The purpose of this repo is to deliver layered, reusable and github friendly network architecture diagrams for Cloud Solutions Architects to run effective Azure design and skilling sessions. The content is based on real customer and partner design sessions with collaboration from cross-functional architects. The repository will include tips and tools for effective story telling that explain the why behind the design options based on requirements and the art of the possible. The design areas include - Azure Networking, Hybrid connectivity architectures, routing, firewalling, load balancing, multi-region, secure design, cross functional networking areas and AKS networking. The networking complexity is broken down into layers with one diagram per design area using draw.io now diagrams.net. This repo will include configuration snippets to reduce the lab prep time and the need to leave the labs running for demos.
Cloud Solution Architects, Network Architects, Cloud Infrastructure Architects, Solution Engineers
- Build Reusable and github friendly network architecture diagram templates
- Layered diagrams to run effective Azure Design and skilling sessions
- Real world use cases dervied from working with Microsoft customers
- Level 100 to level 400 scenarios in one diagram
- Understand the why behind the design decision
- Minimize lab time
- Growth mindset
Download all drawio diagrams here
- APIM Networking
- Azure Network Security (AzFW, DDoS)
- ExpressRoute Designs
- AVD (Azure Virtual Desktop)
- SAP on Azure
- SQL MI Networking
- Azure IoT Networking
- AVNM (Azure Virtual Network Manager)
Download draw.io diagram. More information on how to open .drawio files here.
In this session we walk through the Hub-spoke architecure design. This design includes the following layers.
- Hybrid Connectivity Architecture with hub-spoke design
- Site-to-site, Point-to-Site and ExR connected Branches
- Default traffic Flows
- Variation of the default design based on requirements
- Use case for AzFw
- Use case for ARS (Azure Route server)
- Use case for NVA (Pros and Cons)
- VPN Gateway Active Active design challange
- Multi-region design
- Configuration snippets
- Concepts
- Limitations
Download draw.io diagram. More information on how to open .drawio files here.
In this session we walk through the vWAN architectures. This design includes the following layers:
- Hybrid Connectivity Architecture
- Single region default flows with Azure vWAN
- Multi region default flows with Azure vWAN
- Secured vWAN
- BGP Endpoint feature use case
- Use case for routing intent
- Use case for NVA in indirect spokes
- Use case for Custom Routing
- Multiregion with ExR Boe-tie design
Download draw.io diagram. More information on how to open .drawio files here.
In this session we walk through the load balancing architectures. This design includes the following layers
- Azure load balancer (layer 4)
- Azure application Gateway (layer 7)
- Cross Region Load Balancer
- Azure Traffic Manager (Global)
- Azure Front door (AFD)
- Azure Gateway Load Balancer
- Multi-region design
- Use case for Private endpoint with AFD
Download draw.io diagram. More information on how to open .drawio files here.
In this session we walk through the DNS options in Azure.his design includes the following layers
- DNS Options in Azure
- Default DNS configuration
- Custom DNS
- Hybrid DNS
- Private DNS Zones
- Azure Private DNS Resolver
Download draw.io diagram. More information on how to open .drawio files here.
This design includes the following layers:
- NVA LB Sandwich design
- Challenge: Preserving flow symettry
- North South flows
- East West Flows
- Packet Captures
- Use case Floating IP
- Use case for HA Ports
- Configuration Snippets
Download draw.io diagram. More information on how to open .drawio files here.
This design includes the following layers:
- Service Endpoint
- Private Endpoint
- Private Link Service
- VNET Integration vs Private Endpoint
- Use case with Azure Front Door (AFD) with Private Endpoint
- Use case with AKS
Download draw.io diagram. More information on how to open .drawio files here.
This design includes the following layers (Note: AI Studio TAB)
- AI Studio Prompt flow with Managed VNET and Private endpoints
- Short Demo with AI Studio Playground
- Azure AI Studio Architecture Components (PaaS and IaaS)
- Key Concepts (Private Endpoints, Webapp, Embedding and Vector Database, Managed EP, AI Models and Prompt flow)
- Traffic flows with managed VNET with Private Endpoints
- FAQ and Feedback Links
Download draw.io diagram. More information on how to open .drawio files here.
This design includes the following layers (Note: ML Studio TAB)
- Public Networking
- BYO VNET
- Managed VNET (Private with Internet Outbound)
- Managed VNET (Private with Approved Outbound)
- All traffic flows (inbound/outbound)
Upcoming topics in this series:
- Powerapp and power platform integration
- BYO Data
Download draw.io diagram. More information on how to open .drawio files here.
- On-Prem Connectivity Using Global Reach
- VPN ER Transit using ARS
- Network Virtual Appliance (NVA) in Azure VNET (with ARS)
- Transit VNET design with NVA in Azure NVET (with ARS)
- Deploy third party Virtual Apppliance using NSX-T segments within AVS
- Secured vWAN HUB Design with Routing Intent
Download draw.io diagram
- 00:00:00 β Welcome and Introductions
- 00:02:31 β HCX MON Lab β The Vision and Big Picture
- 00:11:54 β Deploy Simulated On-Prem (AVS SDDC) from Scratch
AVS Side:
- 00:17:00 β Deploy AVS Side
- 00:20:41 β Deploy ER Gateway
- 00:23:44 β The Jump Host
- 00:24:28 β Create a Connection
- 00:27:48 β AVS: Inbound/Outbound Flows
- 00:29:15 β NSX Concepts and IP Address Planning
- 00:38:58 β Launch vCenter and NSX Manager
- 00:40:57 β vCenter Overview
- 00:50:28 β NSX Manager Overview
- 01:02:54 β Segments, DHCP, DNS
- 01:15:44 β Deploy VM
- 01:20:00 β Run Validations and Troubleshooting
- 01:30:08 β Enable HCX
- 01:31:15 β Configure Simulated On-Prem Side
- 01:52:15 β AVS Interconnect
HCX MON Demo:
- 01:59:34 β Enable VMware HCX (Simulated On-Prem)
- 02:03:25 β Create HCX Site Pairs and Interconnect
- 02:24:26 β L2 Extension β Architecture and Flows
- 02:31:09 β L2 Extension β Troubleshooting
- 02:52:01 β Enable MON
- 02:58:10 β Asymmetric Routing
- 03:01:25 β HCX Policy Routes
- 03:11:26 β Test VM Migration
- 03:20:10 β Unextend Network
- 03:22:47 β DNS and DHCP Troubleshooting and Orchestration
- 03:30:17 β Closing Thoughts and Thank You!
