دانلود کتاب Designing and Implementing Microsoft Azure Networking Solutions

فهرست مطالب :

Cover
Title Page
Copyright
Dedication
Contributors
Table of Contents
Preface
Part 1: Design and Implement Core Networking Infrastructure in Azure
Chapter 1: Azure Networking Fundamentals
Technical requirements
Understanding Azure VNet
Azure VNet versus traditional networks
Planning Vnet naming
Planning VNet location
Planning Vnet IP address spaces
Planning Vnet subnet segmentation
Working with platform services in subnets
Hands-on exercise – creating a single-stack VNet in Azure
Task 1 – creating the CharisTech resource group
Task 2 – creating the CoreServicesVNet VNet and subnets
Task 3 – verifying the creation of the VNet and subnets
Hands-on exercise – creating a dual-stack VNet in Azure
Task 1 – creating the dual-stack EngineeringVNet VNet and subnets
Task 2 – verifying the creation of the dual-stack VNet and subnets
Understanding private IP address assignment for subnet workloads
Hands-on exercise – determining the VM location and sizes for future exercises
Task 1 – determining the CPU quota limits for recommended subscription regions
Hands-on exercise – exploring private IP assignments
Task 1 – deploying VMs with dynamic and static private IP assignments
Hands-on exercise – cleaning up resources
Summary
Further reading
Chapter 2: Designing and Implementing Name Resolution
Technical requirements
A hands-on exercise – provisioning resources for the chapter’s exercises
Name resolution scenarios and options
Internal name resolution scenarios and options
Option 1 – Azure-provided name resolution
A hands-on exercise – exploring Azure-provided name resolution
Option 2 – customer-managed DNS servers
A hands-on exercise – implementing a customer-managed DNS server
Option 3 – Azure Private DNS
A hands-on exercise – implementing Azure Private DNS
Option 4 – Azure Private DNS Resolver and Azure Private DNS zones
External name resolution scenarios and options
A hands-on exercise – implementing Azure Public DNS
A hands-on exercise – clean up resources
Summary
Further reading
Chapter 3: Design, Implement, and Manage VNet Routing
Technical requirements
Understanding the default routing for Azure VNet workloads
Understanding default routing for dual-stack subnets
Hands-on exercise – provisioning resources for the chapter’s exercises
Hands-on exercise – explore the default routing of Azure subnet workloads
Modifying the default routing behavior
Implementing custom routing with user-defined routes
Hands-on exercise – route network traffic with a route table
Implementing dynamic custom routing with BGP
Hands-on exercise – implementing BGP dynamic routing with Azure Route Server
Route selection and priority
Hands-on exercise – cleaning up resources
Summary
Further reading
Chapter 4: Design and Implement Cross-VNet Connectivity
Technical requirements
Understanding cross-VNet connectivity options
Connecting VNets using VNet peering
Planning VNet peering implementation
Understanding VNet peering architecture considerations
Understanding VNet peering and transitive routing
Configuring VNet peering
VNet peering in a hub-and-spoke architecture
Connecting VNets using a VPN gateway connection
Understanding VPN Gateway architecture considerations
Connecting VNets using a vWAN
Hands-on exercise – provisioning resources for the chapter
Task 1 – initializing the template deployment in GitHub
Hands-on exercise – implementing cross-region VNet connectivity using the vWAN
Task 1 – creating a vWAN
Task 2 – creating a virtual hub in each VNet location in the vWAN
Task 3 – connecting the VNets to the regional virtual hubs
Task 4 – verifying effective routes on the VNets and the virtual hubs
Task 5 – verifying the connectivity between the VNets
Comparing the three cross-VNet connectivity options
Hands-on exercise – clean up resources
Summary
Further reading
Part 2: Design, Implement, and Manage Hybrid Networking
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Technical requirements
Understanding Azure hybrid network connection options
Understanding the Azure VPN gateway
Choosing the right VPN gateway SKU and generation
Selecting between route-based or policy-based VPN types
Selecting high-availability options for VPN connections
Understanding third-party device compatibility
Hands-on exercise – provision resources for chapter exercises
Task 1: Initialize template deployment in GitHub, complete parameters, and deploy the template to Azure
