Azure Network Security Demo Lab Environment with new updates. v2.1
Announcing our new Network Security Demo lab environment. This blog post provides information about the updated demo lab environment version 2.1 in our Github Repository. You can learn the new features and POC scenarios you can now set out to validate. This lab environment contains the recently GA Azure Firewall premium with Firewall Manager and Azure Frontdoor Premium.Improve your Azure Network Infrastructure Security with Complementary Services
For a while now, it’s been clear that securing only your network’s perimeter is simply not enough. The idea that we can inherently trust systems or users in “internal networks” is a recipe for disaster. Not to mention, it’s likely that many of your systems and users are not even in an internal network anymore.Azure Cloud Shell ile Azure Bastion Kurulumu ve Yapılandırması (tr-TR)
Uygulama Kurulum ve yapılandırma için ayrılan zamanları kısaltmak ve operasyonel süreçlere daha fazla vakit ayırmak için her zaman önceliğim olmuştur. Komutlar yada scriptlerle işlem süreçlerini kısaltabilir zaman kazanabilirsiniz. Zaman bizim gibi sistem yönetenler için çok kıymetlidir. Bu yüzden bugün de sizler için Azure Cloud Shell ile Azure Bastion kurulumu ve yapılandırmasını anlatıyor olacağım. Azure Cloud Shell'i başlatınız. Azure Cloud Shell üzerinden PowerShell modülüne geçiş yapınız ve aşağıdaki komutları kullanarak Bastion kurulum ve yapılandırmasını gerçekleştirebilirsiniz. Önemli olan Azure Bastion kurarken Azure Bastion için özel bir subnet ihtiyacınız olması ve bu networkun en az /27 olması gerekmektedir. ikinic altın kural ise VMleriniz ve Azure Bastion aynı lokasyon ve network içinde olması gerekmektedir. Ben aşağıdaki scriptimde önce sizeler için bir resource group oluşturacağım. ikinci olarak local network ve bu networklar için kullanılmak üzere subnetler oluşturup, son olarak da Azure BAstion kurulumu yaparak işlemi tamamlıyor olacağım. New-AzResourceGroup -Name PSAzureBootCampRG -Location westus $gatewaysubnet = New-AzVirtualNetworkSubnetConfig -Name PSGatewaySubnet -AddressPrefix "10.172.100.0/27" $virtualNetwork = New-AzVirtualNetwork -Name PSAzureBCVnet -ResourceGroupName PSAzureBootCampRG -Location westus -AddressPrefix "10.172.100.0/24" -Subnet $gatewaysubnet Add-AzVirtualNetworkSubnetConfig -Name PSAzureFirewallSubnet -VirtualNetwork $virtualNetwork -AddressPrefix "10.172.100.32/27" Add-AzVirtualNetworkSubnetConfig -Name AzureBastionSubnet -VirtualNetwork $virtualNetwork -AddressPrefix "10.172.100.64/27" Add-AzVirtualNetworkSubnetConfig -Name PSDMZSubnet -VirtualNetwork $virtualNetwork -AddressPrefix "10.172.100.96/27" $virtualNetwork | Set-AzVirtualNetwork $publicip = New-AzPublicIpAddress -ResourceGroupName "PSAzureBootCampRG" -name "PSAzureBastionIP" -location "westus" -AllocationMethod Static -Sku Standard $bastion = New-AzBastion -ResourceGroupName "PSAzureBootCampRG" -Name "PSBastion" -PublicIpAddress $publicip -VirtualNetworkName PSAzureBCVnet Komutu kendinize göre özelleştirebilir ve geliştirebilirsiniz. Kolay ve hızlı bir şekilde azure bastion kurulumunu kodun tamamını kopyala yapıştır yöntemi ile tamamlayabilirsiniz. Önemli Bilgi : Sanal suncularınzın, Azure Bastion ile aynı sanal ağ içinde olduğundan emin olun. Ben vmlere tanımlamak üzere PSDMZSubnet oluşturuyorum. AzureBastionSubnet olarak da en az ikinic bir subnet oluşturuyoruyum. Sanal sunucularınız için ikinci bir network oluşturup PSDMZSubnet bu subnet üzerinde konumlandırırsanız sorunsuz bir şekilde Azure Bastion kullanımını gerçekleştirebilirsiniz.Azure Bastion ön incelemesi (tr-TR)
Azure sanal netwokunuzda bulunan VMlerinize Browser üzerinden erişim sağlamanız için kullanılan PaaS dir. Bastion , azure sanal netwokunuzda bulunan VMlere güvenli RDP ve SSH bağlantısı sağlamak için tercih edilebilir. Azure Bastion, VMlerinizi RDP/SSH portlarını dünyaya açık bir şekilde bırakmaktan korurken güvenli erişiminizi sağlar. Azure Bastion ile VMlerinize doğrudan Azure portalından browser arayüzü yeni sekmede yada mevcut pencere ile bağlanırsınız. Azure Bastion kullanımı ve ücretlendirmesi, abonelik, hesap veya VM başına değildir. Sanal network başınadır. Sanal netwokunuzda bir Azure Bastion Subneti sağladıktan sonra, Bastion deneyimi resources altında bulunan tüm Sanal makinalarınız tarafından güvenle kullanılabilir. Azure Bastion ile ile RDP/SSH bağlantısı için internete açık bir port olmasına gerek yoktur. Aynı sanal ağınız içerisinde bulunan azure bastion subnetiniz sayesinde varsayılan RDP/SSH portları 3389/22 üzerinden bağlantı sağlar ve html5 tabanlı tarayıcınız üzerinden sunucunuza güvenli erişim imkanı sağlar. Azure bastion erişimi için öncelikle bastions kurulumu