When you place your resources in the cloud utilizing Microsoft as a provider of public cloud, your network which is situated in the cloud can be termed as a n Azure virtual network (Vnet). Your virtual network can be configured in a similar way as your internal on-premises network; i.e, you set security policies, DNS and then the routing can be configured.
The vnet can be sub divided into subnets as well. This azure vnet becomes your internal network’s extension. You can also utilize virtual appliances, which are termed as virtual machines on which you have installed intrusion prevention/detection solution, software firewall or other function on your azure vnet. The role of virtual appliances is extremely vital in your cloud security strategy. You should do a little extra configuration for utilizing these virtual appliances.
The first step is the creation of virtual machine in your vnet. This is accomplished with the help of azure portal. You can also do this by utilizing azure power shell or azure command line interface. You can select from various operating systems. Let us assume that your virtual machine runs Windows 2012 R2 server. In the GUI of portal, you choose a deployment model, assign the VM a name and enter the username and password of the admin. Then the size of the VM has to be specified (support, memory and cores for different features). Pricing is dependent on the size, so choose what is suitable for the use case of your virtual appliance. Then you select optional features like premium storage (SSD disks that are faster) and configure the settings. Now, you can log on to your virtual machine and can install the appliance software.
One important thing you should consider when you are using virtual appliances on your azure virtual machines is that multiple virtual appliances running in the cloud such as the software firewalls that run on your on-premises network need to utilize multiple NICs (network interfaces). In 2014, Microsoft stated that they would be extending their support for multiple network interfaces (NICs) in azure virtual machines. Unfortunately, there are a few limitations on utilizing multiple NICs. The first one is that they must be generated in vnets. The number of NICs you create in a VM depends upon its size. Only one NIC is supported by medium, small and extra small VMs. Two NICs are supported by A3 (large) and four NICs are supported by A4 (extra large). G5 and DS14 VMs support highest number of NICs.
Utilizing multiple NICs enables you to acquire higher capability for managing network traffic and isolating traffic along with using and running virtual appliances. A VM can be created with multiple NICs utilising the azure power shell interface. You should designate the IP address and subnet of the default NIC first and then append extra NICs to the configuration of virtual machine before the VM is created. Once your VM is set up, for the network traffic to reach the virtual appliance, you should enable IP forwarding on the VM on which it is installed and a routing table must be created to host the route. You can accomplish this with the help of azure power shell. Once the routing table is created, a route is added to it utilising the Next Hop type Virtual Appliance. A route table should be associated with at least a single subnet before its usage. The command Set-AzureSubnetRouteTable. Now the IP Forwarding can be enabled for your VM. You should get the virtual machine on which the virtual appliance is running and then, you should use the command Set-AzureIPForwarding –Enable.
Utilizing virtual appliances on an azure virtual network requires some consideration, planning on various factors and additional configuration, but it is achievable. Azure is gaining huge popularity in the market because of its extensive features. Azure professionals are getting huge salaries when compared with other technologies. Thus, people who took Azure training highly preferred today. Almost all the organizations worldwide are investing in azure after knowing its potential. This technology really has a long way to go.