Blog   |   Security   |   June 12, 2017

Ensuring Secure Connections with Azure VNets

Microsoft Azure makes it easy to visualize and connect your on-premises network to your Azure-based cloud infrastructure, using Virtual Networks (VNets). Think of an Azure VNet as a logical view of your cloud-based network. Naturally, there will be times you will want to connect your on-site servers and systems to that environment. When you do so, you will want to make sure your traffic is encrypted, using a VPN (Virtual Private Network) since your traffic will be traversing over the public internet. Keep in mind that you will be subject to unpredictable bandwidth, since you are using the same network everyone else is using to watch videos, send email, and browse the web. Or, you could establish a private, direct connection independent of the internet, but that can be expensive and time-consuming to establish. This is dubbed an Azure ExpressRoute; Microsoft offers a list of ExpressRoute partners to make the connection.
VNet traffic
The nice part of the Azure VNet approach is that each VNet is isolated and separate from other VNets. You could setup distinct VNets for development, testing, or production, and phase from one to the other during a service’s lifecycle. The IP addressing and routing are all virtualized, thanks to Azure, so you don’t have to get lost in the weeds of IP addresses and internet name resolution. Of course, you are welcome to use your own DNS servers, as well. Just remember to acquire and assign a Public IP address if you want your VNet resources to be accessible to the world.
If your Azure VNets are in the same Azure location, they can communicate with each other at high speed and low latency. This is called Peering. If you use VNet-to-VNet connections—for VNets spread out over different Azure locations—then bandwidth will be limited. Because your traffic will be passing securely over the internet in this case, you should plan ahead when choosing locations for your VNets.
If keeping data secure is a key concern for your organization (as it should!), CloudCheckr offers hundreds of built-in Best Practice Checks to ensure your traffic is encrypted both on the Internet, and at rest.
Schedule a 1-on-1 demo to see how CloudCheckr maintains security and compliance across your entire cloud environment.

Todd Bernhard headshot
About the Author

Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.