From the course: Azure Network Engineer Associate (AZ-700) Cert Prep: Design, Implement, and Manage Connectivity Services

The big picture - Azure Tutorial

From the course: Azure Network Engineer Associate (AZ-700) Cert Prep: Design, Implement, and Manage Connectivity Services

Start my 1-month free trial Buy for my team

The big picture

- [Presenter] Maybe you're a pro when it comes to Azure networking, but maybe not yet. Either way, I'd like to talk to you for a moment about the big picture to give you just a quick level set on our course focus here today. We're looking at Domain 2 in the AZ-700 Exam, which is design, implement, and manage connectivity services. And in Domain 2, we're focusing on four primary areas: Design, implement, and manage a site-to-site VPN. Design, implement, and manage a point-to-site VPN. Design, implement, and manage Azure ExpressRoute. And finally, design and implement an Azure Virtual WAN architecture. And out of the gate, I think there are two questions that's important for you to know the answer for. The first, what is the core function of each of these technologies? And how do they work together? So the site-to-site VPN connects an on-premises network to an Azure virtual network over an encrypted VPN tunnel across the public internet. This is useful for hybrid networking scenarios, integrating Azure infrastructure as a service with your existing on-premises infrastructure, what we'd call a hybrid cloud. Then we have the point-to-site VPN, which connects individual devices to an Azure VNet, also across the public internet. This is useful for allowing remote or mobile workers to access backend services hosted in Azure. We see this often in application-developer scenarios. Next up, we have ExpressRoute, which is direct private connectivity between an on-prem infrastructure and Azure services over a private network link facilitated by a connectivity provider. This is useful for workloads requiring high bandwidth, low latency, or regulatory compliance. Because with ExpressRoute, we are avoiding the public internet, providing just that extra level of security and a bit more control over performance. And finally, we have virtual WAN, which optimizes and automates branch-to-branch connectivity through Azure. Virtual WAN is useful for connecting multiple branch locations to Azure infrastructure and services with centralized route management. Now, can these technologies be used together? I expect you know the answer is yes. So let's talk for a moment about how these technologies are better together. Because together, they enable both locally-based and cloud-based workloads and services to be networked across the organization's extended infrastructure. So whether you are a purely public cloud company or a hybrid cloud company with your own data center, we can use these technologies together to great effect. So site-to-site VPNs can connect individual branch locations into the virtual WAN hub over encrypted tunnels across the public internet, providing that secure hybrid connectivity. ExpressRoute gives us direct private connections that can also be terminated on the virtual WAN hub, facilitating private linkage between our on-premises sites and Azure via a connectivity provider, again, avoiding the public internet. And the virtual WAN, in this case, acts as a networking hub, enabling you to connect branch locations to Azure infrastructure and services using your preferred methodology, giving us centralized connectivity and route management, whether we're leveraging site-to-site VPNs, ExpressRoute, or even both, because some sites will be well-suited to ExpressRoute and others more appropriate for the site-to-site VPN. So whether you're relatively new to Azure networking or you're a pro, now you know. Let's get into the details.

Contents