Getty Images/iStockphoto
12 core Azure networking services you need to know
Network connectivity can make or break a cloud deployment. Discover the basics of Azure network services with this list of key offerings and terms.
Networking is a critical component of any cloud infrastructure. IT teams need to connect resources and optimize application performance -- all of which depend on solid network architecture.
Microsoft Azure networking services connect and manage cloud resources. Beyond virtual networks and connectivity options, Azure offers tools to monitor and manage network traffic, perform load balancing and ensure secure user connections.
How do you know which offerings to choose for your cloud deployment project? Evaluate these 12 foundational Azure networking services, listed alphabetically with pricing information based on Azure's Central U.S. region prices.
Azure Application Gateway
Azure Application Gateway is an application delivery controller service that offers load balancing at the application layer -- Open Systems Interconnection (OSI) Layer 7. Its features include HTTP load balancing, URL-based content routing and multisite hosting. Customers can use diagnostics tools, such as access logs, as well as monitoring features of Application Gateway. A web application firewall (WAF) also protects from web-based attacks, such as cross-site scripting. Azure Application Gateway costs $0.246 per gateway-hour.
Azure Content Delivery Network
Azure Content Delivery Network (CDN) is a networking service that delivers high-bandwidth content through caches. CDN caches are in edge locations around the world to provide content physically near to end users, aiming for low latency. While this service prioritizes delivery optimization, there is less emphasis on load balancing and security than in the CDN service Azure Front Door. Azure CDN focuses on static content delivery, such as documents and files. Teams can also configure the service for dynamic content, such as a PDF. Pricing for Azure CDN starts at $0.081 per GB up to the first 10 TB per month.
Azure Domain Name System
Azure Domain Name System (DNS) is a service that hosts a domain and enables admins to manage its records. The service hosts domains on a global network of Azure DNS name servers. Admins manage DNS records through the Azure portal, Azure PowerShell and Azure CLI. Additionally, it supports internet-facing DNS domains and private DNS zones. Azure Private DNS manages and resolves domain names in a virtual network (VNet). With Private DNS zones, IT teams can use custom domain names to adjust VNet architecture to suit their needs. The first 25 public and private zones hosted in Azure DNS are priced at $0.5 per zone per month.
Azure ExpressRoute
Azure ExpressRoute is a networking service that privately connects a company's on-premises infrastructure to the Microsoft public cloud via a third-party connectivity provider. Because the connection is private, it offers lower latency and greater reliability than the public internet. ExpressRoute offers four different connectivity models: CloudExchange Colocation, Point-to-point Ethernet Connection, Any-to-any Connection and ExpressRoute Direct. Connectivity providers for this service include Comcast, AT&T and Equinix. This service starts at $55 per month for 50 Mbps of circuit bandwidth and $0.025 per GB for any outbound data transfers for an ExpressRoute Circuit. A standard VNet gateway costs $0.19 per hour with 1 Gbps of bandwidth. This service requires deployment of both a circuit and gateway.
Azure Front Door
Azure Front Door is a CDN focused on application delivery with built-in security, such as a WAF, bot protection and DDoS protection. Like Azure CDN, it uses edge computing to reduce latency for end users globally. This service also provides security and global load-balancing capabilities, targeting app reliability and performance. IT teams can use its reporting analytics feature for granular real-time insights on assets and to monitor CDN traffic. The service is a good fit for businesses that work with dynamic web applications and static content. Front Door pricing starts at $35 per month for the standard plan. Outbound data transfers from the edge to the client are $0.083 per GB up to the first 10 TB per month. Outbound data transfers from the edge to the origin are $0.02 per GB.
Azure Load Balancer
Azure Load Balancer is an OSI Layer 4 -- the transport layer -- load balancer designed to offer high availability. IT teams can configure the service to perform internet-facing public load balancing, which balances incoming traffic from the internet among Azure VMs, as well as internal load balancing, which manages traffic among VMs in a VPN. This Azure networking service automatically reconfigures itself when admins scale an instance. Its monitoring features can close connections to an instance that is not performing well. Azure Load Balancer costs $0.025 per hour for the first five rules and $0.01 per every additional rule per hour. Data is processed at $0.005 per GB.
Azure Network Watcher
Azure Network Watcher monitors deployed Azure networking services. It provides various tools for IT teams to keep track of resources, diagnose problems, view metrics and analyze logs. While Azure provides monitoring capabilities for each of its individual network resources or services, Network Watcher provides a comprehensive view of the network of IaaS products, such as Azure VMs and Azure VNets. Enterprises can view the interconnections between resources, as well as their usage. Users are charged by the features used.
Azure Private Link
Azure Private Link enables IT teams to access various Azure PaaS offerings -- as well as Azure-hosted customer-owned services and Microsoft partner services -- via a private endpoint in the enterprise's virtual network. With private endpoints, IT teams do not need to use ExpressRoute or VPN connections, gateways, network address translation devices or public IP addresses. Private endpoints are accessible via on-premises VPN tunnels and peered networks. While Azure Private Link does not charge for the service, it does charge $0.01 per hour for a private endpoint and begins charging processed inbound and outbound data at $0.01 per GB.
Azure Traffic Manager
Azure Traffic Manager enables admins to distribute user traffic for Azure VMs, cloud services and web applications. The service is used to increase availability and prevent downtime. It offers six types of DNS routing to direct user traffic to the optimal endpoint: priority, performance, geographic, weighted, subnet and multivalue. The service also includes continuous endpoint monitoring and automatic failover. A common use case is for on-premises systems that burst, migrate and fail over to the cloud. Traffic Manager charges $0.54 per million inquiries up to the first billion inquiries in a month. Health checks begin at $0.36 per Azure endpoint per month, and traffic views cost $2 per million data points processed.
Azure Virtual Network
An Azure VNet is an isolated network within the Azure cloud that enables enterprises to securely connect cloud resources, such as VMs. Azure customers use the service to set up and manage VPNs and can create multiple VNets within an Azure subscription or region. Companies can choose to connect VNets so resources within separate VNets can communicate. They can also set up private network connections between on-premises architecture and Azure. VNet peering within the same region costs $0.01 per GB for inbound and outbound data transfers. Global VNet peering is $0.035 per GB for inbound and outbound data transfers.
Azure Virtual WAN
Azure Virtual WAN integrates networking, security and routing features into one interface. This service includes branch, site-to-site and point-to-site VPN connectivity; private connectivity via ExpressRoute; and routing, Azure Firewall and encryption for private connectivity. Virtual WAN's architecture focuses on optimizing scale and performance, so users can start with one of the service's use cases and adjust as needed to suit new workloads. The standard Virtual WAN Hub starts at $0.25 per deployment hour.
Azure VPN Gateway
Azure VPN Gateway is a network gateway service for encrypted traffic to travel across multiple types of virtual networks or sites over the internet. IT teams must pick the right VPN cross-premises connection options to suit their needs. Options include site-to-site, point-to-site, VNet-to-VNet, multisite and Azure ExpressRoute. The basic version of VPN Gateway costs $0.04 per hour for 100 Mbps of bandwidth. Outbound data traveling between two virtual networks is charged at $0.035 per GB. Outbound data traveling via point-to-site VPNs is charged at standard data transfer rates.
Editor's note: This article was updated to include additional information on Azure networking services.
Kathleen Casey is site editor for TechTarget Cloud Computing. She plans and oversees the site and covers various cloud subjects, including infrastructure management, development and security.