Category Archives : Networking

26

Jul

How to enhance HDInsight security with service endpoints

HDInsight enterprise customers work with some of the most sensitive data in the world. They want to be able to lock down access to this data at the networking layer as well. However, while service endpoints have been available in Azure data sources, HDInsight customers couldn’t leverage this additional layer of security for their big data pipelines due to the lack of interoperability between HDInsight and other data stores. As we have recently announced, HDInsight is now excited to support service endpoints for Azure Blob Storage, Azure SQL databases and Azure Cosmos DB.

With this enhanced level of security at the networking layer, customers can now lock down their big data storage accounts to their specified Virtual Networks (VNETs) and still use HDInsight clusters seamlessly to access and process that data.

In the rest of this post we will explore how to enable service endpoints and point out important HDInsight configurations for Azure Blob Storage, Azure SQL DB, and Azure CosmosDB.

Azure Blob Storage:

When using Azure Blob Storage with HDInsight, you can configure selected VNETs on a blob storage firewall settings. This will ensure that only traffic from those subnets can access this storage account.

It is important to

Share

12

Jul

Announcing public preview of Azure Virtual WAN and Azure Firewall

Networking trends such as SDWAN (Software-Defined Wide Area Network) can improve performance by using path selection polices at the branch offices to send Internet-bound traffic directly to the cloud eliminating the backhaul to select breakout points. This traffic can quickly reach Microsoft’s global backbone network with intelligent routing to provide the best network experience.  However, having all branches directly accessing the Internet introduces new challenges such as managing branch connectivity and uniformly enforcing network and security polices at scale. Further complicating network policy management across all the branch offices is the trend of more employees working remotely with ever stricter security, privacy, and compliance requirements polices that vary by country/region.

Network security plays an important role in protecting users, data and applications. Cloud developers and IT teams struggle to stay ahead of security attacks. Cloud native network security solutions better fit the modern dev ops model of building and deploying applications while taking advantage of the economic and scale benefits of the cloud. Customers need turnkey solutions that are easy to deploy, use, and manage that offer high availability and  automatically scale.

To help customers with these massive modernization efforts, we are announcing Azure Virtual WAN to simplify large-scale

Share

03

Jul

Network Performance Monitor is now generally available in UK South region

Network Performance Monitor (NPM) – a cloud-based network monitoring solution for cloud-only, on-premises, and hybrid networking environments, is now generally available in the UK South region.

Customers in this region can now use various capabilities of NPM, such as:

Performance Monitor to monitor connectivity between various locations on the network, visualize the health of all paths on the network, and troubleshoot issues. The Network State Recorder feature allows for the debugging of transient network issues that may have occurred in the past. ExpressRoute Monitor to monitor the availability of ExpressRoute circuits. The health of end to end connectivity, spanning on-premises locations, service provider network (ExpressRoute circuit), and one or more VNETs in Azure can be monitored. Recent additions enable monitoring of Microsoft peering, i.e., connectivity to Office 365, Dynamics, SharePoint, and other productivity services. Service Connectivity Monitor to monitor network connectivity to web based (SaaS and internal line of business) applications and URIs from various locations. The Service Connectivity Monitor correlates application responsiveness with network performance and helps determine if the poor application experience is impacted by network issues.

Chart of application response time and network latency. Significant variation in network latency (represented by the orange line) at noon,

Share

03

Jul

Network Performance Monitor is now generally available in UK South region

Network Performance Monitor (NPM) – a cloud-based network monitoring solution for cloud-only, on-premises, and hybrid networking environments, is now generally available in the UK South region.

Customers in this region can now use various capabilities of NPM, such as:

Performance Monitor to monitor connectivity between various locations on the network, visualize the health of all paths on the network, and troubleshoot issues. The Network State Recorder feature allows for the debugging of transient network issues that may have occurred in the past. ExpressRoute Monitor to monitor the availability of ExpressRoute circuits. The health of end to end connectivity, spanning on-premises locations, service provider network (ExpressRoute circuit), and one or more VNETs in Azure can be monitored. Recent additions enable monitoring of Microsoft peering, i.e., connectivity to Office 365, Dynamics, SharePoint, and other productivity services. Service Connectivity Monitor to monitor network connectivity to web based (SaaS and internal line of business) applications and URIs from various locations. The Service Connectivity Monitor correlates application responsiveness with network performance and helps determine if the poor application experience is impacted by network issues.

Chart of application response time and network latency. Significant variation in network latency (represented by the orange line) at noon,

Share

26

Jun

New zone-redundant VPN and ExpressRoute gateways now in public preview

As with all of Azure, we are continuously innovating, upgrading, and refining our virtual network gateways to further increase reliability and availability.

Today, we are sharing the public preview of zone-redundant VPN Gateway and ExpressRoute virtual network gateways. By adding support for Azure Availability Zones, we bring increased resiliency, scalability, and higher availability to virtual network gateways.

You can now deploy VPN and ExpressRoute gateways in Azure Availability Zones. This physically and logically separates them into different Availability Zones protecting your on-premises network connectivity to Azure from zone-level failures. Additionally, we have made fundamental performance improvements including reducing the deployment time to create a virtual network gateway.

To automatically deploy your virtual network gateways across availability zones, you can use zone-redundant virtual network gateways.

Zone-redundant virtual network gateways use specific new gateway SKUs for VPN Gateway and ExpressRoute. To begin using zone-redundant, you can self-enroll your subscription in the public preview. Once you enroll, you will start seeing the new gateway SKUs in all the Azure Availability Zone regions. See the getting started guide for steps to self-enroll, to view information about the new gateway SKUs, and for configuration information.

