New networking services in Azure Government
Improve connectivity and security with networking services that help you accelerate service delivery, optimize traffic and privacy, and shield VMs from common threats. New networking services in Azure Government include Azure Bastion, Azure Private Link, Azure Front Door, Azure Content Delivery Network, Azure Virtual WAN, and Azure DNS private zones.
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.
Using a bastion host can help limit threats such as port scanning and other types of malware targeting your VMs. Azure Bastion provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines.
Azure Bastion deployment architecture: (1) The Bastion host is deployed in the virtual network. (2) The user connects to the Azure portal using any HTML5 browser. (3) The user selects the virtual machine to connect to. (4) With a single click, the RDP/SSH session opens in the browser. (5) No public IP is required on the Azure VM.
Azure Bastion resources
- Azure Bastion documentation
- Create an Azure Bastion host using the portal
- Working with Azure Bastion (video)
Azure Private Link
Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services. It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.
Access private endpoints over private peering or VPN tunnels from on-premises or peered virtual networks. Microsoft hosts the traffic, so you don’t need to set up public peering or use the internet to migrate your workloads to the cloud.
Azure Private Link resources
- Azure Private Link documentation
- Private connectivity to Azure PaaS services using Private Link (video)
- Create a private endpoint using Azure Portal
Azure Front Door
Azure Front Door provides a scalable and secure entry point for fast delivery of your global applications Flexibly route your users to the closest available backend, with instant failover for changes in availability or on-the-path performance. Front Door supports different load balancing algorithms including round-robin, weighted round-robin, active/standby configurations, and cookie-based session affinity.
Azure Front Door resources
- Azure Front Door documentation
- Azure Front Door routing architecture
- Set up a geo-filtering WAF policy
Azure Content Delivery Network
In online content delivery, user experience is everything. Azure Content Delivery Network (CDN) lets you reduce load times, save bandwidth, and speed responsiveness—whether you’re developing or managing websites or mobile apps, or encoding and distributing streaming media, gaming software, firmware updates, or IoT endpoints.
Azure CDN offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN point of presence (POP) locations.
Azure CDN resources
Azure Virtual WAN
Gain simple, unified, global connectivity and security with Azure Virtual WAN.
Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity to, and through, Azure. Azure regions serve as hubs that you can choose to connect your branches to. You can leverage the Azure backbone to also connect branches and enjoy branch-to-VNet connectivity. We have a list of partners that support connectivity automation with Azure Virtual WAN VPN. For more information, see the Virtual WAN partners and locations article.
Azure Virtual WAN brings together many Azure cloud connectivity services such as site-to-site VPN, User VPN (point-to-site), and ExpressRoute into a single operational interface.
Azure Virtual WAN resources
Azure Private DNS
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than Azure-provided names. The records contained in a private DNS zone are not resolvable from the Internet. DNS resolution against a private DNS zone works only from virtual networks that are linked to it.
Azure Private DNS resources
- Azure Private DNS documentation
- Azure Private DNS zones scenarios
- Create an Azure private DNS zone using the Azure portal