Microsoft Certified Associate: Azure

Administrator AZ-104
Configure and Manage Virtual
Networking
 A Day in the Life of an Azure Architect

Amidst company migration to Azure, an Azure Administrator wants to

replicate the on-premise network to the cloud. The Azure resources
must be organized into virtual networks and subnets. The company
requires an Azure IP addressing schema. The schema should provide
flexibility, room for growth, and integration with on premises networks
so it is required to work for a complete networking setup.

The Azure Administrator needs to design the apps to be resilient to

failure and scale easily when the demands increase.

Resiliency is to be improved by adding multiple web servers to its site

and distributing the load across them. Centralize the site on a single
load-balancing service. This will simplify the URLs for site visitors.
 Learning Objectives

By the end of this lesson, you will be able to:

Configure and monitor Azure virtual networks

Integrate an on-premises network with Azure virtual network

Create custom routes to control the traffic flow

Configure and troubleshoot Azure Load Balancer

Administer Virtual Networking
 Plan Virtual Networks

Features of Azure Virtual Network (VNet):

• Is logical representation of own network
• Creates a dedicated private cloud-only virtual network
• Extends datacenter with virtual networks securely
• Enables hybrid cloud scenarios

Source: https://docs.microsoft.com/en-us/azure
 Create Virtual Networks

Tips to create virtual networks:

• Create new virtual networks at any time

• Add virtual networks when creating a

virtual machine

• Need to define the address space and at

least one subnet

• Be careful with overlapping address

spaces

Source: https://docs.microsoft.com/en-us/azure
 Create Subnets

Consider the following points while creating Subnets:

• A virtual network can be segmented into one or more subnets.
• Subnets provide logical divisions within the network.
• Subnets can help improve security, increase performance, and make it easier to
manage the network.
• Each subnet must have a unique address range and cannot overlap with other
subnets in the vnet in the subscription.
Creating Subnets and Vnets

Duration: 10 Min.

Problem Statement:
Create Subnets and Vnets in Azure to segregate network traffic to allow more secured access
to the resources.
 Assisted Practice: Guidelines

Steps to create subnets and Vnets in Azure:

1. Sign in to Azure portal
2. Go to Virtual network blade
3. Click on Create the virtual network and add the subnets to
the vnet
 Plan IP Addressing

Private IP addresses: It is used within an Public IP addresses: It is used for

Azure virtual network (VNet), and communication with the Internet, including
on-premises network, when using a VPN gateway Azure public-facing services.
or ExpressRoute circuit to extend the network to
Azure.

Source: https://docs.microsoft.com/en-us/azure
 Create Public IP Addresses

Public IP is used to communicate with internet devices, including Azure public-facing services.

• Available in IPv4 or IPv6 or both

• Basic vs. Standard SKU

• Dynamic vs. Static

• Zone redundant (Standard SKU)

• Range of contiguous addresses available

as a prefix
 Associate Public IP Addresses

A public IP address resource can be associated with virtual machine network interfaces,
internet-facing load balancers, VPN gateways, and application gateways.

Public IP addresses IP address association Dynamic Static

Virtual Machine NIC Yes Yes

Load Balancer Front-end configuration Yes Yes

VPN Gateway Gateway IP configuration Yes Yes*

Application Gateway Front-end configuration Yes Yes*

 Associate Private IP Addresses

• Dynamic (default): Azure assigns the next available unassigned or unreserved IP

address in the subnet’s address range.

• Static: Azure selects and assigns any unassigned or unreserved IP address in the
subnet's address range.

Private IP addresses IP address association Dynamic Static

Virtual Machine NIC Yes Yes

Internal Load Balancer Front-end configuration Yes Yes

Application Gateway Front-end configuration Yes Yes

 Implement Network Security Groups

Points to consider while implementing NSG:

• Limits network traffic to resources in a virtual network
• Lists the security rules that allow or deny inbound or outbound network traffic
• Associates to a subnet or a network interface
• Associates multiple times
 Determine NSG Rules

• Security rules in NSGs enable filtering network traffic that can flow in and out of
virtual network subnets and network interfaces.
• There are default security rules but other rules with higher priority can be added.
 Determine NSG Effective Rules

• NSGs are evaluated independently for the subnet and NIC.

• An “allow” rule must exist at both levels for traffic to be admitted.
• The Effective Rules link can be used if not sure which security rules are being applied.

