Wired for Hybrid - What's New in Azure Networking December 2023 edition
Published Dec 21 2023 05:32 AM 4,398 Views
Microsoft

Hello Folks,

 

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.

 

In this blog post, we’ll cover what's new with Azure Networking in December 2023.  In this blog post, we will cover the following announcements and how they can help you.

Enjoy!

 

 

Integration of Azure Monitor Agent support with Connection Monitor

Connection Monitor, a multi-agent monitoring solution, detects network connectivity and performance errors real time with aggregated packet loss and latency, localizes the problematic network component with end-to-end path visibility in unified topology and provides actionable insights to diagnose and troubleshoot the issues, thus reducing the overall Mean Time to Resolve network connectivity issues.

With Azure Monitor Agent, we aim to consolidate multi-monitoring agents into a single agent. This capability addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC enabled on-premises machines, thus eliminating the overhead of management and enablement of multiple monitoring agents. Additionally, Azure Monitor Agent provides enhanced security and performance capabilities, effective cost savings & ease of troubleshooting with simpler management of data collection. With this support, the dependency on soon to be deprecated Log Analytics agent is eliminated, while increasing the coverage for on-premises machines with support for ARC enable endpoints.

 

The highlighted features of this new update are:

  • Connectivity monitoring support for ARC enabled on-premises endpoints as source as well as destination.
  • Simpler management of network monitoring extensions
  • One agent for monitoring Azure and non-Azure Arc endpoints 
  • Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens

The roadmap for the feature includes:

  • Portal support for auto-enablement of Azure Monitor Agent extension
  • Integrated support for enablement of Network Watcher extension with Azure Monitor Agent
  • Extended support across Azure resources beyond VM and VM scale set
  • Enhanced performance metrics with Throughput and Jitter UI support

Using a common port for public and private listeners

The support for configuring the same port number for public and private listeners on your Application Gateway is now generally available.

The provision enables you to easily use a single Application Gateway deployment to serve both internet-facing and internal clients. With this, you don't need to use non-standard ports on listeners or customize the backend application. This feature is now generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.

An additional configuration may be needed for Inbound rules if you use Network Security Groups with your application gateway.

Rate-limit rules for Application Gateway Web Application Firewall

Rate-limit custom rules on Azure’s regional Web Application Firewall (WAF) running on Application Gateway are now available. Rate-limiting enables you to detect and block abnormally high levels of traffic destined for your application. By using rate limiting, you can mitigate many types of denial-of-service attacks, protect against clients that have accidentally been misconfigured to send large volumes of requests in a short time period, or control traffic rates to your site from specific geographies.

ExpressRoute Direct and Circuit in different subscriptions

ExpressRoute Direct customers will be able to manage network costs, connect ExpressRoute circuits from multiple subscriptions with one ExpressRoute direct Port resource, and isolate management of ExpressRoute Direct resource from your ExpressRoute circuits. 

ExpressRoute Direct gives you the ability to connect directly into the Microsoft global network at peering locations strategically distributed around the world. ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.

This requires an ExpressRoute Direct port and an ExpressRoute Circuit.  Previously, ExpressRoute circuits and ExpressRoute Direct resources were created in one subscription, you then could connect their circuit to a Virtual Network resource that is located in a different subscription using an authorization.

With this feature today, you can create the Port and ExpressRoute circuit in different subscriptions redeeming the authorizations to create a circuit.

Resources

General availability: ExpressRoute as a Trusted Service

Express Route is now a Trusted Service in Azure. This means you can store your Media Access Control, or MACsec, secrets (Connectivity Association Key and Connectivity Association Key Name) in an Azure Key Vault with Firewall policies enabled. That way you can restrict public access to Keyvault yet allow Trusted services like ExpressRoute to access secrets, passwords, or keys stored in the Keyvault.

This continues with our push to make it easier for you to securely connect to Azure from your on-premises environment.

Resources

Azure Virtual Network Manager Security Admin Rule generally available in select regions

 

With security admin rules & virtual network manager, you can centrally manage and apply security policies across your organization. Security admin rules applied through security configuration. This config can be applied to network groups containing any set of virtual networks in your organization.

Brings greater ability to manage org wide your security posture. Unlike NSGs, sec admin rules will be applied to any virtual network added to a network group w/ a sec configuration applied.

Resources

 

That’s it for this month.   Happy Holidays!

 

Cheers

 

Pierre

4 Comments
Co-Authors
Version history
Last update:
‎Dec 20 2023 09:32 PM
Updated by: