Hello Folks,
Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.
In this blog post, we’ll cover what's new with Azure Networking in December 2023. In this blog post, we will cover the following announcements and how they can help you.
Enjoy!
Integration of Azure Monitor Agent support with Connection Monitor
Connection Monitor, a multi-agent monitoring solution, detects network connectivity and performance errors real time with aggregated packet loss and latency, localizes the problematic network component with end-to-end path visibility in unified topology and provides actionable insights to diagnose and troubleshoot the issues, thus reducing the overall Mean Time to Resolve network connectivity issues.
With Azure Monitor Agent, we aim to consolidate multi-monitoring agents into a single agent. This capability addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC enabled on-premises machines, thus eliminating the overhead of management and enablement of multiple monitoring agents. Additionally, Azure Monitor Agent provides enhanced security and performance capabilities, effective cost savings & ease of troubleshooting with simpler management of data collection. With this support, the dependency on soon to be deprecated Log Analytics agent is eliminated, while increasing the coverage for on-premises machines with support for ARC enable endpoints.
The highlighted features of this new update are:
- Connectivity monitoring support for ARC enabled on-premises endpoints as source as well as destination.
- Simpler management of network monitoring extensions
- One agent for monitoring Azure and non-Azure Arc endpoints
- Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens
The roadmap for the feature includes:
- Portal support for auto-enablement of Azure Monitor Agent extension
- Integrated support for enablement of Network Watcher extension with Azure Monitor Agent
- Extended support across Azure resources beyond VM and VM scale set
- Enhanced performance metrics with Throughput and Jitter UI support
Using a common port for public and private listeners
The support for configuring the same port number for public and private listeners on your Application Gateway is now generally available.
The provision enables you to easily use a single Application Gateway deployment to serve both internet-facing and internal clients. With this, you don't need to use non-standard ports on listeners or customize the backend application. This feature is now generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.
An additional configuration may be needed for Inbound rules if you use Network Security Groups with your application gateway.
Rate-limit rules for Application Gateway Web Application Firewall
Rate-limit custom rules on Azure’s regional Web Application Firewall (WAF) running on Application Gateway are now available. Rate-limiting enables you to detect and block abnormally high levels of traffic destined for your application. By using rate limiting, you can mitigate many types of denial-of-service attacks, protect against clients that have accidentally been misconfigured to send large volumes of requests in a short time period, or control traffic rates to your site from specific geographies.
ExpressRoute Direct and Circuit in different subscriptions
ExpressRoute Direct customers will be able to manage network costs, connect ExpressRoute circuits from multiple subscriptions with one ExpressRoute direct Port resource, and isolate management of ExpressRoute Direct resource from your ExpressRoute circuits.
ExpressRoute Direct gives you the ability to connect directly into the Microsoft global network at peering locations strategically distributed around the world. ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.
This requires an ExpressRoute Direct port and an ExpressRoute Circuit. Previously, ExpressRoute circuits and ExpressRoute Direct resources were created in one subscription, you then could connect their circuit to a Virtual Network resource that is located in a different subscription using an authorization.
With this feature today, you can create the Port and ExpressRoute circuit in different subscriptions redeeming the authorizations to create a circuit.
Resources
- Azure ExpressRoute Overview: Connect over a private connection
- Azure ExpressRoute: Configure ExpressRoute Direct using the Azure portal
- Connect your on-premises network to the Microsoft global network by using ExpressRoute - Training
General availability: ExpressRoute as a Trusted Service
Express Route is now a Trusted Service in Azure. This means you can store your Media Access Control, or MACsec, secrets (Connectivity Association Key and Connectivity Association Key Name) in an Azure Key Vault with Firewall policies enabled. That way you can restrict public access to Keyvault yet allow Trusted services like ExpressRoute to access secrets, passwords, or keys stored in the Keyvault.
This continues with our push to make it easier for you to securely connect to Azure from your on-premises environment.
Resources
- Trusted Services: Configure Azure Storage firewalls and virtual networks
Azure Virtual Network Manager Security Admin Rule generally available in select regions
With security admin rules & virtual network manager, you can centrally manage and apply security policies across your organization. Security admin rules applied through security configuration. This config can be applied to network groups containing any set of virtual networks in your organization.
Brings greater ability to manage org wide your security posture. Unlike NSGs, sec admin rules will be applied to any virtual network added to a network group w/ a sec configuration applied.
Resources
- Security admin rules in Azure Virtual Network Manager
- How to block network traffic with Azure Virtual Network Manager - Azure portal
- Wired for Hybrid - Deep Dive 3 - Azure Virtual Network Manager
That’s it for this month. Happy Holidays!
Cheers
Pierre
Published Dec 21, 2023
Version 1.0Pierre_Roman
Microsoft
Joined April 21, 2018
ITOps Talk Blog
Follow this blog board to get notified when there's new activity