Source: https://docs.microsoft.com/en-us/azure
Create NSG rules

To feature inbound and outbound rules, users will be

able to select from styles of services mentioned
below:

• Service: The destination protocol and port range

for this rule

• Port ranges: Single port or multiple ports

• Priority: The lower the number, the higher

the priority
Creating Network Security Group

Duration: 10 Min.

Problem Statement:
Create a network security group in Azure to have more control over which traffic will be
allowed or denied on the network.
 Assisted Practice: Guidelines

Steps to create a network security group:

1. Sign in to the Azure Portal
2. Navigate to Network security group blade
3. Create the NSG
4. Add inbound port rules
 Determine Azure Firewall Uses

Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual
Network resources. Its features include:

• Service for stateful firewall

• Cloud scalability with a built-in, high, and unrestricted availability

• Network connectivity policies with create, enforce, and log application

• Threat intelligence-based filtering

• Full integration with Azure Monitor for logging and analytics

• Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways
 Determine Azure Firewall Uses

Azure Firewall may be a managed, cloud-based network Security Service that protects Azure Virtual
Network resources.

Source: https://docs.microsoft.com/en-us/azure/firewall
 Create Azure Firewalls

Tips to create Azure Firewalls:

• A Hub-Spoke network topology is recommended
• Shared services are placed in the hub virtual network
• Each environment is deployed to a spoke to maintain isolation

Source: https://docs.microsoft.com/en-us/azure/firewall
 Creating Firewall Rules

There are three types of rules that the user can configure within the Azure Firewall.

• NAT rules: Configure NAT rules to allow incoming connections

• Network rules: Configure rules that contain source addresses, protocols,
destination ports, and destination addresses
• Application rules: Configure fully qualified domain names (FQDNs) that can be
accessed from a subnet
Creating Firewall Rules

Duration: 10 Min.

Problem Statement:
Create firewall rules in Azure to have more control over traffic flow from in and out of the
network.
 Assisted Practice: Guidelines

Steps to create firewall rules:

1. Sign in to the Azure portal
2. Navigate to Firewall service
3. Click on Create
4. Provide necessary information to successfully deploy the
firewall
5. Add firewall rules
 Identity Domains and Custom Domains

Azure Domain Name Service (DNS) enables hosting DNS records for domains on Azure infrastructure. With
Azure DNS, the same credentials, APIs, tools, and billing can be used as other Azure services.

• When creating an Azure subscription, an Azure AD domain is created for the user.

• The domain has an initial domain name in the form domainname.onmicrosoft.com.

• The user can customize or change the name.

• After the custom name is added, it must be verified.

 Identity Domains and Custom Domains

Azure Domain Name Service (DNS) enables to host DNS records for domains on Azure infrastructure.
 Verify Custom Domain Names

Adding a custom name to an Azure AD has the following features:

• Verification demonstrates ownership of the

domain name.

• Azure's DNS record (MX or TXT) is added to

the DNS zone of the company.

• Azure will query the DNS domain for the

presence of the record.

• This could take several minutes or several

hours.
 Create Azure DNS Zones

Azure DNS provides a reliable, secure DNS service to manage and resolve domain names in virtual
networks.

• A DNS zone hosts the DNS records for a

domain.

• Each instance is assigned a different name

server address where multiple zones share
the same name.

• Root or Parent domain is registered at the

registrar and pointed to Azure DNS.
Creating DNS Zone and a Record

Duration: 10 Min.

Problem Statement:
Create DNS zone and a record using Azure DNS to map DNS to or IPs so that we do not need
to remember the IPs.
 Assisted Practice: Guidelines

Steps to create Azure DNS Zone:

1. Sign in to the Azure portal
2. Navigate to create DNS Zone page
3. Provide necessary information to successfully create the
DNS zone
4. In the DNS zone created, select add record set
5. Choose the type of record set to be added
Delegate DNS Domains

To delegate the domain to Azure DNS:

• The user must use the name server

names provided by Azure DNS – all four.

• Once the DNS zone is created, the user

updates the parent registrar.

• For child zones, the user must register the

DNS records in the parent domain.
 Add DNS Record Sets

It is important to grasp the difference between DNS record sets and individual DNS records.

• A record set is a collection of records in a zone

that has the same name and is the same type.