Download draw.io diagram. More information on how to open .drawio files here.
This design includes the following layers
-
Azure CNI
-
Azure Kubenet
-
Azure CNI Overlay
-
Dual Stack (IPv6 and IPv4) in AKS
-
Nginx ingress
-
App GW Ingress
-
AzFW Firewall egress
-
NAT Gateway egress
-
Furture Topics in this series...
BYO CNI (Cilium/Isovalent)
AGC (Application Gateway for Containers)
AKS Private Cluster
Multi-region Designs with Azure Front Door
App-Dev Integration - Azure Data platform integration (Example: SQL MI integration, SQL DB, Cosmos DB, OSS DB (mysql, postgreSQL), blob storage) - Multi-region with Relational DB(SQLMI, SQL DB, OSS DB) (Single Master) (Shopping cart) - Multi-region with Non-relational or NoSQL (Cosmos DB, MongoDB) (Multi Master) (catalog db)
Download draw.io diagram. More information on how to open .drawio files here.
- 00:00:00 β Welcome to the Art of The Possible Series
- 00:01:39 β Hybrid Cloud Architecture and draw.io
- 00:03:39 β External Mode: Architecture and Portal Experience
- 00:15:44 β External Mode: With Private Endpoint (Preview)
- 00:21:08 β External Mode: With Front Door and Private Endpoint (Preview)
- 00:27:41 β External Mode: Azure Front Door Custom Domain
- 00:37:50 β Internal Mode: Architecture
- 00:58:02 β Internal Mode: With Application Gateway
- 01:12:12 β Internal Mode: With Application Gateway and Front Door
- 01:23:45 β Outbound from Container App (NAT GW and AzFW)
- 01:29:03 β Multi-region design
- 01:31:29 β Troubleshooting Tipsβ¦
- 01:34:15 β Closing Thoughts and Thank Youβ¦
Download draw.io diagram. More information on how to open .drawio files here.
Vendor dedicated videos available:
Full Playlist here: https://www.youtube.com/playlist?list=PLb4hYfatvJJhNyUpS9LX4RtllDYXhtZ75
- Check Point Software CloudGuardwith John Guo
- Palo Alto Networks Cloud NGFW Architecture and demo with Anton Budilovskiy and Salman Syed
- Fortinet NGFW and SDWAN with Martin Twombly
- Cisco SDWAN with Juan Ignacio Sterbenc Simarbir Singh
- Cisco Meraki SDWAN with Juan
- VMware SDWAN by Broadcom with Vivek Achar
Download π draw.io diagram.
More information on how to open .drawio files can be found here.
- 00:00:00 β Welcome and introductions
- 00:01:59 β ADF Concepts - Network Perspective
- 00:07:41 β The Big Picture
- 00:10:11 β Scenario: AutoResolve Integration Runtime (Public Networking)
- 00:31:12 β Private Endpoint and DNS Deep dive
- 01:02:43 β Scenario: Self Hosted IR (On-premises) (Private Networking)
- 01:14:09 β P2S VPN and Private Endpoints
- 01:35:05 β Validations and troubleshooting
- 01:42:28 β Scenario: Self Hosted IR (Azure VM)
- 01:51:35 β Scenario: Manage VNET IR
- 02:12:27 β Fabric Data Factory Networking
- 02:33:22 β Run Pipeline
- 02:43:59 β Closing thoughts and thank you!
- Azure Databricks (Coming up next!)
- Azure Synapse
- Azure Datalake or blob storage
- SQL MI (source and destination)
- Third Party Cloud (GCP)
- Hybrid SQL Server On-premise
- Cosmos DB, SQL DB (source and destination)
- OSS Databases (postgreSQL, mysql, mariadb)
- APIM Big Picture view
- Default mode
- External network mode
- Internal network mode
- Internal network mode with Azure Application Gateway
- Internal network mode with AKS Backend API
- APIM with Azure firewall/NVA
- APIM Identity - AAD and B2C Integration
- APIM Multi-region Architecture
- Self hosted gateway
- LetsEncrypt Certificates and APIM Custom Domain
- Azure Private DNS Zones integration
- Network Troubleshooting
Draw.io is feature rich. I've listed my top 10 favorite features that are useful for drawing network architecture diagrams
- Add Shapes: View -> Shapes -> Add Shapes -> Azure.
- Add Layers: View -> Layers. Create layers and show hide layers.
- Add Scratchpad: View -> Scratchpad
- View Outline: View -> Outline
- Flow animation: Select Flow -> Flow animation
- Sketch Style (hand drawn style)
- Whiteboard: Extras-> Theme-> Sketch
- Curved lines for flows
- vscode integration
- Group shapes using CTRL-G
There are three options to open the draw.io diagrams.
-
Use the desktop app Download the desktop app from the microsoft store.
Dowload drawio file from github and open in the desktop app. File -> Raw -> Save link as.
-
Use the web browser to open the file online using the link here
-
Integrate with vscode using the
Special thank you to my colleagues