Inetwork topology6/23/2023 Configuration of these is done on a resource by resource basis, but the supported resources are listed below:įunction Apps and Logic Apps support custom domains, when hosted by an App Service Plan or App Service Environment. Most AIS services allow customers to use their own DNS names for public endpoints, either using their own DNS servers, or via the Azure DNS offering. For example, you can designate a subnet to app service plans so that you can add additional apps over time.Īzure VPN Gateway can connect overlapping, on-premises sites with overlapping IP address spaces through its network address translation (NAT) capability. You can designate a given subnet t0 a given service to create instances of that service within the subnet. Some AIS services require dedicated subnets The following design considerations should be taken into account when planning your IP addressing: The following architecture diagram shows the reference architecture for an AIS enterprise deployment:Įnterprise deployments of AIS should include the use of Private Endpoints and Virtual Networks. Requires full control of the configuration or requires manual custom configuration of your Azure network. Has few remote or branch locations per region and needs fewer than 30 IP security (IPsec) tunnels. Plans to deploy resources in only select Azure regions.ĭoesn't need a global, interconnected network. Use a traditional Azure network topology based around a hub-and-spoke architecture if your organization: Microsoft manages this service, which helps reduce overall network complexity and modernizes your organization's network. Organizations use Virtual WAN to meet large-scale interconnectivity requirements. You require transitive routing between VPN and ExpressRoute, such as remote branches connected via Site-to-Site VPN or remote users connected via Point-to-Site VPN, require connectivity to an ExpressRoute connected DC, via Azure. Needs to integrate a large-scale branch network directly into Azure, either via a software-defined WAN (SD-WAN) deployment or requires more than 30 branch sites for native IPsec termination. Plans to deploy resources across several Azure regions and requires global connectivity between VNets in these Azure regions and multiple on-premises locations. Use a network topology based on Virtual WAN if your organization: The network topology and connectivity considerations for this architecture depend on the requirements of the workloads being hosted and on the security and compliance requirements of your organization. Networking is central to almost everything in a landing zone. This article provides design considerations and recommendations for network topology and connectivity that you can apply when you use the Azure Integration Services (AIS) landing zone accelerator.
0 Comments
Leave a Reply. |