Network topology and connectivity overview in Azure

The following series of articles examines key design considerations and best practices for Azure networking and connectivity.

Plan for IP addressing

Plan for IP addressing in Azure to ensure that IP address spaces don't overlap across on-premises locations and Azure regions. For guidance on planning IP addressing for a hybrid implementation, see Plan for IP addressing.

Configure DNS and name resolution

Domain Name System (DNS) is an important design factor in enterprise-scale architecture. Some organizations might want to use their existing investments in DNS. Other organizations might see cloud adoption as an opportunity to modernize their internal DNS infrastructure to use native Azure capabilities.

For guidance on planning DNS and name resolution for hybrid implementations, see DNS for on-premises and Azure resources.

Define an Azure network topology

Network topology is a critical element of enterprise-scale architecture that defines how applications can communicate with each other. For information about technologies and topologies for Azure deployments, see Define an Azure network topology. The article discusses two core approaches: topologies based on Azure Virtual WAN, and traditional topologies.

Connect to Azure

Connectivity to Azure expands on network topology to describe recommended models to connect on-premises locations to Azure.

Private Link and DNS integration at scale describes how to integrate Azure Private Link for platform-as-a-service (PaaS) services with Azure Private DNS zones in hub-and-spoke network architectures.

Connect to Azure platform as a service (PaaS) services

Building on the previous connectivity articles, Connectivity to Azure PaaS services explores recommended connectivity approaches for Azure PaaS services.

Limit cross-tenant private endpoint connections

To extend the previous article, Limit cross-tenant Private Endpoint connections explores recommended methods to limit private endpoint connections across Azure Active Directory (Azure AD) tenants.

Plan for inbound and outbound internet connectivity

Plan for inbound and outbound internet connectivity describes recommended connectivity models to and from the public internet.

Plan for application delivery

Plan for application delivery explores key recommendations to deliver both internal and externally facing applications in a secure, scalable, and highly available way.

Plan for landing zone network segmentation

Plan for landing zone network segmentation explores key recommendations to deliver highly secure internal network segmentation within a landing zone. This strategy supports a network zero-trust implementation.

Define network encryption requirements

Define network encryption requirements explores key recommendations for network encryption between on-premises locations and Azure, and across Azure regions.

Plan for traffic inspection

Many industries require Azure traffic to be mirrored to a network packet collector for deep inspection and analysis. This requirement typically focuses on inbound and outbound internet traffic. Plan for traffic inspection explores key considerations and recommended approaches for mirroring or tapping traffic within Azure Virtual Network.

Connect to other cloud providers

Connectivity to other cloud providers describes different connectivity approaches to integrate an Azure enterprise-scale landing zone architecture with other cloud providers.

Next steps

This overview summarized articles about key networking topology and connectivity considerations. Start your deeper investigation with the first article in the series: