• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
How to use Microsoft Sysmon, Azure Sentinel to log security events

How Can I Connect 2 Azure Virtual Networks?

January 15, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 4, 2021
8×8 makes raft of updates to platform

BitDam ATP+ protects Office 365 users from unknown threats

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Cloud Network Engineer – Associate – ATL

March 3, 2021
Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

March 3, 2021
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, March 7, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Microsoft To Build New Azure Cloud Data Centers In Greece

    Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft makes passwordless push in Azure Active Directory

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

    8×8 makes raft of updates to platform

    BitDam ATP+ protects Office 365 users from unknown threats

    Microsoft Outlines How To Set Up Windows Virtual Desktop

    What’s New in Tufin Orchestration Suite 21-1

    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Microsoft Power BI Premium Per User pricing is a game changer

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Cloud Network Engineer – Associate – ATL

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Tech Mobile

How Can I Connect 2 Azure Virtual Networks?

by AZURE SECURITY NEWS EDITOR
January 15, 2021
in Mobile
0
How to use Microsoft Sysmon, Azure Sentinel to log security events
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

In this post I will show you how to connect two Azure virtual networks (VNets) together, extending one to another, therefore enabling you to route from virtual machines on one VNet to virtual machines that are connect to another VNet, whether they are in the same region or in different regions.

Design Considerations

Not all Azure deployments are simple; there can be reasons to deploy Azure solutions into different VNets. A virtual network is isolated from all other virtual networks by default, therefore making it a security boundary. So maybe a customer will decide the segregate applications, not with softer network security groups (NSGs), but with the harder wall provided by a VNet.

A VNet cannot span across Azure regions. So if a business needs to deploy an application across multiple regions for disaster recovery or scale-out reasons, then they must deploy one VNet per region.

Many mid-large customers have non-technical issues to deal with. Maybe different divisions have different IT budgets, and they each get their own Azure subscriptions, each with different spending caps and billing/invoice details. Or maybe company politics are at play; Mary & Bob just don’t get along, so they each instruct their departments to use their own Azure subscriptions. A VNet cannot span a subscription, so any deployments within those subscriptions will be isolated by default.

A time will come when virtual machines in different VNets must be connected. Maybe Mary and Bob or those different divisions must share data? Maybe the database servers in different regions need to replicate? Or maybe the secure applications need to share resources, such as a VPN/ExpressRoute gateway?

There are many reasons to split virtual machine deployments across different VNets, but there probably will come a time when they need to be connected. And this is why I always advise customers to treat each new VNet as a new branch office on a WAN; even if you don’t connect that VNet to the rest of the network today, you probably will tomorrow, even in the smallest of deployments. There are two pieces of advice that I share when planning a single VNet or multiple VNets:

  • Every VNet should have a unique network address: Make sure that you use a unique network address for each VNet in Azure, and make sure that there is no overlap with the on-premises networks, either. If the customer is using 10.0.0.0 for on-premises networks, then use 172.16.0.0 in Azure, or vice versa. The customer might not want to have a site-to-site network connection from their LAN to Azure today but things change. And the customer might have no plans to connect two VNets today, but that might change, too. You cannot connect two networks if they use overlapping address ranges; there is no NAT for secure network connections in Azure. Don’t paint yourself into a corner!
  • Don’t waste IP addresses: Don’t be the idiot that creates a 10.0.0.0/8 VNet with a single virtual network of 10.0.0.0/8; this will waste more than 16 million IP addresses on a single subnet and waste the entire 10.0.0.0 range on a single VNet. You might need to add subnets (for site-to-site networking or for different NSG security boundaries) and you might want more than one VNet at a later point (it happens).

There are three ways that you can connect applications in two different Azure VNets:

  • Route via the Internet
  • VNet peering
  • Site-to-site VPN

Route via the Internet

This is the least secure option of the three that I am presenting in this post. Each VNet will use the Azure load balancer to share services from one (NAT rules) or more (load balancing rules) virtual machines to the Internet. DNS records will map a name to the public IP address of the load balancer, and virtual machines from other VNets can access these services via the Internet. You can wrap the application traffic using SSL (and optionally offload SSL using the Application Gateway) for some level of security.

The benefits of this solution are:

  • It’s pretty simple.
  • The virtual networks are isolated from each other.

There are some downsides:

  • This is not a private connection; HTTPS traffic might be suitable for this style of connection, but other traffic (e.g., file services, Active Directory) cannot be route in this means. And even if they could; would you want to?
  • You have restricted the amount of infrastructure and application integration that can be achieved.
  • Virtual machines cannot share data at their full NIC potential.

There is a cost with this solution; any data sent over the Internet (from one VNet to another) will be subject to outbound data transfer charges (a small charge).

