In my career, I have had the pleasure to work with a lot of new IT people. One thing that I like to stress to new IT people is that even the IT department has clients. For many corporate employees, they have clients that they are responsible for. For example, salespeople are responsible for working with the customers of the company.
But it’s the same in IT. Our customers are our employees. The better our network works, the more our customers (our end users) can do and the easier we can make their job. One of the tasks that we can set up to help our end users is single sign- on (SSO). SSO allows your users to log into one network and automatically get access to another network. For example, SSO allows our users to log into one network (onsite) and have access to the Azure cloud network without having to enter a new username or password.
Azure Active Directory’s Application Proxy provides secure remote access to web applications that are located on your local onsite network. Because of SSO, users can sign into Azure AD and then they will have access to both cloud- based and onsite applications. This is possible through an external URL or an internal application portal.
Azure AD, along with an Azure Application Proxy, allows users to access onsite web applications from a remote client. Application Proxy uses an Azure Application Proxy service that runs in the cloud and an Application Proxy connector that runs on an onsite server. The process requires that you use Azure AD, the Application Proxy service, and the Application Proxy connector. All three components work together to securely pass the user’s sign- on token from Azure AD to the onsite web application.
Application Proxy was designed to allow Azure users to access onsite web applications. It is designed to work with the following:
■ Web applications that use Integrated Windows authentication
■ Web applications that use form- based or header-b ased access
■ Web APIs that you want to expose to rich applications on different devices
■ Applications hosted behind a Remote Desktop Gateway
■ Rich client apps that are integrated with the Microsoft Authentication Library (MSAL)
Application Proxy is an excellent option for giving remote users access to internal onsite resources. It allows your users to connect remotely to web applications without the need of a VPN or reverse proxy. It is not intended for internal users on the corporate network. Internal onsite users should already have access to the onsite web applications. If onsite users use Application Proxy, it can cause performance issues, so only remote users who are connected to the Azure network should use it.
Understanding the Azure Relay Service
In today’s fast- moving technology world, one of the issues that we all must face is security and the threat of cyberattacks, ransomware, and all other types of malware. One major factor that we must all consider when building a network is security.
The Azure Relay Service allows you to securely execute services that run in your corporate network to the public cloud. You can configure the Azure Relay Service without opening a port on your firewall or without making intrusive changes to your corporate network infrastructure. The service supports multiple scenarios between onsite services and the applications that run in the cloud or in another onsite environment.
The Azure Relay Service is different from other network technologies such as VPN. You can configure the Azure Relay Service to a single application endpoint on a single machine.
If your IT department decides to install a VPN for all of its users, the IT department has to make sure the network is properly configured for VPN access. Also, anyone who has VPN access can use that access to connect to part of or the entire network.
The Azure Relay Service does not require changing the physical network. You can set up the service to communicate to a single address. Here are the steps that are used in the Azure Relay Service:
- Using an outbound port, an on-p remises service can connect to the relay service directly.
- The Azure Relay Service creates a bidirectional socket for communication tied to a particular address.
- The client can then communicate with the onsite service by sending traffic to the Azure Relay Service targeting that address.
- The Azure Relay Service then relays the data to the onsite service through the bidirectional socket dedicated to the client. The client doesn’t need a direct connection to the onsite service.
Exam Essentials
Using Azure Arc
One really nice advantage of Azure is the ability to use, or not use, any of the available services and tools. Most cloud-b ased networks are consumption based. The more services that you use, the more you pay. But for many companies, not all features or services will be needed when setting up your Azure network. This is the category that Azure Arc falls under.
Azure Arc is an Azure service that may greatly help your company, especially if your company creates and uses applications that you build internally. For any organization that develops their own software or services, Azure Arc can be a great feature. It allows a company of any size to easily secure, develop, and operate infrastructure, apps, and Azure services from anywhere. Azure Arc helps you extend the Azure platform so that you can build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. This allows your developers to build cloud- based applications with a consistent development, operations, and security model.
If your organization uses developers and you would like more information about using Azure Arc, please feel free to check out Microsoft’s website:
https://azure.microsoft.com/en- us/products/azure- arc.
Summary
In this chapter, you learned about Windows containers. Windows containers are brand-n ew technology to Windows Server 2022 or some versions of Windows 10/11. You learned how to install, configure, and maintain your Windows containers. We also discussed the components needed to work with containers.
I then showed you some exercises for configuring Windows Server 2022 containers and how to download and work with image files. These image files can be used to create Windows and Hyper- V containers.
I also showed you how to build and configure Azure virtual machines. Setting up a virtual network can be less expensive and an easy way for a company of any size to quickly and easily build an entire network in the cloud.
Finally, I explained various services and roles that you can use to help secure and access your virtual network and your onsite network.
Exam Essentials
Understand Windows containers. Windows containers work a lot like virtual machines except that when you build a virtual machine, you need all of the services that make that VM run properly. Windows containers are fast operating system builds that allow you to run applications in their own environment.
Know the PowerShell commands used for containers. The Microsoft exams are going to focus on PowerShell commands. Make sure you know the PowerShell commands that are used for Docker and containers.
Understand Docker technology. Understand that Docker is the technology that is used to manage and maintain Windows containers. There are preset images on Docker that you can pull down and run. Microsoft also has preset Docker images that you can use and manipulate.
Know the different docker switches. Know how docker switches are used. Know that you run docker switches in PowerShell or at an elevated command prompt.
Understand virtual networks and virtual hard disks. Virtual networks and hard disks are the two most tested topics. You definitely should know the types of virtual networks available (external, internal only, and private virtual network) as well as all types of virtual hard disks (dynamically expanding, fixed size, differential, and physical or pass- through). You should be able to apply the correct one when needed. Be familiar with the Edit Virtual Hard Disk Wizard, which is a good source for exam questions.