Network Topology and Connectivity - Azure Services Cheat Sheet (DRAFT) by haraldthegrey

Azure Firewall: Protects your network with centra­lized traffic filtering and monito­ring.
Network Security Groups (NSGs): Define and enforce inboun­d/o­utbound traffic rules for subnets and network interf­aces.
Azure DDoS Protec­tion: Automa­tically mitigates DDoS attacks to safeguard your applic­ations.
Azure Private Link: Establ­ishes private endpoints for secure access to Azure services.
Azure Bastion: Provides secure and seamless RDP/SSH access to Azure VMs without public exposure.
Microsoft Defender for Cloud: Monitors and improves security posture for hybrid and cloud workloads.
Azure Policy: Automates compliance enforc­ement for standards like ISO27001 and NIS².

Azure Monitor: Delivers end-to-end observ­ability for metrics, logs, and diagno­stics.
Log Analytics: Facili­tates centra­lized querying and analysis of logs from network and security compon­ents.
Network Watcher: Offers powerful tools for network diagno­stics, monito­ring, and visual­iza­tion.

EntraID / Entra Connect: Unifies identity and access management for cloud and On-Pre­mises resources.
Azure Arc (Optio­nal): Extends Azure’s management and security capabi­lities to On-Pre­mises and multi-­cloud enviro­nments.
Azure File Sync: Seamlessly integrates On-Pre­mises file servers with Azure Files for hybrid storage solutions.
Azure Storage (Blob and File): Reliable, scalable cloud storage for data and backups.

Virtual Network (VNet)}: Foundation for hosting Azure resources and ensuring network segmen­tation. Allows subnets for different workloads (e.g., app, database).
Azure VPN Gateway:Enables secure site-t­o-site or point-­to-site connec­tivity between On-Pre­mises and Azure.
Expres­sRoute:Provides dedicated, private, high-b­and­width connec­tivity to Azure.
Azure Virtual WAN (Optio­nal): Simplifies global network archit­ecture and provides branch­-to­-Azure and branch­-to­-branch connec­tivity.
Azure DNS:Provides name resolution for resources within and outside Azure.

Azure Load Balancer: Balances traffic across VMs, ensuring high availa­bility.
 Azure Applic­ation Gateway: Provides advanced Layer 7 routing, SSL termin­ation, and web applic­ation firewall (WAF) features.
Traffic Manager: Uses DNS-based routing to distribute traffic across multiple Azure regions.

Azure IoT Hub (if IoT integr­ation is required): Facili­tates secure and scalable device­-to­-cloud commun­ica­tion.
Azure Edge Zones (Optio­nal): Brings Azure services closer to users for low-la­tency applic­ations.
Azure Content Delivery Network (CDN): Speeds up content delivery through caching at global edge locations.

Azure Availa­bility Zones: Enhance fault tolerance by distri­buting resources across isolated zones within a region.
Azure Region Pairing: Leverages geogra­phi­cally paired Azure regions for disaster recovery and geo-re­dun­dancy.