için sanal ağınız üzerinde yapılandırmanızı tamamlamanız ve bastion kurulumunu bitirdikten sonra bations servisini kullanabilirsiniz. Azure Bastion, azure’un güvenli RDP/SSH bağlantısı sağlamak için azure portalı içinde bulunan sanal makinalarınızın erişim hizmeti olarak servis ettiği yönetilen bir platform PaaS hizmetidir. Tek bir tıklama ile bastions deneyimini kullanarak doğrudan azure portalından RDP veya SSH oturumuna ulaşabilirsiniz. Azure sanal makinalarınızda public IP gerekmez, Azure Bastion, sanal makinalarınıza private IP kullanarak RDP/SSH bağlantısını açar. NSGler üzerinden SSH/RDP için kural yapılandırmanıza ihtiyaç yoktur. Tüm erişimi yapısını azure portalı içinde oluşturduğunuz sanal ağınız üzerindeki private IP üzerinden SSH/RDP portlarına güvenli bağlantı sağlayarak tamamlar. Güvenlik açıklarına karşı koruyun, Azure Bastion tamamen platform tarafından yönetilen bir PaaS hizmeti bu sebeple Sanal ağınızın içerisinde yer aldığı için, sanal ağınızdaki sanal makinelerin her biri için endişelenmenize gerek yoktur. Azure platformu, Azure bastion servisini her zaman sizin için güncel tutarak güvenlik açıklarına karşı koruma da sunar. Azure Basiton servisine HTML5 desteği olan tüm tarayıcılar tarafından erişim sağlayabilirsiniz.Azure Networking Portfolio Consolidation
Overview Over the past decade, Azure Networking has expanded rapidly, bringing incredible tools and capabilities to help customers build, connect, and secure their cloud infrastructure. But we've also heard strong feedback: with over 40 different products, it hasn't always been easy to navigate and find the right solution. The complexity often led to confusion, slower onboarding, and missed capabilities. That's why we're excited to introduce a more focused, streamlined, and intuitive experience across Azure.com, the Azure portal, and our documentation pivoting around four core networking scenarios: Network foundations: Network foundations provide the core connectivity for your resources, using Virtual Network, Private Link, and DNS to build the foundation for your Azure network. Try it with this link: Network foundations Hybrid connectivity: Hybrid connectivity securely connects on-premises, private, and public cloud environments, enabling seamless integration, global availability, and end-to-end visibility, presenting major opportunities as organizations advance their cloud transformation. Try it with this link: Hybrid connectivity Load balancing and content delivery: Load balancing and content delivery helps you choose the right option to ensure your applications are fast, reliable, and tailored to your business needs. Try it with this link: Load balancing and content delivery Network security: Securing your environment is just as essential as building and connecting it. The Network Security hub brings together Azure Firewall, DDoS Protection, and Web Application Firewall (WAF) to provide a centralized, unified approach to cloud protection. With unified controls, it helps you manage security more efficiently and strengthen your security posture. Try it with this link: Network security This new structure makes it easier to discover the right networking services and get started with just a few clicks so you can focus more on building, and less on searching. What you’ll notice: Clearer starting points: Azure Networking is now organized around four core scenarios and twelve essential services, reflecting the most common customer needs. Additional services are presented within the context of these scenarios, helping you stay focused and find the right solution without feeling overwhelmed. Simplified choices: We’ve merged overlapping or closely related services to reduce redundancy. That means fewer, more meaningful options that are easier to evaluate and act on. Sunsetting outdated services: To reduce clutter and improve clarity, we’re sunsetting underused offerings such as white-label CDN services and China CDN. These capabilities have been rolled into newer, more robust services, so you can focus on what’s current and supported. What this means for you Faster decision-making: With clearer guidance and fewer overlapping products, it's easier to discover what you need and move forward confidently. More productive sales conversations: With this simplified approach, you’ll get more focused recommendations and less confusion among sellers. Better product experience: This update makes the Azure Networking portfolio more cohesive and consistent, helping you get started quickly, stay aligned with best practices, and unlock more value from day one. The portfolio consolidation initiative is a strategic effort to simplify and enhance the Azure Networking portfolio, ensuring better alignment with customer needs and industry best practices. By focusing on top-line services, combining related products, and retiring outdated offerings, Azure Networking aims to provide a more cohesive and efficient product experience. Azure.com Before: Our original Solution page on Azure.com was disorganized and static, displaying a small portion of services in no discernable order. After: The revised solution page is now dynamic, allowing customers to click deeper into each networking and network security category, displaying the top line services, simplifying the customer experience. Azure Portal Before: With over 40 networking services available, we know it can feel overwhelming to figure out what’s right for you and where to get started. After: To make it easier, we've introduced four streamlined networking hubs each built around a specific scenario to help you quickly identify the services that match your needs. Each offers an overview to set the stage, key services to help you get started, guidance to support decision-making, and a streamlined left-hand navigation for easy access to all services and features. Documentation For documentation, we looked at our current assets as well as created new assets that aligned with the changes in the portal experience. Like Azure.com, we found the old experiences were disorganized and not well aligned. We updated our assets to focus on our top-line networking services, and to call out the pillars. Our belief is these changes will allow our customers to more easily find the relevant and important information they need for their Azure infrastructure. Azure Network Hub Before the updates, we had a hub page organized around different categories and not well laid out. In the updated hub page, we provided relevant links for top-line services within all of the Azure networking scenarios, as well as a section linking to each scenario's hub page. Scenario Hub pages We added scenario hub pages for each of the scenarios. This provides our customers with a central hub for information about the top-line services for each scenario and how to get started. Also, we included common scenarios and use cases for each scenario, along with references for deeper learning across the Azure Architecture Center, Well Architected Framework, and Cloud Adoption Framework libraries. Scenario Overview articles We created new overview articles for each scenario. These articles were designed to provide customers with an introduction to the services included in each scenario, guidance on choosing the right solutions, and an introduction to the new portal experience. Here's the Load balancing and content delivery overview: Documentation links Azure Networking hub page: Azure networking documentation | Microsoft Learn Scenario Hub pages: Azure load balancing and content delivery | Microsoft Learn Azure network foundation documentation | Microsoft Learn Azure hybrid connectivity documentation | Microsoft Learn Azure network security documentation | Microsoft Learn Scenario Overview pages What is load balancing and content delivery? | Microsoft Learn Azure Network Foundation Services Overview | Microsoft Learn What is hybrid connectivity? | Microsoft Learn What is Azure network security? | Microsoft Lea Improving user experience is a journey and in coming months we plan to do more on this. Watch out for more blogs over the next few months for further improvements.Connect to your on-prem server from anywhere!
Hello Folks, A few weeks ago, I wrote about upgrading my local network edge device with one capable of connecting to my Azure virtual network using a site-to-site VPN. I also mentioned that I would cover many other services and capabilities that this site-to-site VPN configuration enables for hybrid work and management. This week I’m covering the ability to connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address over RDP and SSH. Over the years I have seen and heard many ITPros struggles to figure out a way to deploy and maintain a VPN infrastructure that would allow them to access the servers in their remote environments easily and cheaply without having to mess around with routing and remote access roles or port forwarding. And without having to manage VPN clients on their PC.Using Azure Bastion via through vWAN Virtual Hub
I have a feedback about Azure Bastion. I am using the ability to use Azure Bastion with multiple virtual networks via vNET Peering. I would like to extend this feature to use it via a Virtual WAN hub. However, the current Azure Bastion does not seem to detect peering through a virtual hub. I hope Azure Bastion to be able to connect to VM hosts on different virtual networks via a virtual hub.
