Azure! Part 3.2… Or Network Watcher, NSG’s and more!

I’m unemployed at the moment and doing lots of interviews but with this COVID-19 stuff not a lot going on. Unemployment is also kind of tough as my employer has filed a claim but they are still sitting on it. My bills are paid up for this month but I’m pretty sure I’ll have to cash out my small 401k as it doesn’t look like unemployment is coming through any time soon. I complain but there are people in much worse positions. Also paid a company to redo my resume, I don’t think I mentioned that, and sent them a list of information about my blog and whats covered on various certs. Excited to get back because I’m not really certain how to organize some of that stuff and based on emails it looked like they could tell that I was highly skilled hard working professional but who knows, they are corporate linguistic experts. Anyway, lets get to work.

I found it kind of suprising with this one that they didnt give an idea of why the set up is with VM3 but I have no idea what NSGs are so I think we need to start there. Network security groups

You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. This article describes properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule.

This is kind of basic stuff but there is a specific flavor to it and im starting to realize I might want to watch one of those hour or two hour long videos on Azure networking basics however the idea is NSGs basically function as a rule set as if traffic was going through a configured switch. At least that’s my understanding so far. If it functions like Hyper-V, it may prove to provide too much non-useful granular detail settings but hopefully that isnt the case. I mean, that’s my experience using Hyper-V in 2019 but maybe you had a different experience. Anyway, where we? Oh yeah, all right, lets get into Azure Network Watcher. Also, a diagram being static seems like a good idea as you could see what NSG was applied to it (right I couldnt figure that out) to view conflicting rules until you see what Azure Network Watcher is. In the below video you can see the tool in use and from the starting point up to about 5 mins in they are talking about this scenario. They also go into diagramming up time and so forth but what I would like to see is if the tool shows real time if a connection is broken and offers a reason as to why. That doesn’t seem that hard but I could be wrong haha

At around 6 mins, you can see that if you run through some things it will tell you more information but I wondering about a heads up display with like real time type of diagram situations. Anyway, you can view and change network diagrams from Network Watcher.

You know, since I’ve found that being more through is helpful when studying for certification tests lets just make this a big long post where we learn about Azure Networking. So lets look at these other answers. We can start with Azure Monitor. Since these are tools I think that videos might be more helpful and I found this Azure Monitor video to be most helpful. There is another video that looks much slicker but to be honest this one has the best description and tool use cases

So I searched YouTube for videos to come up with this one and discovered it was on a page. This image shows that you can get network insights using Azure monitor but I’m not seeing it on the page and he doesn’t go into in the video so I’m going to assume its more performance related than being a super useful tool to diagnose network issues as that’s probably what Network Watcher is for. Anyway, Azure Monitor overview

Azure Monitor can collect data from a variety of sources. You can think of monitoring data for your applications in tiers ranging from your application, any operating system and services it relies on, down to the platform itself. Azure Monitor collects data from each of the following tiers:

  • Application monitoring data: Data about the performance and functionality of the code you have written, regardless of its platform.
  • Guest OS monitoring data: Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.
  • Azure resource monitoring data: Data about the operation of an Azure resource.
  • Azure subscription monitoring data: Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.
  • Azure tenant monitoring data: Data about the operation of tenant-level Azure services, such as Azure Active Directory.

Basically it seems like a place to sort logs pertaining to machine and app performance.

Ok, so whats a Traffic Manager Profile? Well, lets start here: What is Traffic Manager?

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.

Oh man, I keep hearing Azure region mentioned but I haven’t gotten into that yet. Might as well grab that while we are thinking about it:

A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

With more global regions than any other cloud provider, Azure gives customers the flexibility to deploy applications where they need to. Azure is generally available in 53 regions around the world, with plans announced for 5 additional regions.

Ok, that’s straight forward and interesting but lets get back to load balancing with hybrid cloud options, I mean Azure Traffic Manager…anyway, yeah its a powerful load balancer and MSFT has some really great documentation about how to set it up and use it like this profile for low latency that even goes into actually creating VMs, installing IIS and and all that and then finally gets into creating the profile that is in use to actually direct traffic Tutorial: Improve website response using Traffic Manager . Anyway, I think that’s all for this question. I’m going to do one more. Watch an Azure Networking Video that I probably wont link but you can find if you can use google and then maybe go downtown for a nice long run.

I got the first two right in this question but I have no idea what they are talking about with a probe. The other two are basic networking questions. I mean, maybe not basic as in home router but at … literally nothing I can say at this point wont sound pretentious as hell haha. Anyway, lets figure out what a probe is. The naming convention here is a little wonky but I can read through the idea to understand what it is Application Gateway health monitoring overview

An application gateway automatically configures a default health probe when you don’t set up any custom probe configuration. The monitoring behavior works by making an HTTP request to the IP addresses configured for the back-end pool. For default probes if the backend http settings are configured for HTTPS, the probe uses HTTPS as well to test health of the backends.

For example: You configure your application gateway to use back-end servers A, B, and C to receive HTTP network traffic on port 80. The default health monitoring tests the three servers every 30 seconds for a healthy HTTP response. A healthy HTTP response has a status code between 200 and 399.

If the default probe check fails for server A, the application gateway removes it from its back-end pool, and network traffic stops flowing to this server. The default probe still continues to check for server A every 30 seconds. When server A responds successfully to one request from a default health probe, it’s added back as healthy to the back-end pool, and traffic starts flowing to the server again.

So a probe is basically a heartbeat and the naming conventions for that concept are usually changed and everyone calls it something different. Its one server saying “hey are you up” to another server but perhaps this is a little more in-depth as they don’t usually have rule sets identified with them but this is for larger scale infrastructure.

Honestly the next two questions in this are not as expansive so I may try to figure out some more stuff. Who knows. Anyways, thank you to whom ever actually reads this blog! I appreciate your viewership of this thing that I put time and money into haha

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by

Up ↑

%d bloggers like this: