Showing posts with label Firewall. Show all posts
Showing posts with label Firewall. Show all posts

Cloud Based Virtual Networks



While discussing the implementation of cloud infrastructure we touched on the base of core infrastructure that will need to be provisioned in the cloud in order to begin your migration or greenfield cloud deployment. The core infrastructure required is cloud storage, compute resource and virtual networks. Today we will be going into virtual networks in more depth.

Virtual Networks

As previously discussed virtual networks are absolutely vital to understand in order to correctly provision and deploy cloud resources. These virtual networks are used to connect, segment and link your cloud based resources as well as on premises networks.

Virtual network segmentation is completed with the use of subnets. These subnets are used to seperate various cloud based networks using different IP ranges. These are seperate networks that can be used for different functions, for example the front end and back end tier of an application.

Another aspect to understand is the use of firewalls within these virtual networks. Traditionally a firewall is used on premises between the internal network and external network (internet). In cloud services a firewall is used in the same way but also internally, so you are able to secure internal as well as external networks and applications.

As mentioned above another incredibly important aspect of cloud based virtual networks is the ability to connect to your on premises environment. This is valuable in order to build and architect hybrid cloud solutions. This can be achieved by using direct ISP based links that bypass the public internet to keep things internally secure and fast or via VPN tunnels.

These VPN tunnels are encrypted but do run over the public internet so may not be as secure as your policies allow. Also, you may need a higher speed redundant link.

Cloud Platforms

There are some differences between the different cloud providers but basically cloud based virtual networks are quite similar and perform reasonably the same function. In Azure you get Virtual Networks which are the base of your cloud based network infrastructure and in Google Cloud Platform you get Virtual Private Cloud Networks (VPC's) both offer a few different features so its always important to read the relevant documentation and use a trial account to test for your specific requirements. 


To  sum up though you need to brush up on your general network skills (get out the Network+ manual) before planning your cloud based networks and I highly recommend some courses in the cloud platform you are looking into going with. There are literally loads of in depth free video courses available on any platform to learn the necessary skills.

Training

Please see below Coursera GCP and Pluralsight Azure on demand courses:

https://www.coursera.org/specializations/gcp-architecture

https://www.pluralsight.com/courses/planning-designing-microsoft-azure-network-solutions?twoid=e7d045ab-0691-4def-896a-8db6cb74790b&aid=7010a000001xDURAA2