Wired for Hybrid – What’s New in Azure Networking – April 2023

Posted by

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Hello Folks,

 

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking. This month is a little late since we've been traveling to conferences.  We Recorded this one from the PowerShell + DevOps Global Summit https://powershellsummit.org.

 

In this blog post, we’ll cover what's new with Azure Networking in April 2023.

 

 

Azure Virtual Network Manager for Hub and Spoke Connectivity (AVNM)

 

PierreRoman_0-1683056887081.png

 

If you’ve had to manage lots of virtual networks, peering connections, and Network Security Groups (NSG) Azure Virtual Network Manager (AVNM) is here to help. It’s a highly scalable and available network management solution.

 

AVNM is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. Then you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once.

 

PierreRoman_7-1683057071626.png

 

 

Documentation:

Learning opportunities:

Scale improvements and metrics enhancements on Azure’s regional WAF

 

PierreRoman_8-1683057176312.png

 

You can now take advantage of the increased scale limits for Azure’s regional Web Application Firewall (WAF) running on Application Gateway. The new scale limits allow you greater flexibility, and scale, when configuring your WAF to meet the needs of your applications and network.

 

Application Gateway v2 WAF enabled SKUs running Core Rule Set (CRS) 3.2 or higher now supports a higher number of frontend ports, HTTP load-balancing rules, backend HTTP settings, SSL certificates, number of sites, and redirect configurations.  The regional WAF also increased the number of HTTP listeners from 40 to 200.

 

Announcement:

Documentation:

Learning opportunities:

 

New enhanced connection troubleshooting in Azure Traffic Manager

 

PierreRoman_9-1683057236616.png

 

The enhancements to connection troubleshoot features of Azure Network Watcher will helps you reduce the amount of time to diagnose and troubleshoot network connectivity issues. The results returned can provide insights about the root cause of the connectivity problem and whether it's due to a platform or user configuration issue.

 

New features:

  • Unified solution for troubleshooting all NSG, user defined routes, and blocked ports
  • Actionable insights with step-by-step guide to resolve issues
  • Identifying configuration issues impacting connectivity
  • NSG rules that are blocking traffic
  • Inability to open a socket at the specified source port
  • No servers listening on designated destination ports
  • Misconfigured or missing routes

Announcement:

Documentation:

Learning opportunities:

 

Azure Firewall Basic SKU

PierreRoman_4-1683056887099.png

 

Azure Firewall is an intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. Azure Firewall provides L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security.

 

It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.

 

Azure Firewall Basic is intended for small and medium size (SMB) customers to secure their Azure cloud environments. Azure Firewall Basic is similar to Firewall Standard, but has the following main limitations:

 

  • Supports Threat Intel alert mode only.
  • Fixed scale unit to run the service on two virtual machine backend instances.
  • Recommended for environments with an estimated throughput of 250 Mbps.

 

Announcement:

Documentation:

Learning opportunities:

 

Reserved namespaces for subdomains in Azure Traffic Manager

 
 
 

PierreRoman_12-1683057411216.png

 

Azure Traffic Manager has new functionality for reserving domain labels for traffic manager profiles. Any customer requesting a traffic manger profile of the form label1.trafficmanager.net will have “label1” label reserved for the tenant and another user will not be able to create a new traffic manager profile with this name or subdomains below it. For example if a user creates a profile names label1.trafficmanager.net then “label1” and all labels of form  “<labelN>….<label1>.trafficmanager.net" will be reserved for the subscription.

 

PierreRoman_13-1683057470171.png

 

 

Now, once you create a namespace under trafficmanager.net domain, it will not be available for any other tenant ensuring that you have full control over the labels tree used in your traffic manager profiles and enables customers better manage their namespace without having to worry about a specific name/label being in use by other tenants.

Announcement:

Documentation

 

Follow Pierre Roman - @WiredCanuck - https://twitter.com/wiredcanuck

Michael Bender - @MichaelBender - https://twitter.com/MichaelBender

Azure networking - @AzNetEng - https://twitter.com/AzNetEng

See you next month!

 

Cheers

 

Pierre

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.