Azure IaaS Network Security Foundation
Foundation Deployment Service for Asure IaaS Network Security
Azure Cloud Networking Environments Delivered by Crossconnect
Network & Security Infrastructure as a Sevice
When moving to the cloud, businesses initially often think that networking and security is no longer their concern. The general assumption is “The cloud provider takes care of that”. This mindset can create serious design and operational challenges as the environment scales, and sometimes security incidents or data breaches
Cloud Networking Scalability is Complex
Scaling the cloud environment will become hard, and there will also be little network or security visibility. It can become difficult or impossible to solve compliance problems. Many organizations learn too late that “the cloud provider takes care of that” is only partially true; the tools are provided, but the design, configuration, and maintenance of the tools are the responsibility of the customer’s cloud engineers. Moreover, the expertise required to implement scalable networking, security, redundancy, and disaster recovery is different than it was on-premises, often requiring retraining or bringing in a consultant to assist.
Cloud providers, such as Microsoft Azure, do hold responsibility for securing some of the resources used in the cloud. In the cloud, a “shared responsibility” model is used, where the provider and the customer share the responsibility of the infrastructure network and security. When designing IaaS in the cloud, the provider provides software defined networking and security tools, but it is the customer’s responsibility to configure the environment for their security, redundancy, and disaster recovery goals.
WHY AZURE FOR NETWORK SECURITY?
Build Your Cloud Network on a Secure Foundation
You must understand your particular threats and risks, deploy the tools to mitigate them, and maintain those tools in order to prevent breaches and meet regulatory needs. The cloud provider will also provide many forms of disaster recovery and redundancy, but the customer must design and operationalize them for their applications, test them to make sure they function as designed, and maintain them over time.
Proper cloud design and deployment depends on a solid foundational network and network security design from day one. Cloud networking and network security does not have an “easy button”. Rest assured that Crossconnect’s team of cloud architects and engineers are here to assist.
Pricing, Options and Deliverables
Azure IaaS Network & Security Foundation Deployment
The “Azure IaaS Network and Security Foundation Deployment” service will ensure that your organization gets a solid start with Azure cloud services. With this service, Crossconnect will build a best-practice-based “Hub and Spoke” Azure network topology for your environment.
A “Hub and Spoke” design is centered around a Hub or Transit Virtual Network. This is the center of the cloud environment’s network where firewalling and visibility occur. This is also the exit point of the environment to the Internet and VPNs. The “Spoke” (workload) Virtual networks are then peered to the Hub and send all their network traffic to the Hub for firewalling, inspection, visibility, and communication to other Virtual Networks (workloads), on-premises networks (VPN), or to the internet. This is called a Hub and Spoke topology as all the workload Virtual Networks are connected to the Hub Virtual network resembling the spokes on a wheel.
Service Deliverables:
Create a single environment in one Azure Region
Create a Hub/Transit Virtual Network
Create a Virtual Network Gateway in the Hub Virtual Network: Create a VPN connection from an existing on-premises firewall to Azure via an Virtual Network Gateway
Create an Azure Firewall in the Hub Virtual Network: Configure the Azure Firewall with up to twenty rules for traffic between workloads and the internet, on-premises networks, or other workload Virtual Networks
Create the Azure Firewall and the Virtual Network gateway to be Zonally redundant to allow for creation of redundant workloads/servers to ensure their redundancy within the region as well.
Create three Spoke/Workload Virtual Networks, peered to the Hub/Transit Virtual Network, with route tables to ensure the Workload traffic to other Virtual Networks, On-premises Networks, or the Internet goes through your Azure Firewall.
Provide a diagram of this Azure environment for future use.
Cost of Service
Additional training and campaign planning options are available for an additional fee.
$20,000
/one-time
charge
Create a Second Azure Environment
Aside from firewall rules, configuration will be identical
$16,000
Azure Application Gateway Configuration
Three applications, three VIPs, nine back-end servers
$6,000
Azure Standard Load Balancer Configuration
Three applications, nine back-end servers
$3,000