• The user can add up to 20 records to any

record set.

• A record set cannot contain two identical

records.

• A change in the drop-down type, changes the

information required.

Source: https://docs.microsoft.com/en-us/azure
 Plan for Private DNS Zones

Features of using private DNS zones:

• Provides custom domain names
• Provides name resolution for VMs within a
VNet and between Vnets
• Gives automatic hostname record
management
• Removes the need for custom DNS
solutions
• Uses all common DNS records types
• Available in all Azure regions

Source: https://docs.microsoft.com/en-us/azure
 Determine Private Zone Scenarios

• DNS resolution in VNet1 is private and not accessible from the Internet.
• DNS queries across the virtual networks are resolved.
• Reverse DNS queries are scoped to the same virtual network.

Source: https://docs.microsoft.com/en-us/azure
Creating Private DNS Zones

Duration: 10 Min.

Problem Statement:
Create private DNS Zones to identify the domains in the private network settings, these will
not be internet routable.
 Assisted Practice: Guidelines

Steps to create a private DNS Zone:

1. Sign in to the Azure portal
2. Navigate to create a private DNS Zone page
3. Click Create
4. Create a virtual network
5. Link the vnet to the private DNS Zone
Administer Intersite Connectivity
 VNet Peering

Features of VNet Peering:

• VNet peering connects two Azure virtual networks.
• There are two types of peering: Regional and Global.
• Peered networks use the Azure backbone for privacy and isolation.
• The user can peer across subscriptions and tenants.
• It is easy to set up, provides seamless data transfer, and has great performance.

Source: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
 Determine Gateway Transit and Connectivity Needs

When virtual networks are peered, configure a VPN gateway within the peered virtual network as a transit point.

• Gateway transit allows peered virtual

networks to share the gateway and get
access to resources.

• No VPN gateway is required in the peered

virtual network.

• Default VNet peering provides full

connectivity.

Source: https://docs.microsoft.com/en-us/azure
Create VNet Peering

Steps to configure VNet peering:

• Allow virtual network access settings

• Configure forwarded traffic settings

Creating Vnet Peering

Duration: 30 Min.

Problem Statement:
Create Vnet Peering in Azure to connect different networks in Azure so that resources in these
networks can talk to each other over a private connection.
 Assisted Practice: Guidelines

Steps to create Vnet Peering:

1. Create two Vnets
2. Go to the first Vnet, select peerings under settings
3. Select add
4. Provide necessary details to create a peering link
5. Go to the second Vnet
6. Select peering under settings
7. Notice that peering is created automatically
 Determine Service Chaining Uses

VNet Peering is nontransitive. However, the user will configure user-defined routes and repair chaining to
supply the transitivity:

• Leverage user-defined routes and service

chaining to implement custom routing

• Implement a VNet hub with a network virtual

appliance or a VPN gateway

• Enables direct traffic from one virtual

network to a virtual appliance, or virtual
network gateway, in a peered virtual
network, through user-defined routes

Source: https://docs.microsoft.com/en-us/azure
 VPN Gateway Uses

Uses of the VPN Gateway are:

• Site-to-site connections connect on-premises datacenters to Azure virtual networks.
• VNet-to-VNet connections connect Azure virtual networks (custom).
• Point-to-site (User VPN) connections connect individual devices to Azure virtual
networks.

Source: https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
 Create the Gateway Subnet

Users initially must create a gateway subnet before creating a virtual network gateway for the virtual
network. Some important pointers to consider while creating a gateway subnet are as follows:

• The gateway subnet contains the IP addresses; if possible, use a CIDR block of /28 or /27.

• When creating a gateway subnet, gateway VMs are deployed to the gateway subnet and
configured with the required VPN gateway settings.

• Never deploy other resources (for example, additional VMs) to the gateway subnet.
 Create the Gateway Subnet

Gateway subnet contains the IP addresses that are utilized by the virtual gateway.
 Create the VPN Gateway

The VPN gateway settings chosen are critical to making a successful connection.

• Most VPN types are Route-based.

• The choice of gateway SKU affects the

number of connections the user can have
and the aggregate throughput benchmark.

• Associate a virtual network that includes

the gateway subnet.

• The gateway needs a public IP address.

 Determine VPN Gateway Type

When users creates the virtual network gateway, they need to specify a VPN type.

