Networking features recently made generally available in Azure Government
The Azure Government team continually strives to bring the latest Azure platform features to Azure Government. In this post I highlight networking features that have recently been made generally available in Azure Government.
Network Watcher
Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.
Virtual Network Service Endpoints and Firewalls for Azure Storage
Virtual Network Service Endpoints for Azure Storage allows administrators to create network rules that permit traffic only from selected VNets and subnets, creating a secure network boundary for their data. This enhances both security and performance by extending the VNet private IP space and identity directly to Azure Storage without leaving the Azure Government data center infrastructure.
As part of Firewalls for Azure Storage we enable network-based access control for Azure Storage. Network-based access control enables customers to define access control based on IP, ensuring that only requests coming from customer specified Azure VNets or public IP ranges or addresses will be allowed reachability to a specific storage account.
Azure DNS
Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
Accelerated Networking for Windows and Linux Virtual Machines ** Update 3/15/2018 **
Accelerated Networking for Windows and Linux enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the data path, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.
IPv6 for Azure Load Balancer
Once IPv6 for Azure Load Balancer is deployed, an IPv4 or IPv6-enabled Internet client can communicate with the public IPv4 or IPv6 addresses (or hostnames) of the Azure Internet-facing Load Balancer. The Load Balancer routes the IPv6 packets to the private IPv6 addresses of the VMs using network address translation (NAT).
IPv6 over ExpressRoute Microsoft Peering
ExpressRoute Microsoft peering now supports IPv6. Customers can connect to Office 365 and IPv6 supported Azure PaaS services using IPv6 through Microsoft peering.
Azure PaaS Services Through ExpressRoute Microsoft Peering
All Azure PaaS services are now accessible through Microsoft peering. Not only does this remove the need for Public peering, it also opens the door to using the native Azure VPN to secure connectivity over ExpressRoute. It is Microsoft’s recommendation going forward that customers connect to Azure PaaS services through Microsoft peering.
Route Filters for ExpressRoute Microsoft Peering
In addition to adding the PaaS routes to Microsoft peering, route filters have also been added. A route filter provides customers the ability to identify services they want to consume through their ExpressRoute circuit’s Microsoft peering.
Learn More About Azure Government
Microsoft is committed to providing the most trusted, comprehensive cloud for mission-critical workloads so that our nearly 6 million government users across 7,000-plus federal, state, and local organizations can achieve more in carrying out their mission-critical workloads.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, click “Subscribe by Email!” on the Azure Government Blog. To explore Azure Government, request your free 90-day trial today. Or, check out purchasing options to get started now.
Light
Dark
0 comments