VNet Peering

The ability to peer virtual networks is relatively new, and only became generally available at the Microsoft Ignite 2016 conference in September. Peering is a very simple way to just plug two VNets into each other. Once you peer two VNets, virtual machines in those two VNets (even in different subscriptions if you have shared admin rights) can route to each other over the Azure backbone, secure from all other traffic, and probably encapsulated using NVGRE – the protocol that Azure uses for software-defined networking (virtual network isolation) on the physical fabric.

VNet peering allows you to create some interesting designs. For example, you can create a hub-and-spoke, where one VNet uses a gateway to connect to on-premises networks using either a VPN or ExpressRoute; this is the hub VNet. Other VNets (spokes) will connect to the hub using VNet peering, and you can enable them to route via the hub’s gateway; this means that all of your VNets can route to on-premises networks via a single gateway, which results in a simpler site-to-site networking design and reduced gateway charges.

A hub and spoke VNet design using Azure VNet peering [Image Credit: Microsoft]
A hub and spoke VNet design using Azure VNet peering [Image Credit: Microsoft]

You can still retain levels of isolation using NSGs; while this might not be a default security tool, the rules of an NSG are still hard, under your total control, and can be monitored using logs and the Azure Security Center.

There are lots of benefits to VNet peering:

  • It is relatively simple to set up — just create a connection in each direction.
  • Cross-VNet traffic is secure, as if it never left the VNet.
  • You can get deep infrastructure and application integration.
  • Virtual machines can communicate across the peering at the speed of their full NIC potential.

On the negative side:

  • VNet peering cannot be used between VNets in different regions.
  • There must be shared administration between the subscriptions of both VNets.
  • At least one of the peering pair VNets must be deployed using Azure Resource Manager (ARM).

There is a micro-charge for data transfer between peered VNets (inbound and outbound). It is a tiny charge, and probably won’t be a deal breaker for anyone.

VNet-to-VNet VPN

This is the option that was used the most in the past. Quite honestly, past iterations of this solution were very difficult for newcomers to understand. Fortunately, Microsoft recently updated the Azure Portal and made configuring this solution fairly easy to get going.

The concept of a VNet-to-VNet VPN is that you create a gateway in each VNet and create a secure tunnel between each VNet. The technology is well known and trusted: VPN. This encrypted tunnel will allow virtual machines in each VNet to talk to each other.

An Azure VNet-to-VNet VPN [Image Credit: Microsoft]
An Azure VNet-to-VNet VPN [Image Credit: Microsoft]

By default, there are no restrictions on what traffic can flow between the two connected VNets, but you can use NSGs to enforce security policies.

The solution has some benefits:

  • VPN is well known and trusted.
  • You can connect VNets in different Azure regions and subscriptions.
  • You do not need shared administration credentials when dealing with different subscriptions, but there must be some cooperation between the administrators.

On the negative side:

  • Communications between the VNets will be limited by the VPN speed of the gateway, which is relatively slow compared to a 1 Gbps NIC.
  • You must deploy a gateway in each VNet which incurs more charges (fairly small and predictable)
  • You can get a good amount of infrastructure and application integration, but it’s not as good as VNet peering.
  • You must use a dynamic/route-based gateway, which would be an issue if you have older on-premises VPN devices that only support static/rule-based VPN connections. Your Azure requirements might force you into replacing your on-premises firewalls if you need VNet-to-VNet VPN and site-to-site VPN connections. Make sure to put pressure on your firewall’s manufacturer!

There are two charges to consider. First there is the gateway, which can be a fairly small charge per month. Data transfer within the same region is free, but traffic moving over the VPN between regions incurs outbound data transfer charges.

My Recommendation

I would use the following ordering when choosing a solution:

  1. VNet peering
  2. VNet-to-VNet VPN
  3. Internet-based routing

My preference would be for simple, fast, and deep integration. But if there are some conflicts, such as the VNets been in different regions, then I have no choice but to go for VNet-to-VNet peering. I have yet to encounter a scenario in which a design has been forced to go to with Internet-based routing, but that might happen one day, and the option is there.

Reference: https://petri.com/can-connect-2-azure-virtual-networks

Share196Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

by AZURE SECURITY NEWS EDITOR
March 4, 2021
0

At Ignite 2021 conference, Microsoft yesterday announced that Power BI Premium Per User will be available on April 2, 2021,...

How to use Microsoft Sysmon, Azure Sentinel to log security events

Cloud Network Engineer – Associate – ATL

by AZURE SECURITY NEWS EDITOR
March 3, 2021
0

BlackRock is one of the world's preeminent asset management firms and an outstanding provider of global investment management, risk management...

Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

Mindware, one of the leading Value Added Distributors (VADs) in the Middle East and Africa, today announced that it has...

Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Enterprise Key Management Solution Market report covers the study of all the crucial aspects of the market. The report consists...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In