Forum Widgets
Latest Discussions
I need an idea of how to make an architecture in Azure
Hello, I need help with a project. I need to upload an Excel file to my data lake and create an automated process that converts it to CSV without the need for user intervention or debugging. Can someone assist me with this? It is very important for me to complete this process successfully.Network Design Ideas for VMs in Azure
Hello, I am analyzing the current Azure environment at my new job and trying to figure out the architectural choices mostly networking wise. Currently, we have 10 VMs and each VM has its own VNet and they are all in the same region. In my experience so far, I have never seen such network design in Azure before. If all VMs are in the same region, we could have one Vnet and utilize subnets and NSGs to segment the VMs and control the traffic. Having so many different VNets makes it very complex to manage. Looking for opinions what other people think. Is this just a bad design or just to keep the VMs separate from each other.Best Practices for Designing a Hub-and-Spoke Architecture in Azure
A Hub-and-Spoke architecture is a widely used networking topology in Azure that helps organizations centralize network management, enhance security, and optimize connectivity. However, designing an efficient Hub-and-Spoke model requires careful planning regarding network security, scalability, and cost optimization. What are the core components of a Hub-and-Spoke architecture in Azure? What factors should be considered when designing the hub (e.g., Virtual Network Gateway, Firewall, Security controls)? What are the key challenges you've encountered while implementing a Hub-and-Spoke architecture in Azure, and how have you addressed them?Azure Course Blueprints
Please refer to the updated document now in Azure Architecture Blog https://aka.ms/courseblueprint Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course by modules. I.E.: Just day 1 of AZ-104, using filters in Visio and selecting modules 1-3 Enhanced Integration: The Visio Template+ for expert courses such as SC-100 and AZ-305 now features an additional layer that allows you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-204, AZ-700, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for SC-100, and AZ-204 or AZ-104 for AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. New Feature: A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Released Updated Contents! AZ-104 Azure Administrator Associate Blueprint [PDF] Template 12/14/2023 10/28/2024 Contents AZ-204 Azure Developer Associate Blueprint [PDF] Template 11/05/2024 11/11/2024 Contents AZ-500 Azure Security Engineer Associate Blueprint [PDF] Template+ 01/09/2024 10/10/2024 Contents AZ-700 Azure Network Engineer Associate Blueprint [PDF] Template 01/25/2024 11/04/2024 Contents SC-300 Identity and Access Administrator Associate Blueprint [PDF] Template 10/10/2024 Contents Specialty PDF Visio Released Updated AZ-140 Azure Virtual Desktop Specialty Blueprint [PDF] Template 01/03/2024 02/05/2024 Expert level PDF Visio Released Updated AZ-305 Designing Microsoft Azure Infrastructure Solutions Blueprint [PDF] Template+ AZ-104 AZ-204 AZ-700 05/07/2024 12/09/2024 Contents SC-100 Microsoft Cybersecurity Architect Blueprint [PDF] Template+ AZ-500 SC-300 10/10/2024 Contents Skill based Credentialing PDF Visio Released Updated AZ-1002 Configure secure access to your workloads using Azure virtual networking Blueprint [PDF] Template 05/27/2024 Contents AZ-1003 Secure storage for Azure Files and Azure Blob Storage Blueprint [PDF] Template 02/07/2024 02/05/2024 Contents Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Introduction to Course Blueprint for Trainers [10 minutes + comments] Real life demo AZ-104 Advanced Networking section [3 minutes] Visio stencils Azure icons - Azure Architecture Center | Microsoft Learn Subscribe if you want to get notified of any update like new releases or updates. My email ilan.nyska@microsoft.com LinkedIn https://www.linkedin.com/in/ilan-nyska/ Celebrating 30,000 Downloads! Please consider sharing your anonymous feedback <-- [~ 40 seconds to complete]Best Practices for Designing a Hub-and-Spoke Architecture in Azure
The Hub-and-Spoke architecture is a common networking model in Microsoft Azure, designed to improve security, manageability, and scalability for enterprises and cloud workloads. By centralizing network resources in a hub and connecting multiple spoke virtual networks (VNets), organizations can enforce governance while enabling controlled communication across workloads. However, designing an optimal Hub-and-Spoke architecture requires careful planning to ensure security, performance, and cost efficiency. This post will explore the best practices to help you build a robust and scalable architecture in Azure. 