Networking - Amir-Ahammed/Microsoft-Cloud-Hybrid-Infrastructure GitHub Wiki
Network Infrastructure Foundations: Remote Access, DMZs, and Virtualization
Modern networks rely on secure remote access, perimeter defense, and virtualization to enable flexible, scalable, and protected IT environments. This section covers core concepts for enterprise infrastructure.
Note: These components fall under Azure Networking (for cloud) and On-Premises Infrastructure (for hybrid setups). Key integrations include:
- Azure Virtual Network (VNet)
- Azure Firewall/Network Security Groups (NSGs)
- Hyper-V/VMware Virtualization
Remote Access
- VPN (Virtual Private Network):
- Encrypted tunnels (e.g., IPSec, SSL VPN) for secure remote connections to corporate networks.
- Azure VPN Gateway: Connects on-premises networks to Azure VNets.
- Remote Desktop Services (RDS): Hosted virtual desktops/apps for remote workers.
- Zero Trust Models: Verify-before-trust access (e.g., Azure AD Conditional Access).
Demilitarized Zone (DMZ)
- Purpose: Isolate public-facing services (e.g., web servers) from internal networks.
- Design:
- Dual Firewalls: Outer firewall filters inbound traffic; inner firewall protects internal networks.
- Azure DMZ: Use Azure Firewall + NSGs to segment subnets.
- Services Hosted: Web servers, proxy servers, mail relays.
Virtualization
- Hypervisors:
- Type 1 (Bare-metal): VMware ESXi, Microsoft Hyper-V, Azure Stack HCI.
- Type 2 (Hosted): VirtualBox, VMware Workstation (for testing).
- Azure Virtual Machines: IaaS VMs with scalable compute/storage.
- Containers: Lightweight virtualization (e.g., Docker, Azure Kubernetes Service).