If you’re looking for a cloud platform that increases your flexibility resulting in higher efficiency, Azure is your solution. The Azure cloud platform is ideal for firms with strict compliance and data protection requirements that want to stay agile.
Migration to Azure is more than just relocating servers or copying files and databases. Careful planning of network architecture is critical. Here are five best practices to ensure that your end-user community can access those resources securely and reliably—both from your office and at-home offices.
Best Practice: Design Hybrid Cloud Networking
For a successful migration, it’s critical to connect on-premises corporate networks to Azure to create a hybrid-cloud network (i.e., an always-on connection) where Azure cloud provides services to business users.
Agio cloud architects establish a site-to-site VPN connection between your compatible on-premises VPN device and an Azure VPN gateway that’s deployed in a virtual network (VNet). Any authorized on-premises resource can access VNets. Site-to-site communications are sent through an encrypted tunnel over the internet. For organizations that have stricter connectivity requirements, Express Route provides a direct connection from your datacenter(s) to the Azure VNet.
Best Practice: Plan IP Addressing
When Agio creates the VNets as part of your migration, we assign an address space that isn’t larger than a CIDR range of /16 for each VNet. VNets allow for the use of 65,536 IP addresses, and assigning a smaller prefix than /16, such as a /15 (which has 131,072 addresses), results in the excess IP addresses becoming unusable elsewhere. It’s important not to waste IP addresses, even if they’re in the private ranges defined by Request for Comment (RFC) 1918.
We also ensure that the VNet address space(s) used doesn’t overlap with on-premises network ranges. Overlapping addresses can create networks that can’t be connected and routing that doesn’t work correctly.
Best Practice: Implement a Hub and Spoke Network Topology
Implementing a hub and spoke topology in Azure centralizes standard services such as connections to on-premises networks, firewalls, and isolation between VNets:
- The hub is an Azure VNet that acts as a central point of connectivity.
- The spokes are VNets that connect to the hub VNet using VNet peering.
- Shared services are deployed in the hub, while individual workloads are deployed as spokes.
This design helps isolate network traffic and set up appropriate security boundaries to prevent undesired access to resources.
Best Practice: Design Subnets
The subnet design is a critical element for your Azure network as it allows Agio engineers to provision resources such as servers and storage in an appropriately segmented manner.
By default, Azure routes network traffic between all subnets in a VNet. Agio takes the additional steps of creating appropriate network routing and firewall restrictions to ensure secure but efficient connectivity.
Best Practice: Set Up a DNS Server
Azure adds a DNS server by default when a VNet is deployed. This allows subscribers to build VNets and deploy resources rapidly. However, this DNS server only provides services to the resources on that VNet. Since there’s often a need to connect to on-premises systems, Agio configures additional name resolution capabilities. By adding a domain-based DNS server in the Azure VNet, we ensure that internal domain name resolution provides access to both cloud and local network systems. We configure those name servers as authoritative for the entire VNet and set up forwarding for external (internet) host names to the Azure name service.
Agio handles the critical steps of your migration to Azure. Our experienced team evaluates and maps out your IP address space(s) and designs a network architecture that includes the connectivity from your office and at-home offices. We also handle segmentation of VNets and the placement of your DNS name servers for optimal name resolution. Contact us today to get started on your cloud journey.