Implement Virtual Networks

  • 4/10/2018

Thought experiment

In this thought experiment, apply what you have learned about virtual networks in this chapter. You can find answers to these questions in the Answers section at the end of this chapter.

Your management team has named you as the lead architect to implement the first cloud deployment in Contoso’s history. There is a new web based application that runs on IIS Server using a SQL database that they want implemented in Azure.

During a meeting with the application vendor and your manager, you have gained a better understanding of the implementation needs and Contoso’s requirements. The application must run on Azure VMs and the SQL server needs to be implemented as an Always on Availability Group cluster. The vendor has told you that the application supports multiple web front ends for high-availability. Your manager has mentioned multiple times how important security is given this is the first cloud installation. During the conversation, she made it clear that the Azure implementation should be secured using a multi-layered approach using firewall rules, and that it must be deployed using a web application firewall (WAF).

At the end of the meeting your manager also mentioned that as a part of this project you should implement a permanent low latency connection between your primary datacenter and Azure, as there are many follow-on projects after this one. It is also important to have all servers be able to communicate using their host names and not IP addresses as well because it must support authentications to your Active Directory domain controllers. The onsite network is a class A 10.0.0.0/16 Network, but you do have access to 8 class C public addresses provided by your network service provider and registered in your company’s name with the ARIN.

  1. Given that the solution required VMs, the configuration will require a VNet. What should you consider with respect to the address space of the VNet? What address space will you use? Also, what subnets should you create to support the requirements? What are the CIDR ranges for these subnets?

  2. Where would each tier of the application be deployed using the subnets that you have defined? How will you secure these subnets and VMs?

  3. What type of connection will be created between your on-premises datacenter and Azure? How will DNS Services be implemented?

  4. What is the basic architecture for the application?