The new gateway SKUs also support other deployment options

Share

26

Jun

New zone-redundant VPN and ExpressRoute gateways now in public preview

As with all of Azure, we are continuously innovating, upgrading, and refining our virtual network gateways to further increase reliability and availability.

Today, we are sharing the public preview of zone-redundant VPN Gateway and ExpressRoute virtual network gateways. By adding support for Azure Availability Zones, we bring increased resiliency, scalability, and higher availability to virtual network gateways.

You can now deploy VPN and ExpressRoute gateways in Azure Availability Zones. This physically and logically separates them into different Availability Zones protecting your on-premises network connectivity to Azure from zone-level failures. Additionally, we have made fundamental performance improvements including reducing the deployment time to create a virtual network gateway.

To automatically deploy your virtual network gateways across availability zones, you can use zone-redundant virtual network gateways.

Zone-redundant virtual network gateways use specific new gateway SKUs for VPN Gateway and ExpressRoute. To begin using zone-redundant, you can self-enroll your subscription in the public preview. Once you enroll, you will start seeing the new gateway SKUs in all the Azure Availability Zone regions. See the getting started guide for steps to self-enroll, to view information about the new gateway SKUs, and for configuration information.

The new gateway SKUs also support other deployment options

Share

25

Jun

Network Performance Monitor’s Service Connectivity Monitor is now generally available

Network Performance Monitor’s (NPM) Service Connectivity Monitor, previously in preview as Service Endpoint Monitor, is making general availability sporting a new name. With Service Connectivity Monitor, you can now monitor connectivity to services such as applications, URIs, VMs, and network devices, as well as determine what infrastructure is in the path and where network bottlenecks are occurring.

As services and users are becoming more dispersed across clouds, branch offices, and remote geographies, it is becoming more difficult to determine the cause of a service outage or performance degradation. These can be due to an issue with the application, stack, or cluster as well as network issues in the cloud, the carrier network, or in the first-mile. Service Connectivity Monitor integrates the monitoring and visualization of the performance of your internally hosted and cloud services with the end-to-end network performance. You can create connectivity tests from key points in your network to your services and identify whether the problem is due to the network or the application. With the network topology map, you can locate the links and interfaces experiencing high loss and latencies, helping you identify external and internal troublesome network segments.

Determine if it’s an application or a network

Share

20

Jun

Traffic Analytics now generally available
Traffic Analytics now generally available

We are excited to announce the general availability (GA) of the Traffic Analytics, a SaaS solution that provides visibility into user and application traffic on your cloud networks.

Since the public preview, three months ago, the solution has analyzed several terabytes of Flow logs on a regular basis for network activity across virtual subnets, VNets, Azure data center regions and VPNs, and provided actionable insights that helped our customers:

Audit their networks and root out shadow-IT and non-compliant workloads. Optimize the placement of their workloads and improve the user experience for their end users. Detect security issues and improve application and data security. Reduce costs and right size their deployments by eliminating the issue of over-provisioning or under-utilization. Gain visibility into their public cloud networks spanning multiple Azure regions across numerous subscriptions.

This GA release includes enhancements that help you detect issues and secure/optimize your network, faster and more intuitively than before.

Some of the enhancements in this release are:

Your environment: Provides a view into your entire Azure network, identifies inactive regions, virtual networks, and subnets – for example, network locations with VMs and no network activity for further analysis. Detects malicious flows as they flow across application gateways,

Share

20

Jun

Traffic Analytics now generally available
Traffic Analytics now generally available

We are excited to announce the general availability (GA) of the Traffic Analytics, a SaaS solution that provides visibility into user and application traffic on your cloud networks.

Since the public preview, three months ago, the solution has analyzed several terabytes of Flow logs on a regular basis for network activity across virtual subnets, VNets, Azure data center regions and VPNs, and provided actionable insights that helped our customers:

Audit their networks and root out shadow-IT and non-compliant workloads. Optimize the placement of their workloads and improve the user experience for their end users. Detect security issues and improve application and data security. Reduce costs and right size their deployments by eliminating the issue of over-provisioning or under-utilization. Gain visibility into their public cloud networks spanning multiple Azure regions across numerous subscriptions.

This GA release includes enhancements that help you detect issues and secure/optimize your network, faster and more intuitively than before.

Some of the enhancements in this release are:

Your environment: Provides a view into your entire Azure network, identifies inactive regions, virtual networks, and subnets – for example, network locations with VMs and no network activity for further analysis. Detects malicious flows as they flow across application gateways,

Share

31

May

VNet service endpoints for Azure database services for MySQL and PostgreSQL in preview

This blog post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.

We recently made Azure database services for MySQL and PostgreSQL generally available. These services offer the community versions of MySQL and PostgreSQL with built-in high availability, a 99.99% availability SLA, elastic scaling for performance, and industry leading security and compliance on Azure. Since general availability, we have continued to bring new features and capabilities like increased storage and availability across more regions worldwide.

We are excited to announce the public preview of Virtual Network (VNet) service endpoints for Azure Database for MySQL and PostgreSQL in all regions where the service is available. Visit region expansion for MySQL and PostgreSQL for service availability. VNet service endpoints enable you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. The traffic to Azure Database for MySQL and/or PostgreSQL from your VNet always stays within the Azure backbone network. Preference for this direct route is over any specific ones that route Internet traffic through virtual appliances or on-premises.

There is no additional billing for virtual network access through service endpoints. The current pricing model for Azure Database for MySQL and

Share