Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Core Networking Infrastructure Checklist

Design and Implement Private IP Addressing for Azure Resources

  • Plan and implement network segmentation and address spaces
  • Create a virtual network (VNet)
  • Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion
  • Plan and configure subnet delegation
  • Create a prefix for public IP addresses
  • Choose when to use a public IP address prefix
  • Plan and implement a custom public IP address prefix (bring your own IP)
  • Create a new public IP address
  • Associate public IP addresses to resources

Design and Implement Name Resolution

  • Design name resolution inside a VNet
  • Configure DNS settings for a VNet
  • Design public DNS zones
  • Design private DNS zones
  • Configure a public or private DNS zone
  • Link a private DNS zone to a VNet

Design and Implement VNet Connectivity and Routing

  • Design service chaining, including gateway transit
  • Design virtual private network (VPN) connectivity between VNets
  • Implement VNet peering
  • Design and implement user-defined routes (UDRs)
  • Associate a route table with a subnet
  • Configure forced tunneling
  • Diagnose and resolve routing issues
  • Design and implement Azure Route Server
  • Identify appropriate use cases for a Virtual Network NAT gateway
  • Implement a NAT gateway

Monitor Networks

  • Configure monitoring, network diagnostics, and logs in Azure Network Watcher
  • Monitor and repair network health using Azure Network Watcher
  • Activate and monitor distributed denial-of-service (DDoS) protection
  • Activate and monitor Microsoft Defender for DNS

Design, Implement, and Manage Connectivity Services Checklist

Design, Implement, and Manage a Site-to-Site VPN Connection

  • Design a site-to-site VPN connection, including for high availability
  • Select an appropriate VNet gateway SKU for site-to-site VPN requirements
  • Implement a site-to-site VPN connection
  • Identify when to use a policy-based VPN versus a route-based VPN connection
  • Create and configure an IPsec/IKE policy
  • Diagnose and resolve virtual network gateway connectivity issues
  • Implement Azure Extended Network

Design, Implement, and Manage a Point-to-Site VPN Connection

  • Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
  • Select and configure a tunnel type
  • Select an appropriate authentication method
  • Configure RADIUS authentication
  • Configure certificate-based authentication
  • Configure authentication using Azure Active Directory (Azure AD), part of Microsoft Entra
  • Implement a VPN client configuration file
  • Diagnose and resolve client-side and authentication issues
  • Specify Azure requirements for Always On authentication
  • Specify Azure requirements for Azure Network Adapter

Design, Implement, and Manage Azure ExpressRoute

  • Select an ExpressRoute connectivity model
  • Select an appropriate ExpressRoute SKU and tier
  • Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery
  • Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
  • Choose between private peering only, Microsoft peering only, or both
  • Configure private peering
  • Configure Microsoft peering
  • Create and configure an ExpressRoute gateway
  • Connect a virtual network to an ExpressRoute circuit
  • Recommend a route advertisement configuration
  • Configure encryption over ExpressRoute
  • Implement Bidirectional Forwarding Detection
  • Diagnose and resolve ExpressRoute connection issues

Design and Implement an Azure Virtual WAN Architecture

  • Select a Virtual WAN SKU
  • Design a Virtual WAN architecture, including selecting types and services
  • Create a hub in Virtual WAN
  • Choose an appropriate scale unit for each gateway type
  • Deploy a gateway into a Virtual WAN hub
  • Configure virtual hub routing
  • Create a network virtual appliance (NVA) in a virtual hub
  • Integrate a Virtual WAN hub with a third-party NVA

Design and Implement Application Delivery Services Checklist

Design and Implement an Azure Load Balancer

  • Map requirements to features and capabilities of Azure Load Balancer
  • Identify appropriate use cases for Azure Load Balancer
  • Choose an Azure Load Balancer SKU and tier
  • Choose between public and internal
  • Create and configure an Azure Load Balancer
  • Implement a load balancing rule
  • Create and configure inbound NAT rules
  • Create and configure explicit outbound rules, including SNAT

Design and Implement Azure Application Gateway

  • Map requirements to features and capabilities of Azure Application Gateway
  • Identify appropriate use cases for Azure Application Gateway
  • Create a back-end pool
  • Configure health probes
  • Configure listeners
  • Configure routing rules
  • Configure HTTP settings
  • Configure Transport Layer Security (TLS)
  • Configure rewrite sets

Design and Implement Azure Front Door

  • Map requirements to features and capabilities of Azure Front Door
  • Identify appropriate use cases for Azure Front Door
  • Choose an appropriate tier
  • Configure an Azure Front Door, including routing, origins, and endpoints
  • Configure SSL termination and end-to-end SSL encryption
  • Configure caching
  • Configure traffic acceleration
  • Implement rules, URL rewrite, and URL redirect
  • Secure an origin using Azure Private Link in Azure Front Door

Design and Implement Azure Traffic Manager

  • Identify appropriate use cases for Azure Traffic Manager
  • Configure a routing method
  • Configure endpoints

Design and Implement Private Access to Azure Services Checklist

  • Plan an Azure Private Link service
  • Create a Private Link service
  • Integrate a Private Link service with DNS
  • Plan private endpoints
  • Create private endpoints
  • Configure access to Azure resources using private endpoints
  • Connect on-premises clients to a private endpoint
  • Integrate a private endpoint with DNS

Design and Implement Service Endpoints

  • Choose when to use a service endpoint
  • Create service endpoints
  • Configure service endpoint policies
  • Configure access to service endpoints

Secure Network Connectivity to Azure Resources Checklist

Implement and Manage Network Security Groups (NSGs)

  • Create a network security group (NSG)
  • Associate an NSG to a resource
  • Create an application security group (ASG)
  • Associate an ASG to a network interface card (NIC)
  • Create and configure NSG rules
  • Interpret NSG flow logs
  • Validate NSG flow rules
  • Verify IP flow
  • Configure an NSG for remote server administration, including Azure Bastion

Design and Implement Azure Firewall and Azure Firewall Manager

  • Map requirements to features and capabilities of Azure Firewall
  • Select an appropriate Azure Firewall SKU
  • Design an Azure Firewall deployment
  • Create and implement an Azure Firewall deployment
  • Configure Azure Firewall rules
  • Create and implement Azure Firewall Manager policies
  • Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

Design and Implement a Web Application Firewall (WAF) Deployment

  • Map requirements to features and capabilities of WAF
  • Design a WAF deployment
  • Configure detection or prevention mode
  • Configure rule sets for WAF on Azure Front Door
  • Configure rule sets for WAF on Application Gateway
  • Implement a WAF policy
  • Associate a WAF policy