Microsoft Ignite 2018 - Azure Storage News
In this post, I will discuss some of the headline news about networking in Azure that has emerged this week at Microsoft Ignite 2018.
Microsoft’s new in-Azure virtual network firewall is generally available much sooner than I expected. This firewall auto-scales with your deployments, offering security and performance no matter how big your application gets – according to Microsoft. You can create and control network security in a central location.
Unlike in the preview, Azure Firewall now support inbound and outbound data flows. It also supports ExpressRoute and VPN connections, and has support for Network Watcher, Azure Monitor, Azure Security Center, and Application Services. This service has evolved much quicker than I thought it would!
Microsoft’s cloud-based software-defined WAN service, Azure WAN, went into preview at the same time as Azure Firewall, and it has also beat my expectations by becoming generally available this week.
Azure WAN offers a solution where you can create a WAN from lots of offices/locations using VPN connections. Ideally, this is done using a supported software-defined WAN partner product, but you can use any Azure-supported IKEv2 VPN device with a bit more manual configuration. ExpressRoute connections can also be integrated into Azure WAN; this means that central offices with a low latency/high speed connection can integrate with remote offices which are limited to VPN.
This new offering, which is in preview, allows customers to get connections up to 100 Gbps to Microsoft’s global backbone. This can be used to ingest massive amounts of data or for elastic scaling from on-premises.
ExpressRoute Global Reach
This is an interesting, in preview, option that has some cross-over in concept with Virtual WAN. If you have an office in the US, connected to an ExpressRoute PoP in the USA, it can use the Microsoft backbone (one of the largest private WANs in the world) to talk to another office in Sydney with an ExpressRoute connection in Australia. This means that you can build a global WAN using ExpressRoute and Microsoft’s global WAN.
DDoS Protection Standard
The Standard Tier of DDoS protection for virtual networks became generally available during the Spring. However, this week, some new features also became generally available via the diagnsotics settings in Azure Monitor:
- Detailed attack mitigation reports
- Flow logs
Front Door Service
To be honest, I’m not too sure what this is yet – I will need some time after Ignite to get to grips with some new features such as this. However, the blurb from Microsoft says that Front Door is a new network entry point into microservices hosted in Azure. Apparently, Front Door has already been used by Bing, Office 365 and Xbox. This is not a new approach for microservices by Microsoft; Service Fabric, a microservices platform, had been used by Azure SQL, Skype for Business and CRM 365 before Microsoft shared it with the world – quite literally by open-sourcing it.
These are the headlines for Azure networking that I know of so far, but I wouldn’t be surprised if more was to follow. Watch this space!