Azure Networking architecture documentation
This article provides information about architecture guides that can help you explore the different networking services in Azure available to you for building your applications.
The following table includes articles that provide a networking overview of a virtual datacenter and a hub and spoke topology in Azure.
|Virtual Datacenters||Provides a networking perspective of a virtual datacenter in Azure.|
|Hub-spoke topology||Provides an overview of the hub and spoke network topology in Azure along with information about subscription limits and multiple hubs.|
Connect to Azure resources
The following table includes articles about Azure Networking services that provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch to branch connectivity in Azure.
|Add IP address spaces to peered virtual networks||Provides scripts that help add IP address spaces to peered virtual networks.|
|Connect standalone servers by using Azure Network Adapter||Shows how to connect an on-premises standalone server to Microsoft Azure virtual networks by using the Azure Network Adapter that you deploy through Windows Admin Center.|
|Choose between virtual network peering and VPN gateways||Compares two ways to connect virtual networks in Azure: virtual network peering and VPN gateways.|
|Connect an on-premises network to Azure||Compares options for connecting an on-premises network to an Azure Virtual Network (VNet). For each option, a more detailed reference architecture is available.|
|SD-WAN connectivity architecture with Azure Virtual WAN||Describes the different connectivity options for interconnecting a private Software Defined WAN (SD-WAN) with Azure Virtual WAN.|
Deploy highly available applications
The following table includes articles that describe how to deploy your applications for high availability using a combination of Azure Networking services.
|Multi-region N-tier application)||Describes a multi-region N-tier application that uses Traffic Manager to route incoming requests to a primary region and if that region becomes unavailable, Traffic Manager fails over to the secondary region.|
|Multitenant SaaS on Azure||Uses a multi-tenant solution that includes a combination of Front Door and Application Gateway. Front Door helps load balance traffic across regions and Application Gateway routes and load-balances traffic internally in the application to the various services that satisfy client business needs.|
|Multi-tier web application built for high availability and disaster recovery||Deploys resilient multi-tier applications built for high availability and disaster recovery. If the primary region becomes unavailable, Traffic Manager fails over to the secondary region.|
|IaaS: Web application with relational database||Describes how to use resources spread across multiple zones to provide a high availability architecture for hosting an Infrastructure as a Service (IaaS) web application and SQL Server database.|
|Sharing location in real time using low-cost serverless Azure services||Uses Azure Front Door to provide higher availability for your applications than deploying to a single region. If a regional outage affects the primary region, you can use Front Door to fail over to the secondary region.|
|Highly available network virtual appliances||Shows how to deploy a set of network virtual appliances (NVAs) for high availability in Azure.|
|Multi-region load balancing with Traffic Manager and Application Gateway||Describes how to deploy resilient multi-tier applications in multiple Azure regions, in order to achieve availability and a robust disaster recovery infrastructure.|
Secure your network resources
The following table includes articles that describe how protect your network resources using Azure Networking services.
|Network security best practices||Discusses a collection of Azure best practices to enhance your network security.|
|Azure Firewall Architecture Guide||Provides a structured approach for designing highly available firewalls in Azure using third-party virtual appliances.|
|Implement a secure hybrid network||Describes an architecture that implements a DMZ, also called a perimeter network, between the on-premises network and an Azure virtual network. All inbound and outbound traffic passes through Azure Firewall.|
|Secure and govern workloads with network level segmentation||Describes the three common patterns used for organizing workloads in Azure from a networking perspective. Each of these patterns provides a different type of isolation and connectivity.|
|Firewall and Application Gateway for virtual networks||Describes Azure Virtual Network security services like Azure Firewall and Azure Application Gateway, when to use each service, and network design options that combine both.|
Learn about Azure Virtual Network.