top of page

This site was designed with the

website builder. Create your website today.Start Now

anannd.nerurkar@gmail.com

Preview (3).png

Search

Azure Subscription and Networking Overview ✅

Anand Nerurkar
Apr 21
2 min read

🔷 Azure Subscription and Networking Overview

✅ 1. Azure Subscription

What it is: Logical container to provision Azure resources.
Purpose: Acts as a boundary for billing, permissions, and resource organization.
Best Practices:
- Use Management Groups to organize multiple subscriptions (e.g., Prod, Dev, Test).
- Apply RBAC (Role-Based Access Control) at the subscription or resource group level.
- Implement Azure Policy for governance (e.g., tagging, location restrictions).

✅ 2. Virtual Network (VNet)

What it is: Azure’s private network that logically isolates and securely connects Azure resources.
Components:
- Address Space: Define CIDR blocks (e.g., 10.0.0.0/16).
- Subnets: Divide the VNet into smaller logical units (e.g., Web, App, DB subnets).
- Routing: Use default or custom routes (UDR) to control traffic flow.
- DNS: Azure-provided or custom DNS for name resolution.

✅ 3. Subnets

Organize resources logically (security + routing).
Assign NSGs (Network Security Groups) at subnet or NIC level.
Common layout:
- subnet-web: hosts Application Gateway
- subnet-app: hosts AKS nodes and microservices
- subnet-data: hosts Azure SQL, Cosmos DB

✅ 4. Network Security Group (NSG)

Control inbound and outbound traffic.
Rules are priority-based, allow/deny by IP/port/protocol.
Attach NSGs to subnets or VM NICs.

✅ 5. Azure Firewall

Managed firewall service.
Supports L3–L7 filtering, DNAT/SNAT, threat intelligence.
Integrate with Azure Monitor for logs.

✅ 6. Application Gateway

L7 load balancer with Web Application Firewall (WAF).
Supports SSL termination, cookie-based affinity, URL routing.
Integrates with AKS Ingress Controller or Istio Gateway.

✅ 7. Azure Traffic Manager

DNS-based traffic routing.
Policies: Performance, Geographic, Failover, Priority.
Useful for multi-region AKS or global apps.

✅ 8. Connectivity Options

VNet Peering: Connect VNets in same/different regions.
VPN Gateway: Secure site-to-site or point-to-site tunnels.
ExpressRoute: Dedicated, private fiber to Azure (low latency, high SLA).

🧩 Example VNet Layout

Subnet Name	Purpose	Integrated Services
subnet-web	Exposes app to internet	App Gateway + Traffic Manager
subnet-app	Runs business logic	AKS, Istio, microservices
subnet-data	Stores persistent data	Azure SQL, Cosmos DB
subnet-secure	Secure zone (optional)	Key Vault, Firewall, API Management

Recent Posts

Java 8 coding preparation

Java 8 coding preparation

why springbatch job??

Spring Batch Job Spring Batch is designed exactly for batch workloads like Pro*C migrations. ✅ Advantages: Chunk-oriented processing...

Pro*c Job to Spring Batch Job

Example1: 📌 Background Pro*C job → Written in C with embedded SQL, often used for batch ETL-like jobs in Oracle. Spring Batch job →...

bottom of page