Hands-on exercise: implement a BGP-enabled VPN connection in Azure
Task 1: Create the gateway subnet
Task 2: Deploy the VPN gateway into the subnet (with an existing public IP)
Task 3: Create the local network gateway
Task 4: Configure the VPN connection
Task 5: Verify VPN connection status and BGP peering
Task 6: Verify connectivity between the on-premises network and the Azure VNet
Understanding point-to-site connections
Defining a connection pool for P2S VPN connectivity
Selecting the tunnel type(s) for P2S VPN connectivity
Selecting the authentication type for P2S VPN connectivity
Hands-on exercise – implement a P2S VPN connection with Azure certificate authentication
Task 1: Connect to the remote user’s PC via RDP
Task 2: Configure the P2S VPN gateway settings
Task 3: Configure settings for VPN clients
Task 4: Verify connectivity between the remote PC and the Azure VNet
Troubleshoot Azure VPN Gateway using diagnostic logs
Hands-on exercise – clean up resources
Summary
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Technical requirements
Understanding what ExpressRoute is and its main use cases
Choosing between private peering and public peering
Understanding ExpressRoute components
Deciding on an ExpressRoute connectivity model
Understanding the provider model
Understanding the ExpressRoute direct model
Selecting the right ExpressRoute circuit SKU
Selecting the right ExpressRoute gateway SKU
Implementing ExpressRoute with zone redundancy
Modifying a gateway SKU
Implementing the gateway subnet
Improving data path performance with ExpressRoute FastPath
Understanding FastPath unsupported scenarios
Configuring FastPath for new or existing connections
Designing and implementing cross-network connectivity over ExpressRoute
Enhancing cross-network connectivity using VNet peering
Enhancing cross-network connectivity using multiple ExpressRoute VNet connections
Enhancing cross-network connectivity using ExpressRoute Global Reach
Understanding the implementation of encryption over ExpressRoute
Understanding the implementation of BFD
Hands-on exercise – implementing an ExpressRoute gateway
Task 1 – create a VNet and gateway subnet
Task 2 – deploy the ExpressRoute VNet gateway service
Task 3 – create and provision an ExpressRoute circuit
Task 4 – retrieve your service key (you need to send this to your SP)
Task 5 – check serviceProviderProvisioningState status
Task 6 – connect the ExpressRoute gateway to the ExpressRoute circuit
Task 7 – deprovision an ExpressRoute circuit
Task 8 – clean up resources
Summary
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Technical requirements
Designing a scalable network topology in Azure
The standard hub-and-spoke topology
The Azure vWAN hub-and-spoke topology
Understanding the design considerations of a vWAN hub
Selecting the regions for the VWAN hub
Selecting an IP address space for the VWAN hub
Configuring the routing infrastructure for the VWAN hub
Configuring the VWAN hub routing preference
Connecting VNets together using VWAN
Understanding the routing and SD-WAN configuration in a virtual hub
Understanding VNet connection route table association
Understanding VNet connection route propagation
Implementing BGP peering between an NVA and a virtual hub
Implementing a third-party SD-WAN NVA in a virtual hub
Hands-on exercise 1 – provision resources for chapter exercises
Task 1 – initialize template deployment in GitHub
Configuring Site-to-Site connectivity using VWAN
Understanding the scalability considerations of a VWAN hub S2S VPN
Understanding the availability considerations of a VWAN hub S2S VPN
Understanding the performance considerations of a VWAN hub S2S VPN
Hands-on exercise 2 – implement site-to-site VPN connectivity using VWAN
Task 1 – add a site-to-site gateway to VWAN
Task 2 – create a VPN site in VWAN
Task 3 – connect the VPN site to a VWAN hub
Task 4 – obtain VPN configuration information
Task 5 – configure the “on-premises” VPN device
Task 6 – verify routes and connectivity to the “on-premises” site through VWAN
Task 7 – clean up the resources
Implementing a global transit network architecture using VWAN
Understanding the security considerations of a virtual hub
Approach 1 – deploy Azure Firewall in the virtual hub
Approach 2 – deploy a third-party security virtual appliance in the virtual hub
Approach 3 – deploy a third-party network virtual appliance in a connected VNet and route traffic to it for inspection
Comparing virtual hub NVA deployment options
Summary
