Hello and welcome back to Cy Berries. Microsoft Azure Administrator A Z 103 course. I'm your instructor, Will Carlson. And this is Episode 46 about Network Watcher.
In today's episode, we're gonna get a better understanding of what network Watcher is and what it does for us. And we're gonna go ahead and configure and step through some tests in network Watcher to get a better idea of how it actually functions within the azure portal
getting right to it. We're gonna come in here into Azure portal and at the top of the page. But a search for network watcher
we can select on network watcher here
and network watcher is primarily a network testing and troubleshooting tool that's available to us as administrators here in Azure.
We can go ahead and see which of the region's for each of our subscription network watcher is enabled in by pulling down this meat menu.
And I could see that in the West, U. S network watcher has been enabled south, central and Central and these air all regions that I have enabled virtual networking it at one point or another and network watcher has been automatically configured for me in those regions
to take advantage of network Watcher. I can simply step through some of these testing functions here along the left side of the blade
and in topology, I can click.
We're gonna leave this on the free trial subscription. We're going to select the IITTIE Resource Group
and then we can select a virtual network.
We can see that my backup, Jeanette, has nothing deployed in it right now. Just the virtual network and the default sub net.
I can click a file Singhvi net and see that I've got the same things. But I actually have a nick card here and Associated Network Security Group and I P address and a virtual machine.
And the same thing goes as we step on through,
we could even see some of the service in points that we've set up here is Well, so if you're trying to get a conceptual idea of how networking is set up for you here in your azure environment, that apology view of network monitor can be very helpful.
Connection monitor is gonna be an interesting tool where we can step through
and we can add connections from one virtual machine into another virtual machine. And what it's gonna tell us is when there are any connectivity issues between those two in points, when Leighton see has significant problems, or when there are any topology changes between those two end points.
Never performance monitor is going to be something that is very powerful but a little bit more limited. I encourage you to read a little bit more about network performance monitor by clicking on the documentation here and seeing which regions and azure currently support the tool. If you have any familiarity with cactus or solar winds,
you'll have a pretty good understanding of some of what network performance monitor is going to offer us his administrators.
Now I p flow verify, is going to verify whether or not I P traffic was able to traverse from one machine to another so we can go ahead and select this I p address here. Let's try poor 33 89 then we're going to select a remote I p address of 10.4 dot 0.4
and for 33 89 as well. And then I can go ahead and so I check
and what I can see here is that access is being denied on Port 33 89 because of a security rule called Port Underscore 33 89. That's part of the RTP Block network security group. So when connected, he's not working as we expected.
The I P flow verified tool is a really powerful way to go ahead and help us narrow down where that's at,
particularly if we don't know what resource it's associated with. So we can't go in and look at the effective policy tool to help troubleshoot their. This is just another way to look from the other way in.
Next, hop is going to be just that. It's going to tell us
based on our destination address
and wherever we're choosing to come from, what the next hop is going to be for us
to get where we're needing to go
and we can see that from my service desk VM to get to open D. N s. It seems pretty apparent that the next top is actually the Internet, and next top is gonna be particularly relevant and helpful when we're trying to troubleshoot issues with service end points
and whether or not they're set up correctly. Remember, if we're on a service in point, we should never see the traffic going to a next top or traversing at all the public Internet. So if you see service in points and Internet will know something is wrong in your configuration of the service in point,
effective security rules is a tool we looked at before We simply select the subscription in the resource group, and then the virtual machine that we'd like to look at an effective security rules is going to tell us any of the network security groups that apply to that particular virtual machine.
We also have tools here in network Watcher to help us troubleshoot VP ends
to do a full packet capture
and to troubleshoot connectivity between virtual machines
based on this given information.
So I hope you can see how Network Watcher is a really powerful tool as an administrator, as we're beginning to troubleshoot networking and connectivity issues both from within Azure resource is, and also out. Resource is either in our on premise environment or on into the network Internet as well.
So in today's brief episode, we talked about how we can use network watcher to troubleshooting at working a issues within Azure. We also talked how we could step through a couple of the use cases of network watcher and get results to help us do that troubleshooting
coming up. Next, we're gonna move into the identity or the azure active directory modules, which will be the last set of modules for the course. Because now that we have all this wonderful things going on in the azure environment, we're definitely going to want to be able to control who has access to what in a more granular way and
connect those resource is in the azure active directory
into our own promise active directory as well.
Thanks so much for joining me today. I'm looking forward to the modules concerning Azure active directory.