Azure Networking, User Defined Routes, and Network Virtual Appliances

This video was intended to show User Defined Routes (UDRs) and a few items were added on to demonstrate how they work.  It starts with some Azure Networking Basics and then we review a hub and spoke network.  From there, A Windows Server with Routing and Remote Access Services (RRAS) is configured as a Network Virtual Appliance (NVA) to route traffic between the spokes in the network.  UDRs are configured on the spoke subnets that send inter-spoke traffic to the NVA.  After that, we add a firewall into the network and direct internet traffic to the firewall with a default route in the UDR.

Continue reading “Azure Networking, User Defined Routes, and Network Virtual Appliances”

Azure NAT Gateway

Azure Virtual Machines have access to the internet by default.  We can control the public IP address used for internet access with private IP’s, load balancers, and firewalls.  This video looks at another option, an Azure NAT Gateway.  An Azure NAT Gateway attaches to a subnet and once attached, all VM’s on that subnet use the NAT Gateway for internet access.

Continue reading “Azure NAT Gateway”

Private Endpoints and DNS Part Deux: Azure Private DNS Zones

This is a second video on Azure Private Endpoints and DNS.  Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the zone. However, that option required manually adding hosts to the DNS zone.  This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS.  Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.

Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”

Private Endpoints with Azure Storage File Shares

Azure services are publicly available over the internet by default.  That works for many services, but sometimes we need to limit access to internal networks only.  Private Endpoints provide a local, internal connection to resources in Azure.  It does this by adding a virtual NIC to a subnet.  From there, the NIC gets a private IP address where it can be accessed from the internal network.  This video goes over the configuration options to create a new storage account with an Azure File Share Private Endpoint as well as update an existing storage account with a private endpoint.


Zero to Hero with Azure Virtual Desktop
Hybrid Identity with Windows AD and Azure AD
Private Endpoints and DNS in Azure

Private Endpoints and DNS in Azure

Private Endpoint

Private Endpoints in Azure provide a secure way to access resources over the private, internal network.  But the options for configuring DNS for Private Endpoints is not as straight forward.  This video goes over the options available for DNS with Private Endpoints.  We start by crating a storage account with a Private Endpoint, the review the default DNS configuration.  We look at The WireServer and how it can be used with a Conditional Forwarder as well as using Forward Lookup Zones for name resolution.

Continue reading “Private Endpoints and DNS in Azure”