How to Use Azure DNS Private Resolver and Outbound Endpoints

Azure DNS

This video goes over how to use an Azure DNS Private Resolver and Outbound Endpoints with Azure DNS Forwarding Rulesets.  These two services allow us to resolve on-premises host names from Azure clients.  We no longer need to deploy DNS servers in Azure to bridge on-premises and Windows DNS with Azure DNS.  We can leverage the Azure DNS Private Resolver PaaS service to handle DNS lookups for Azure.

Continue reading “How to Use Azure DNS Private Resolver and Outbound Endpoints”

How to Use Azure DNS Private Resolver and Inbound Endpoints

Azure DNS Reslover

This video goes over how to use an Azure DNS Private Resolver and Inbound Endpoints with Azure Private DNS zones.  These two services allow us to resolve private endpoints from an on-premises server.  We no longer need to deploy DNS servers in Azure to bridge on-premises and Windows DNS with Azure DNS.  We can leverage the Azure DNS Private Resolver PaaS service to handle DNS lookups for Azure.

Continue reading “How to Use Azure DNS Private Resolver and Inbound Endpoints”

Getting Started with Azure Internal Load Balancers

Load balancers provide performance and high availability for applications and services.  In this video, we review Azure internal load balancers including features of each SKU, or type of load balancer, load balancing algorithm and distribution modes and health probes.  Then we walk through steps to deploy an internal load balancer in Azure.

Continue reading “Getting Started with Azure Internal Load Balancers”

What you need to know about Azure Network Security Groups and Application Security Groups

This video covers what you need to know about Azure Network Security Groups and Application Security Groups.  I started with the idea of a quick video on Network Security groups.  Things snowballed from there, and it ended up being a comprehensive review of Network Security Groups (NSG) and application Security Groups (ASG).  I also added some bonus content on verifying IP flow with Network Watcher.  This video is intended as an introduction to NSG’s.  However, stick around even if you’ve used NSG’s for a while.  There may be some new information here for you.

Continue reading “What you need to know about Azure Network Security Groups and Application Security Groups”

Azure Hub and Spoke Virtual Network (VNet) with a VPN Gateway

In this video, we create a hub and spoke network in Azure by peering our spoke VNet’s to a centralized, Hub Virtual Network.  Then we use a VPN Virtual Network Gateway to enable gateway transit connectivity between the spokes.  Next, we configure routing with Azure Route Tables and User Defined Routes (UDR) to send traffic going to other spokes to the hub.  Then we log into a virtual machine and verify connectivity.

Continue reading “Azure Hub and Spoke Virtual Network (VNet) with a VPN Gateway”

Private Endpoints and DNS Part Deux: Azure Private DNS Zones

This is a second video on Azure Private Endpoints and DNS.  Previously, we reviewed options for DNS name resolution with Private Endpoint that included a forward lookup zone for the privatelink.file.windows.core.net zone. However, that option required manually adding hosts to the DNS zone.  This video reviews a hub-and-spoke configuration leveraging a forwarder server in Azure and conditional forwarding in Windows DNS.  Although slightly more complicated, this option does not require manually adding hosts to the DNS lookup zone.

Continue reading “Private Endpoints and DNS Part Deux: Azure Private DNS Zones”

Private Endpoints with Azure Storage File Shares

Azure services are publicly available over the internet by default.  That works for many services, but sometimes we need to limit access to internal networks only.  Private Endpoints provide a local, internal connection to resources in Azure.  It does this by adding a virtual NIC to a subnet.  From there, the NIC gets a private IP address where it can be accessed from the internal network.  This video goes over the configuration options to create a new storage account with an Azure File Share Private Endpoint as well as update an existing storage account with a private endpoint.

Links

Zero to Hero with Azure Virtual Desktop
Hybrid Identity with Windows AD and Azure AD
Private Endpoints and DNS in Azure

Private Endpoints and DNS in Azure

Private Endpoint

Private Endpoints in Azure provide a secure way to access resources over the private, internal network.  But the options for configuring DNS for Private Endpoints is not as straight forward.  This video goes over the options available for DNS with Private Endpoints.  We start by crating a storage account with a Private Endpoint, the review the default DNS configuration.  We look at The WireServer and how it can be used with a Conditional Forwarder as well as using Forward Lookup Zones for name resolution.

Continue reading “Private Endpoints and DNS in Azure”