Further reading
Chapter 8: Designing and Implementing Network Security
Technical requirements
Securing the Azure virtual network perimeter
Implementing DDoS protection
Understanding Azure DDoS Protection service tiers
Hands-on exercise 1 – provisioning resources for Chapter 8’s exercises
Hands-on exercise 2 – implementing DDoS Protection, monitoring, and validation
Task 1 – creating a DDoS Protection plan
Task 2 – enabling DDoS Protection on a virtual network
Task 3 – reviewing DDoS metrics for telemetry
Task 4 – configure DDoS diagnostic logs forwarding
Task 5 – configuring DDoS alerts
Task 6 – creating a BreakingPoint Cloud account and authorizing your Azure subscription
Task 7 – running a DDoS Test
Task 8 – reviewing DDoS test results
Implementing Azure Firewall
Understanding Azure Firewall service tiers
Understanding Azure Firewall’s features
Understanding some considerations for an Azure Firewall deployment
Hands-on exercise 3 – deploying Azure Firewall into a VNet and a Virtual WAN Hub
Task 1 – deploying an Azure Firewall test environment template with the Azure CLI
Task 2 – reviewing the firewall service and the firewall policy
Task 3 – testing connectivity through the firewall
Implementing a WAF in Azure
Understanding managed rule sets and WAF policies
Understanding custom rule sets
Understanding WAF policy modes and rule actions
Understanding WAF policy associations
Understanding WAF policy limitations
Implementing central management with Firewall Manager
Summary
Further reading
Part 3: Design and Implement Traffic Management and Network Monitoring
Chapter 9: Designing and Implementing Application Delivery Services
Technical requirements
Understanding Azure’s load-balancing and application delivery services
Understanding Azure load-balancing and application delivery services categories
Designing and implementing an Azure Load Balancer service
Understanding use cases for the Basic SKU
Understanding use cases for the Standard SKU
Hands-on exercise 1 – Provisioning resources for this chapter’s exercises
Hands-on exercise 2 – Creating and configuring a global (cross-region) load balancer
Designing and implementing an Azure Application Gateway service
Understanding Azure Application Gateway tiers
Understanding the scalability and performance of the tiers
Considerations for the Application Gateway subnet
Understanding Azure Application Gateway components
Designing and implementing an Azure Front Door load balancer service
Understanding Azure Front Door tiers
Understanding Front Door components
Hands-on exercise 1 – Creating and configuring an Azure Front Door service
Designing and implementing an Azure Traffic Manager service
Configuring a traffic routing method
Configuring Traffic Manager endpoints
Choosing an optimal load-balancing and application delivery solution
Summary
Chapter 10: Designing and Implementing Platform Service Connectivity
Technical requirements
Implementing platform service network security
Understanding the platform service firewall and its exceptions
Understanding service endpoints
Hands-on exercise 1 – provisioning the resources for this chapter’s exercises
Hands-on exercise 2 – configuring service endpoints for a storage account
Designing and implementing Azure Private Link and Azure private endpoints
Hands-on exercise 3 – configuring an Azure private endpoint for an Azure WebApp
Summary
Further reading
Chapter 11: Monitoring Networks in Azure
Technical requirements
Introducing Azure Network Watcher for monitoring, network diagnostics, and logs
Understanding the network monitoring tools of Network Watcher
Topology visualization
Connection monitor
Understanding the Network diagnostic tools of Network Watcher
Connection troubleshoot
IP flow verify
NSG diagnostics
Next hop
VPN troubleshoot
Packet capture
Hands-on exercise 1 – provisioning the resources for the chapter\'s exercises
Task 1 – initialize template deployment in GitHub, complete the parameters, and deploy a template to Azure
Hands-on exercise 2 – implementing the network monitoring tools of Network Watcher
Task 1 – visualize the topology of an Azure VNet
Task 2 – create an Azure Network Watcher connection monitor
Task 3 – Trigger a network issue and review Connection Monitor
Understanding NSG flow logs
NSG flow logs limitations and use cases
Hands-on exercise 3 – enabling NSG flow logs
Task 1 – enable an NSG flow log
Task 2 – download and review the flow log
Summary
Further reading
Index
About Packt
Other Books You May Enjoy