Summary of "AZ-900 Episode 10 | Networking Services | Virtual Network, VPN Gateway, CDN, Load Balancer, App GW"

Summary of AZ-900 Episode 10: Azure Networking Services

This episode provides a foundational overview of key Azure networking services essential for connecting, securing, and managing cloud and hybrid network environments. The main services covered include:

Azure Virtual Network (VNet)

Emulates physical network infrastructure in the cloud.
Enables creation, management, monitoring, and securing of connectivity between Azure resources and on-premises environments.
Supports segmentation via subnets for efficient IP address allocation and applying security rules.
VNets are region-specific; multi-region applications require multiple VNets.
VNets can be connected using VNet Peering (for low latency, high bandwidth) or VPN Gateway (encrypted connections over the internet).
Network Security Groups (NSGs) can be applied to subnets to control traffic flow.

VPN Gateway

Connects Azure VNets to on-premises networks securely over the public internet.
Can also connect VNets across regions, although less common.
Provides encrypted communication channels.
Choice between VPN Gateway and VNet Peering depends on specific use cases.

Azure Load Balancer

Distributes network traffic evenly across multiple resources (e.g., VMs).
Supports both inbound and outbound traffic, TCP and UDP protocols.
Enhances scalability by allowing horizontal scaling (adding more instances).
Improves availability by routing traffic away from unhealthy instances.
Can be public (with public IP) or internal (private IP) to manage external and internal traffic respectively.
Guarantees higher SLA when combined with availability zones.

Azure Application Gateway

Specialized load balancer for web traffic (HTTP/HTTPS).
Provides advanced web traffic management features such as:
- Web Application Firewall (WAF) for security.
- URL-based routing.
- SSL termination to offload decryption from backend servers.
- Session affinity to keep user sessions on the same server.
Suitable for multi-tier web applications replacing public load balancers.

Azure Content Delivery Network (CDN)

Distributes static web content (images, scripts, stylesheets) globally via multiple Points of Presence (PoPs).
Reduces latency by serving content from locations closest to the user.
Offloads traffic from origin servers, improving scalability and user experience.
Has over 120 PoPs worldwide, often closer than Azure regions.

Additional Highlights

Demonstration of creating a virtual network in Azure Portal.
Use of the Azure portal’s network diagram feature to visualize network architecture.
Explanation of how VNets and subnets work with network interfaces, public IPs, and NSGs.
Emphasis on the differences and appropriate use cases for VNet Peering vs. VPN Gateway.
Clarification that services like Azure App Services can also be used behind load balancers or application gateways, not just VMs.

Summary Recap

Virtual Networks: Cloud-based network segmentation and management.
VPN Gateway: Secure connectivity between on-premises and cloud.
Load Balancer: Even traffic distribution for non-web workloads.
Application Gateway: Web traffic load balancing with advanced features.
CDN: Global content distribution for static web assets to reduce latency.

Resources & Next Steps

Additional study materials such as cheat sheets and practice tests are available on the speaker’s website.
Encouragement to subscribe and continue following the AZ-900 fundamentals series.