Cross Solution Network Architectures

This is a repo of cross solution network connectivity designs with Azure PaaS services, Azure Kubernetes Services(AKS) and on-premise connectivity. These designs are based on real world experiences working with partners,customers and cross solution Cloud Solution Architects (CSAs) in various Azure Design Sessions (ADS). This repo will contain downloadable artifacts including bicep automated deployments, architecture diagrams, postman collections and tools to test applications for various designs. Learn about tools of trades from various Subject Matter Expert (SME) CSAs to validate designs,connectivity, view application and traffic flows.

Design Areas

Advanced Linux Networking

• VXLAN with two linux hosts (As good as it gets!)
• Linux bridge
• Linux namespaces
• Linux firewall with iptables
• Future topics (coming soon)
• Bicep automated deployment

Azure Kubernetes Services (AKS) Networking Series

• Download Multi-tab Visio and PDF
• Docker Networking
  • Single Host
  • Multi Host
  • Bicep automated deployment
• AKS Cluster
  • Basic/Kubenet Networking
  • Advanced/Azure CNI Networking
  • AKS Private Cluster
  • Bicep automated deployment
• Ingress and Egress Control
  • AKS Private Cluster with Azure Front Door
  • AKS Application Gateway Ingress Controller (AGIC)
  • Nginx Ingress controller
  • AKS Egress with Azure firewall/NVA
• Design Extras
  • AKS Multiple Nodepool Design
  • Future topics (coming soon)

Azure Database Services

• Download Multi-tab Visio and PDF
• Azure Data Factory (ADF)
  • AutoResolve Azure Default Integration Runtime
  • Azure Managed VNET Integration Runtime and Private Endpoints
  • Self hosted Integration Runtime (IR) In Azure
  • Self hosted Integration Runtime (IR) On Premises
  • The big picture with different types of IR
• SQL Managed Instance
  • Single Region
  • Multi region with Replication - DR Scenario
  • Database failover with application connectivity
• Azure SQL Database (PaaS Service)
• Azure Synapse
• OSS databases - mysql and postgres

Azure API Management(APIM) Networking Series

• APIM Big Picture view
• Default mode
• External network mode
• Internal network mode
• Internal network mode with Azure Application Gateway
• Internal network mode with AKS Backend API
• APIM with Azure firewall/NVA
• APIM Identity - AAD and B2C Integration
• APIM Multi-region Architecture
• Self hosted gateway
• LetsEncrypt Certificates and APIM Custom Domain
• Azure Private DNS Zones integration
• Network Troubleshooting
• Download Postman Collection
• Download Multi-tab Visio and PDF of all APIM Networking Architectures

Azure App-service Networking

• Private Endpoint Integration
• Service Endpoint
• VNET Integration
• NAT Gateway Integration
• Azure Private DNS Zone Planning
• APP Services with Custom Domain and Private Endpoints
• Azure App-Service with firewall for outbound traffic filtering

DevOps and Automation

• Automated deployments architecture
• Azure DevOps CI/CD pipelines
• GitOps for Application deployment
• CI/CD pipelines using Github Actions

Tools of Trade (Work in progress)

0. VSCode Extentions

1. Database

   • SQl Server Management Studio (SSMS)
   • Azure Data Management Studio

2. Networking

   • Microsoft Whiteboard
   • Linux Networking
   • Wireshark/tcpdump
   • dig
   • hping, tcptraceroute

3. Application

   • python
   • html
   • node.js
   • mysql

4. DevOps

   • github
   • Azure DevOps (ADO) project boards
   • Visual Studio Code (vscode)
   • Postman

Build Sample Applications (Work in progress)

1. Simple CRUD API Application
2. Simple http server
3. Simple 3-tier application for AKS

Contributors

Special thank you to my colleagues

• Shaun Croucher
• David O'Keefe
• Xavier Elizondo
• Heather Tze
• Daniel Mauser
• Sowmyan Soman Chullikkattil
• Mike Richter
• Sumit Sengupta
• Mike Shelton
• Tommy Falgout
• Devanshi Joshi

Acknowledgments