Route-based VPNs use routes in the IP Policy-based VPNs encrypt and direct packets
forwarding or routing table to direct packets: through IPsec tunnels based on the IPsec policies:
• Support for IKEv2 • Support for IKEv1 only
• Can use dynamic routing protocols • Legacy on-premises VPN devices
 Determine Gateway SKU and Generation

Sampling of available
SKUs

S2S/VNet-to-VNet P2S IKEv2 Throughput

Gen SKU
Tunnels Connections Benchmark
1 VpnGw1/Az Max. 30 Max. 250 650 Mbps
1 VpnGw2/Az Max. 30 Max. 500 1.0 Gbps
2 VpnGw2/Az Max. 30 Max. 500 1.25 Gbps
1 VpnGw3/Az Max. 30 Max. 1000 1.25 Gbps
2 VpnGw3/Az Max. 30 Max. 1000 2.5 Gbps
2 VpnGw4/Az Max. 100 Max. 5000 5.0 Gbps
2 VpnGw5/Az Max. 100 Max. 10000 10.0 Gbps
 Determine Gateway SKU and Generation

• The Gateway SKU affects the connections and the throughput.

• Resizing is allowed within the generation.

• The Basic SKU (not shown) is legacy and should not be used.
 Create the Local Network Gateway

The local network gateway typically refers to the on-premises location.

• Reflects the on-premises

network configuration
• Give the site a name by which Azure can
refer to it
• Use a public IP address or FQDN for Local
Network Gateway Endpoint
• Specify the IP address prefixes that will be
routed through the gateway to the VPN
device
 Create the On-Premises VPN Device Connection

Tips to create the on-premises VPN Device Connection:

• Consult the list of supported VPN devices (Cisco, Juniper, Ubiquiti, Barracuda
Networks)
• Refer to an available VPN device configuration script
• Remember the shared key for the Azure connection
• Specify the public IP address

Source: https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Create the VPN Connection

Tips to create a VPN connection:

• Create a connection object, once the VPN
gateways are created and the on-premises device
is configured
• Configure a name for the connection and specify
the type as Site-to-site (IPsec)
• Select the VPN gateway and the Local Network
Gateway
• Enter the Shared key for the connection
 Determine High Availability Scenarios

• VPN gateways are deployed as two instances

• Active/active mode for higher availability is enabled

Source: https://docs.microsoft.com/en-us/azure
Creating VPN Gateway

Duration: 60 Min.

Problem Statement:
Create a VPN gateway in Azure to secure hybrid connectivity between on-premises Data
center and Azure.
 Assisted Practice: Guidelines

Steps to create VPN Gateway:

1. Sign in to the Azure portal
2. Access the virtual network gateways blade
3. Provide necessary details to create the VPN gateway
 Determine ExpressRoute Uses

Azure ExpressRoute helps to make private connections between Azure datacenters and infrastructure
on-premises or in a colocation environment.

• Private connections between on-premises network and Microsoft

datacenters
• Connections do not go over the public Internet: Partner network
• Secure, reliable, low latency, high-speed connections

Source: https://docs.microsoft.com/en-us/azure
 Determine ExpressRoute Capabilities

Once a user is connected to a minimum of one ExpressRoute location within a geopolitical region, the user
will access Azure services across all the regions within that geopolitical region.

• Layer 3 connectivity with redundancy

• Connectivity to all regions within a geopolitical region
• Global connectivity with ExpressRoute premium add-on
• Across on-premises connectivity with ExpressRoute global reach
• Bandwidth options: 50 Mbps to 100 Gbps
• Billing models: Unlimited, metered, premium
 Coexist Site-to-Site and ExpressRoute
There are several advantages of configuring Site-to-Site VPN and ExpressRoute connections for
the identical virtual network:

• Use S2S VPN as a secure failover path for ExpressRoute

• Use S2S VPN to connect to sites that are not connected with ExpressRoute
• Notice two Vnet gateways for the same virtual network

Source: https://docs.microsoft.com/en-us/azure
 Compare Intersite Connection Options

ExpressRoute could be a direct, private connection from the WAN (not over the general
public Internet) to Microsoft Services, including Azure.

