In this Azure networking architecture overview video, we will discuss some of the most important Azure networking resources and drill into Virtual Networks (VNets), the fundamental building blocks to create secure private networks. We will examine what they are, how to create them, how routes work within them, and how to manually network them through peering. We will also introduce Network Security Groups (NSGs) and how to leverage them to filter traffic into subnets within VNets.
Lab's prerequisite:
- An Azure subscription. You can get a free 30-day trial license @ https://azure.microsoft.com
- Bicep VS extension tools @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/install
- VPN Client Entra ID Auth:
Configure a P2S VPN gateway for Microsoft Entra ID (Sections: “Prerequisites”, “Create Microsoft Entra tenant users”, and “Authorize the Azure VPN application” @
authenticationhttps://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
OR:
- VPN Client Cert Auth:
Configure server settings for P2S VPN Gateway connections - certificate authentication - Azure portal @ https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
Point-to-site VPN client configuration workflow: Certificate authentication – Windows @ https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert- windows
- VPN Client app:
Windows: @ https://apps.microsoft.com/detail/9np355qt2sqb?hl=en-US&gl=US
Mac: @ https://apps.apple.com/us/app/azure-vpn-client/id1553936137?mt=12
Source code: https://github.com/gary-RR/myYouTube_video_Azure_networking_part1/tree/main
***Note: Microsoft enforced a breaking change after recording the video and just before releasing it. The person/account running the script must have been given a specific permission when the VPN gateway. This is true even if the runner has Azure admin access. I added "assign_user_contributor_role.bicep" which runs at the start of "main.bicep" to grant that permission. It requires the Principal Id of the person submitting the deployment. The Principal Id is obtained in the "driver.sh" and passed to main:
principalId=$(az ad signed-in-user show --query id -o tsv)
My other videos:
►Workload Identity Part 2: How Cilium Implements Its Mutual Auth Leveraging SPIFFE and SPIRE:
https://youtu.be/O3C9F3U7AV8
►Setup Azure Kubernetes Private Clusters with API Server Vnet Integration:
https://youtu.be/K0TBrW6rjE0
►Workload Identity part 2: How Cilium Implements Its Mutual Auth Leveraging SPIFFE and SPIRE
Workload Identity Part 1: Introduction to SPIFFE and SPIRE - YouTube
► Encrypt Client Communication to Kubernetes Services Leveraging Cert-Manage and Let’s Encrypt
https://youtu.be/pXEFZYl2Gu0
►Kubernetes Security, Part 4: Kubernetes Authentication (Part B: Open ID Connect Auth)
https://youtu.be/M9KABid_sCY
►Kubernetes Security, Part 3: Kubernetes Auth (Part A: Overview and X509 Client Certificate auth)
https://youtu.be/WZvPIoUyErM
►Kubernetes Security, Part 2: Managing POD Run Time Security
https://youtu.be/NNE9whCTp0g
► Istio Ambient Service Mesh
https://youtu.be/WPLVvwPGJvw
► Kubernetes Security, Part 1: Kubernetes Security Overview and Role Based Access Control (RBAC) in Detail
https://youtu.be/Qwkix9z8ywU
► Cilium Service Mesh
https://www.youtube.com/watch?v=-o6E8bYj-xw
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
https://youtu.be/j2aox7K-7wU
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
https://youtu.be/gkrPt0ZcCfo
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
https://youtu.be/5EcVrm01rAU
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process https://youtu.be/aLq3O3l2LF4
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
https://youtu.be/WMLSD2y2Ig4
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
https://youtu.be/1tgqdz3lw-k
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
https://youtu.be/ftxxO381-_Q
► Sharing Resources between Windows and Linux:
https://youtu.be/MzHX6eUlZfs
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
https://youtu.be/lkXLsD6-4jA
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
https://youtu.be/mjcNIaRDAsc
►Configuring and Managing Storage in Kubernetes:
https://youtu.be/U11YjaRvCd4
► Istio Service Mesh – Securing Kubernetes Workloads:
https://youtu.be/GFXjlPBsykM
► Istio Service Mesh – Intro
https://youtu.be/x_HRl-Ehvb8
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
https://youtu.be/sxB9-td1-F8
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
https://youtu.be/vjhA9TJWw-k