Welcome to this lesson on secure network connectivity.
This lesson is part of the top Madu off the is that 500 Microsoft Azure security technologist costs
quick information on what will be covering In this lesson.
We'll start out with a review off Secure connectivity options for an azure virtual network.
Well, then this caused the A Java peon get way
points to side VPN or Indication options
Express. Woods gets way
on express food encryption. Let's get into this
when we talk about connectivity to off from outside Asia,
the A treatments and our viewers the Azure network supports. The first option is secure point to cite connectivity, which is achieved by connecting declined endpoint toe on azure VP and get way. This solution is useful for telecommuters who wants to connect to azure virtual networks from a remote location,
such as from home or from a conference.
However, there are times when we needs to securely connect entire remote networks, tohave, virtual networks and nausea,
and this is where the second up from can help
secure sites. Society, VP and connectivity,
which is achieved by connecting firewalls in our remote networks. Toe a VPN get way in Hajer. This connection goes over the public Internet, but communication is encrypted often i p sector Nell. The Tar Adoption is expressed with private connectivity,
which provides private connectivity from our own premises, data centers to our azure virtual networks or even order Microsoft Cloud services like Office Tree 65 Unlike the previous VPN options that we mentioned, this connectivity does not go over the public Internet,
and it requires us to have a relationship
with a connectivity. For Vita Destry options are achieved using through Men Services in Hajer.
The VPN gets way on, the Express would get way. So let's look at both off this
fast. The VP and get way if it being get way is a specific type off veteran network Get way that it's used to send encrypted traffic between an agile virtual network on on premises, location over the public Internet. And as we mentioned earlier, it supports two main scenarios.
Sites decide VP and connection for remote natural connection
on points to side VPN connection for a much is a connection. So yes, out the VP and get we works First, we create a special sub net cause to get way sub net would then deploy the VP and get way into this sub net.
No other, actually, sausage should be deployed into this sub net on. We should also avoid add in network security groups to hit.
After I get waste created, we get a public I p that we condone used to create an I. P. Sec connection for my remote firewall. So this get way
and finally, to ensure that traffic from my remote network are rooted. So this get way we can create a costume but stable that sense that traffic to the get way
four points aside, VPN I Hentges is just need to connect the VPN client on their engines are devices to the get way for them to connect to resources in as a virtual networks.
And that way traffic is returns. True, there's get way to the resources in hodja
when using points aside, VPN connections
users, after authenticate before the VPN connection request is accepted,
and their three mechanisms that azure offers to authenticate a connecting user. The first option is azure certificate authentication.
With this option, the engines, as used a client certificate, start on their devices, toe authenticates to the as a VP and get way to get wouldn't verifies the authenticity off the certificates.
We can use a self science that vic it on ent. If I solution
on the routes, Advocate would need to be uploaded toe azure for the validation.
The second option is as your 80 authentication, where users can use their majority credentials. Toe authenticates to the VPN gateway. However, this solution is only supported for the open VPN protocol for points to side VPN, not the SST p or I give it two options.
Those are not supported.
Also, support is limited toe on the Windows 10 clients using the JVP and client, so there's a lot of restrictions to make this to work.
The tar adoption is the on premises active directory authentication,
which requires a video several to integrate with the active director several and it also requires network connectivity from the VPN get way to the active directory server.
So if the air December is in Hajer, it needs to have a line of sight to the VP and get way.
The all I get with type is the express with get way on. This can be used to extend our own premises networks into our azure virtual networks off private connection. True, a service partner and not over the public Internet.
This works in a similar way, so our the VPN get re walks first. We have I get with sub nets.
We deploy the express would get way into the submits. We don't walk with a supportive partner who provide redundant connection to the Microsoft edge that terminates and I get with sub nets.
We can create a custom but stable for private submit in hasher to ensure that traffic that's going to have remote connection goes true to get way sub nets. Heaven does. This connection is private.
It is not encrypted by default. So let's look at the options for encryption. Express would support a couple of encryption technologies to ensure confidentiality, an integrity off the data. That's Trans Versant between our network on the Microsoft Network.
The first option is point to point encryption by Max Sick
and Max. IQ is an eye trip. We standard it encrypts data at the media access control level, or the layer two level. It can be used to encrypt the physical links between network devices on Microsoft Network devices on this encryption happens on the physical hardware routers.
The good thing about the Mac sick option is that we can bring our own encryption key
on this is appreciate key that we can start in azure key vote once max IQ is enabled, all network control traffic is also encrypted. And I include BDP data traffic. We cannot pick and choose which they that to encrypt.
The other option is just using I p sake on that is I p sake off our express routes.
Eyepiece acres off course on I e t f standard this just increase data at the I P Level or the network. Leah tree level is an i P. Sec here some supplementary links for further studies on the topics covered in this lesson. And here's a summary of four recovered.
We started by talking about secure connectivity options Financial Virtual Network,
but then discussed as a VPN gets way
points to side VPN, authentication options
express would get way and finally express route encryption.
Thanks very much for watching and I'll see you in the next lesson