Azure services
Connection Bandwidth Protocols Typical use case
supported
Virtual network, Azure IaaS services and Based on the Active/passive Dev, test, and lab
point-to-site Azure Virtual Machines gateway SKU environments for cloud
services and virtual
machines
Virtual network, Azure IaaS service and Typically, < 1 Active/passive Dev, test, and lab
site-to-site Azure Virtual Machines Gbps Active/active environments. Small-
aggregate scale production
workloads and virtual
machines
ExpressRoute Azure IaaS and PaaS 50 Mbps up to Active/active Enterprise-class and
services and Microsoft 100 Gbps mission-critical
365 services workloads. Big data
solutions
 Determine Virtual WAN Uses

Uses of Virtual WAN are:

• Brings together S2S, P2S, and ExpressRoute
• Provides integrated connectivity using a hub-
and-spoke connectivity model
• Connects virtual networks and workloads to
the Azure hub automatically
• Visualizes the end-to-end flow within Azure
• Have two types: Basic and Standard

Source: https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about#:~:text=Azure%20Virtual%20WAN%20is%20a,provide%20a%20single%20operational%20interface.
Administer Network Traffic
 Review System Routes

System routes direct network traffic among virtual

machines (VMs), on-premises networks, and the
Internet:
• Traffic between VMs in the
same subnet
• Between VMs in different subnets in the same
virtual network
• Data flow from VMs to the Internet
• Communication between VMs using VNet-to-
VNet VPN
• Communication between Site-to-Site and
ExpressRoute through the VPN gateway

Source: https://docs.microsoft.com/en-us/azure
 Identify User-Defined Routes

A Route table contains a set of rules, called

routes, that specifies how packets should
be routed in a virtual network.

User-defined routes are custom routes

that control network traffic by defining
routes that specify the next hop of the
traffic flow.

The next hop can be a virtual network

gateway, a virtual network, the internet, or
a virtual appliance.

Source: https://docs.microsoft.com/en-us/azure
 Examine a Routing Example

All traffic from the public subnet to the private subnet must go through a virtual
network appliance.

Source: https://docs.microsoft.com/en-us/azure
 Determine Service Endpoint Uses

Uses of Service Endpoint are:

• Limits network access to specific subnets

and IP addresses

• Improves security for the Azure service

resources

• Provides optimal routing for Azure service

traffic from the virtual network

• Uses the Microsoft Azure backbone

network

• Provides a simple setup with less

management overhead

Source: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Determine Service Endpoint Services

It is easy to feature a service endpoint to the

virtual network. Azure Active Directory, Azure
Cosmos DB, EventHub, KeyVault, Service Bus,
SQL, and Storage are some of the several
services available.

• There are many types of service endpoints.

• Addition of service endpoints can take up

to 15 minutes to complete.
 Identify Private Link Uses

Uses of Private links are:

• Private connectivity to services on Azure. Traffic remains on the Microsoft
network, without public internet access.
• Integration with on-premises and peered networks.
• The mapped resource would be accessible during a security incident within the
network

Source: https://docs.microsoft.com/en-us/azure
Creating NVA and Virtual Machine

Duration: 15 Min.

Problem Statement:
Create NVA and Virtual Machine to implement the user-defined routes so that the traffic will
flow on these defined routes and not on system routes.
 Assisted Practice: Guidelines

Steps to create NVA in Azure:

1. Create Vnet
2. Create VM (NVA)
3. Create a route table and a route
4. Associate the route table to the subnet
5. Turn on IP forwarding
6. Route traffic through NVA
 Determine Azure Load Balancer Uses

Azure Load Balancer delivers high availability and network performance to applications. The load balancer
distributes inbound traffic to backend resources using load balancing rules and health probes.

• Distributes inbound traffic to backend resources using load-balancing rules and

health probes
• Can be used for both inbound/outbound scenarios
• Has two types: Public and Internal

Source: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
 Implement a Public Load Balancer

A public load balancer helps to:

• Map public IP addresses and port number of incoming traffic to the VM’s private
IP address and port number, and vice versa
• Apply load balancing rules to distribute traffic across VMs or services

Source: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
 Implement an Internal Load Balancer

The advantages of implementing an internal load balancer are:

• Directs traffic only to resources inside a virtual

network or that use a VPN to access the Azure
infrastructure

• Does not directly expose front-end IP addresses

and virtual networks to an Internet endpoint

• Enables load balancing within a virtual network

for cross-premises virtual networks, multi-tier
applications, and line-of-business applications

