Wired for Hybrid – Episode 3 – What’s New in Azure Networking – February 2023 Edition

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Azure Networking is the foundation of your infrastructure in Azure. So, we’re happy to bring you a monthly update on What’s new in Azure Networking.

In this blog post, we’ll cover what is new with Azure Networking.

Public preview: Azure Firewall Basic

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all of their traffic flows with essential capabilities at scale.

This will give customers access to:

Network and application traffic filtering
Threat intelligence to alert on malicious traffic
Built-in high availability
Seamless integration with other Azure security services

Setup and maintenance are easy. Maintenance is lower for smaller IT shops.

Set up in just a few minutes.
Automate deployment (deploy as code).
Zero maintenance with automatic updates.
Central management via Azure Firewall Manager.

Azure Firewall Basic is like Firewall Standard, but has the following limitations:

Supports Threat Intel alert mode only.
Fixed scale unit to run the service on two virtual machine backend instances.
Recommended for environments with maximum throughput of 250 Mbps. The throughput may increase for feature general availability (GA).

Like the other Firewall SKUs, this version integrates with Azure Firewall Management to centrally manage Azure Firewalls across multiple subscriptions. Firewall Manager uses firewall policy to apply a common set of network/application rules and configuration to the firewalls in your tenant.

This is the best option for SMBs wanting enterprise-grade Firewall protection and throughput needs less than 250 mbps. If you need features like DNS Proxy/Custom DNS or web content filtering, or higher speeds, you’ll need standard or premium.

Resources

Announcement: Public preview: Azure Firewall Basic

Documentation:

Learning opportunity:

Looking to Deploy? Start with Deploy & configure Azure Firewall Basic (preview) and policy using the Azure portal | Microsoft Learn

Public preview: IP Protection SKU for Azure DDoS Protection

Distributed denial of service (DDoS) attacks security concerns are a major blocker for customers looking to move their applications to the cloud. Luckily, IP Protection, designed with SMBs in mind, delivers enterprise-grade, cost-effective DDoS protection.

Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP. That means that from now on the standard SKU of Azure DDoS Protection will now be known as “Network Protection”. “IP Protection” includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.

You can see the difference between IP Protection and Network protection here.

Resources

Announcement: What’s new in Azure Network Security at Microsoft Ignite 2022

Documentation: What is Azure DDoS Protection?

Learning opportunity:

Public preview: Azure Bastion now supports shareable links.

With this release, you no longer need to access the Azure Portal to use Azure Bastion for VM access. VMs using Bastion for administrative access can be accessed through a shareable link. Users of these VMs won't require full access in the Azure Portal, thus decreasing your security exposure.

Basically, you need to deploy bastion Standard SKU in the VNet with your VM resources, configure the instance to support Shareable Links (under configurations). Once configured, you create shareable links for the VMs that will utilize them.

To use the links, open the link in your browser. You’ll have the option to choose protocol connection (RDP or SSH) and port, then enter your credentials. No credentials are provided so users will require credentials to each resource they need to access.

Resources

Announcement: Public preview: Azure Bastion now support shareable links

Documentation:

Learning opportunity:

Public preview: Azure Resource Topology

Azure Resource Topology (ART) allows you to visualize the resources in a network, acquire system context, understand state and debug issues faster.

This leads to upgrading the network monitoring and management experience in Azure. This topology (Preview) experience will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources.

Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address.

Supported resource types supported by Topology:

Application gateways
ExpressRoute Circuits
Load balancers
Network Interfaces
Network Security Groups
PrivateLink Endpoints
PrivateLink Services
Public IP Addresses
Virtual Machines
Virtual Network Gateways
Virtual Networks

Resources

Announcement: Public preview: Azure Resource Topology

Documentation:

Learning opportunity:

Fundamentals of computer networking

See you next month!

Cheers

Pierre

Public preview: Azure Firewall Basic

Resources

Public preview: IP Protection SKU for Azure DDoS Protection

Resources

Public preview: Azure Bastion now supports shareable links.

Resources

Public preview: Azure Resource Topology

Resources

Leave a Reply Cancel reply