1. Understanding the Hub-and-Spoke Model In this architecture: The Hub serves as the central point for connectivity, hosting shared services like firewalls, VPN/ExpressRoute gateways, and identity services. The Spokes are individual VNets that connect to the hub, typically representing isolated workloads, applications, or business units. Peering is used to establish communication between the hub and spokes, with the option to enable or restrict direct spoke-to-spoke communication. Key Benefit: Centralized management of network traffic, security, and hybrid connectivity. 2. Designing an Effective Hub The hub is the backbone of your architecture, so it must be designed with scalability and security in mind: ✅ Use Azure Virtual WAN if you need a global-scale Hub-and-Spoke deployment with automated routing and traffic management. ✅ Leverage Azure Firewall for centralized security and to enforce traffic control between spokes. ✅ Implement Network Security Groups (NSGs) to restrict inbound/outbound traffic and define granular security policies. ✅ Optimize traffic flow with Route Tables (UDRs) to avoid asymmetric routing and performance bottlenecks. ✅ Ensure high availability by deploying redundant VPN or ExpressRoute gateways in active-active mode. Tip: Avoid placing unnecessary workloads in the hub to prevent performance degradation. 3. Managing Spoke Communication and Isolation Each spoke VNet should be logically and securely isolated while allowing required communication paths. ✅ Limit direct spoke-to-spoke communication by routing traffic through the hub unless specific business requirements demand otherwise. ✅ Use Private Endpoints to securely access PaaS services without exposing them to the public internet. ✅ Enforce Zero Trust principles by using Azure Private Link and restricting access to critical workloads. Tip: Avoid transitive peering unless absolutely necessary; use the hub to manage inter-spoke traffic. 4. Performance and Cost Optimization An efficient Hub-and-Spoke design ensures minimal latency and optimized costs. ✅ Use Accelerated Networking on VMs to enhance throughput and reduce network latency. ✅ Implement Azure Route Server to dynamically manage routes between the hub and spokes. ✅ Monitor network traffic with Azure Monitor and Traffic Analytics to detect bottlenecks and optimize network flow. ✅ Optimize ExpressRoute or VPN usage by choosing the right SKU based on bandwidth and redundancy needs. Tip: Reduce unnecessary traffic through NSG rules and route tables to avoid extra processing costs. 5. Governance and Automation To maintain consistency and reduce human errors, use automation and governance best practices: ✅ Deploy infrastructure as code (IaC) using ARM templates, Bicep, or Terraform for reproducible deployments. ✅ Enforce security policies with Azure Policy to ensure compliance with networking standards. ✅ Use Role-Based Access Control (RBAC) to define strict access levels for managing network resources. ✅ Monitor and log network activity using Azure Sentinel and Azure Monitor to detect anomalies. Tip: Automate network provisioning using Azure DevOps or GitHub Actions for efficiency and consistency. Final Thoughts A well-designed Hub-and-Spoke architecture in Azure provides centralized security, simplified management, and scalable connectivity. However, to maximize its benefits, it's essential to carefully plan network security, routing, and cost optimization while leveraging Azure’s built-in automation and monitoring tools. 🔹 What challenges have you faced when implementing a Hub-and-Spoke model in Azure? 🔹 What best practices have worked well for your organization? Let’s discuss in the comments! 🚀Managing Multiple VMs on Azure Similar to Workspace One
Hello, I currently manage an infrastructure of approximately 100 VMs. I would like to perform activities on Azure such as: Installing/removing apps Viewing all installed apps on the VMs Adding shortcuts to the desktop Adjusting timezone/date and time I am looking for a solution that can handle these tasks, similar to what Workspace One does, but for Windows Servers. How do you currently manage these tasks? Thank you! Feel free to post this on the Microsoft forum. If you need any further assistance, let me know!
Azure Function App Network(Preview)
Trying to use durable function while creating the azure function, we observe network is in preview state. Could anyone will suggest any how to make stable network for durable function for function premium plan and app service plan. And why Function App is working on Networking (preview).Seeking Advice for Automating VMSS Scaling Based on On-Premises SQL Data
Hi everyone, I have a few VMSS (Virtual Machine Scale Sets) already configured to scale up and down based on predefined rules. Now, what I’m looking to achieve is to periodically run a query on my on-premises SQL database, and depending on the result (let’s say if the number is X), I want to automatically scale the VMSS accordingly (increase or decrease the number of instances). I’ve considered several approaches like using Azure Automation Account, Power Automate, or Azure Function for this. But I’m not sure what would be the most efficient way to implement it. Any ideas or suggestions on the best method to achieve this would be greatly appreciated! Thanks in advance for the help!