Source: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
 Determine Load Balancer SKUs

The user must choose the Load Balancer SKU:

Feature Basic SKU Standard SKU

Back-end pool Up to 300 instances Up to 1000 instances
Health probes TCP and HTTP TCP, HTTP, and HTTPS
Availability zones Not available Zone-redundant and zonal
frontends for inbound and outbound
traffic
Multiple frontends Inbound only Inbound and outbound

Secure by default Open by default. NSG Closed to inbound flows unless

optional allowed by NSG; Internal traffic
from the virtual network to the
internal load balancer is allowed
SLA Not available 99.99%
 Create Backend Pools

To distribute traffic, a back-end address pool contains the IP addresses of virtual NICs that are
connected to the load balancer.

SKU Backend pool endpoints

VMs in a single availability set or

Basic SKU
VM scale set

Any VM in a single virtual

Standard network, including a blend of
SKU VMs, availability sets, and VM
scale sets
 Create Load Balancer Rules

A load balancer rule defines how traffic is distributed to the backend pool. Its features include:

• A frontend IP and the port combination

can be mapped to a set of backend pools
and port combinations.

• Rules can be combined with NAT rules.

• A NAT rule is explicitly attached to a VM

(or network interface) to complete the
path to the target.
 Configure Session Persistence

Azure Load Balancer distributes network traffic equally among multiple VM instances. It uses a five-tuple
(source IP, source port, destination IP, destination port, and protocol type) hash to map traffic to available
servers. It provides stickiness only within a transport session.

• Session persistence specifies how client traffic is handled.

• None (default) requests can be handled by any virtual machine.

• Client IP requests will be handled by the same virtual machine.

• Client IP and protocol specify that successive requests from the same address and
protocol will be handled by the same virtual machine.

Source: https://docs.microsoft.com/en-us/azure
 Configure Session Persistence

The five-tuple hash to map traffic to available servers is illustrated below:

Client

Source: https://docs.microsoft.com/en-us/azure
Create Health Probes

Features of Health Probes are:

• The load balancer can monitor the

status of an app.

• The VMs can be added or removed

from the load balancer rotation based
on their response to health checks.

• An HTTP custom probe (preferred)

pings every 15 seconds.

• TCP custom probe tries to establish a

successful TCP session.
Creating a Public Load Balancer

Duration: 30 min

Problem Statement:
Create a public load balancer in Azure to evenly distribute the load between the backend
servers.
 Assisted Practice: Guidelines

Steps to create a load balancer in Azure:

1. Sign in to the Azure portal
2. Access the load balancer blade
3. Click Create
4. Add front-end IP
5. Add a backend pool
6. Add inbound rules
 Implement Application Gateway

Features of the Application Gateway:

• Manages web app requests
• Routes traffic to a pool of web servers based on the URL of a request
• Includes web servers that can be Azure virtual machines, Azure virtual machine scale
sets, Azure App Service, and even on-premises servers

Source: https://docs.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal
 Determine Application Gateway Routing

Clients send requests to web apps to an IP address or the DNS name of the gateway. Using a set of rules,
the gateway routes request to select a web server in the back-end pool. The rules are configured for the
gateway to find where the requests should go. There are two primary methods of routing traffic:

Path-based routing Multiple-site routing

Source: https://docs.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal
 Setup Application Gateway Components

Application Gateway has a series of components that combine to route requests to a pool of web servers
and check the health of these web servers.

• Frontend IP

• Listeners

• Routing rules

• Backend pools

• Web application firewall

(optional)

• Health probes

Source: https://docs.microsoft.com/en-us/azure
 Key Takeaways

An Azure Virtual Network (VNet) is a representation of a

network in the cloud. It is a logical isolation of the Azure
cloud dedicated to the subscription.
A network security group contains a list of security rules that
allow or deny inbound or outbound network traffic.

Azure Firewall is a managed, cloud-based network security

service that protects Azure Virtual Network resources.

Azure DNS enables users to host DNS records for their

domains on the Azure infrastructure.
Implementing Path-Based Routing with Application Gateway
Duration: 15 Min.

Project agenda: To implement path-based routing using the Azure

Application gateway

Description: To create routing based on the path provided in the URL to

perform path-based routing

Perform the following:

Create Application gateway, backend pool, and front-end IP. Then,
configure the routing rules based on the path given in the URL.