securely communicate. The other resources may be restricted to resources only within the VNet.

At the same time, the public endpoint for the registry may still be public for the development team. In a coming release, Azure Container Registry (ACR) Private Link will support disabling the public endpoint, limiting access to




Unified network monitoring with Connection Monitor now in preview

Azure Network Watcher’s new and improved Connection Monitor now provides unified end-to-end connection monitoring capabilities for hybrid and Azure deployments. Users can now use the same solution to monitor connectivity for on-premises, Azure, and multi-cloud setups. In this preview phase, the solution brings together the best of two key capabilities—Network Watcher’s Connection Monitor and Network Performance Monitor’s (NPM) Service Connectivity Monitor. Check out the documentation and start using Connection Monitor to check connectivity in your network.

The monitoring question

Customers have long stressed over the need for unified connection monitoring for hybrid deployments, where complex applications transact across Azure, on-premises, and with other public applications to deliver business-critical functionality. These challenges escalate in multi-cloud environments. Monitoring teams then wrestle with basic challenges including:

Which monitoring solution to use in these complex set-ups? Do I need different monitoring solutions for on-premises and Azure or any other clouds? Where does my data go and how do I correlate data from multiple sources? How do I get the fastest alerts when things go wrong in my network? Connection Monitor in preview

With the new Connection Monitor, you can now configure both Azure and non-Azure virtual machines and hosts for monitoring connectivity to global