welcome to another episode of azure video series from k21 academy in this video we will be covering virtual networks and subnet public private static and dynamic ip route table and route rules network security group security rules for egress and ingress service endpoints application security group azure firewall along with azure firewall manager passion host nat gateway azure dns azure load balancer application gateway azure traffic manager express route vpn gateway local network gateway virtual van v-net pairing hub and spoke model and gateway transit in the end we will also share details about our step-by-step azure cloud training program which will not only help you understand basics but it will also give you real life hands-on experience it would be helpful especially when you're preparing for microsoft azure certifications like certified azure administrator associate and certified azure solution architect expert for the certification exams you should have an understanding of azure networks now let's hear from a cloud expert on the same in this module we will be learning virtual networking here we will start with learning virtual networks and how can we segregate virtual networks into multiple subnets if you take azure there are n number of networking components starting from the nic card of the virtual machine and then how we segregate the network into multiple units and subnets and how can i balance my load and the multiple gateways of both application and virtual network gateway we also have local network gateway and many other networking components are there but before even we go there it's really very important to understand how networking works what is networking how i p addressing works what is cider notation so we are going to use the white board to explain some of the basics like how we have multiple mobile numbers to contact each other networking has something called ip address and we have ip version 4 and ip version 6. ip version 4 is usually an 8 bit 8 bit 8 bit 8 8-bit so this is an 8-bit 888 so overall it's a 32-bit ip addressing wherein in ipv6 it's 128-bit alphanumeric code it's very long currently telecom industry is leveraging ipv6 heavily if you take ipv4 i can do subnetting and super netting to classify into multiple small pieces of network and we have five different classes of ip address from a to e a is 0 to 126 and b is 128 to 191 and 192 to 223 224 to 239 240 to 255 overall from 0 to 255 so it's 256 overall do we have anything which is missing yes we have 127 which is missing which is also called a loopback ip address it is also called home if i want to check the internet connection of my laptop and if i really want to start with my own network card then i can ping 127.001 and if i get a ping reply which means that it doesn't have any issues with my laptop especially with my network card let me try it in my laptop i don't have any issues with the internet so it should ping i'm getting the ping for my loopback ip address let's see i'm taking one particular bit it starts from 0 to 255 and the second bit also goes from 0 to 255. so the ip addressing starts from 0 0 0 0 to 255 255 255 255 so we have millions of ip address and how are we going to classify which one to use and which one to reserve for this we need to understand cider notation classless inter domain routing if i pick up one ip address like this slash 16 which means 8 plus 8 i am blocking the first 16 bits for network and the remaining 0 to 255 and 0 to 255 are for my host if i need a big network then i need to choose maximum bits from here and if i need a small network but more host which means i do have only limited departments but the employees within the department is more so your department is nothing but your network the employees are nothing but the host ip so if i write in 10 1 1 0 24 which means i am blocking the first 3 octet so all i get is 256 ip address which is 0 to 255 of the last bit if i have multiple departments but only very less employees in the department then i can go for it we also have two broad classification of ipv4 that is your public and your private ip public is mainly for management traffic if you have a virtual machine quickly go to the overview page and check you have two ip address one is public another one is private so public we have just given the name for example vm hyphen pip or so and so but microsoft gets the list of public ips from ayana internet assigned numbers authority that is why even if we have shut down our server we still have to pay for operating system disk and resources like public ip because microsoft has paid it to ayana we also have to pay few cents to microsoft every public ip or i would say most of the public ips are associated with an website but it's not the case with private we do have limited range of private ips let me write it here these are the three range of private ips the 10 series and the some of the ip address in the 172 16 series and also the complete 192 168 series why is it called private because the data traffic happens via private ip address while public ip address is mainly for management do you remember we used to take remote session to our virtual machine via the public ip not via the private ip if two virtual machines communicate with each other then it is always via private ip i can have the same ip address and subnetting in my subscription and you can also use the same thing for example i have picked up 10 1 0 0 as one of my ip address well you can use it under your subscription because it's private this ip address is completely private for my subscription within my subscription i cannot use it again but from your subscription you can use it now let's see we will quickly create a new boundary so far we have always created only the logical boundary which is my resource group let's say this is the resource group which is called network and in between the network we have directly created a virtual machine and under the third page of creating virtual machine we have kept everything as default option but today we are not going to do the same thing we are going to create a network boundary also this is our logical boundary and within that we are also going to create our network boundary and then we will place the virtual machine or any other products that you need so this is the network boundary it is called v-net and what could be my ip addressing range you cannot give single ip address you need to give the ip address range i'm going to choose 10 1 0 0 16 which means i'm blocking the first two for network and the remaining two for host now within this v-net if you see the overall ip address that i get in this range it's vast it is 65 536 now that becomes tough for me to manage and also apply security rules and there is one thumb rule everybody within the v-net can talk to each other it is one network boundary let's say i have a virtual machine i have a sql database i also have a cosmos db all of these resources can talk to each other within my network in that case if i place all my machines within the network how will i apply security rules now for this i am allowed to again segregate my network into multiple small small pieces which is nothing but my subnet i'm going to name it as s1 and s2 and my s1 can be 10 1 because i cannot change the first two octets it is reserved already on the v-net level this is my v-net it's already fixed so what is the next one available the third octet now here i can start from 0 or 1 here i'm starting from 1 24 why because the third one i'm reserving the third one which is the one series and s2 can be 10 1 2 0 24. similarly i can create n number of subnets so within this if you see i get only 256 ip address now this is how we segregate our networks the first one is the logical boundary and the second one is our network boundary and also for the security boundary we have the s1 i'm sorry the subnet in azure there is an exception you cannot use the ip address 0 1 2 3 and 255 if you have created your virtual machine probably you might have paid attention or may not but if you have a virtual machine quickly go and check if you have chosen the ip address your first available ip address will be always four because zero is the network id and these three are reserved for azure for future purpose mainly for gateways and 255 is the broadcast id now keep in mind that you cannot use one two and three and private ib is by default assigned by azure all we have to do is give the network boundary with the ip range and the rest and ip addressing assignment is usually taken care by azure now with this can we quickly go ahead and create our network along with the subnet once again i'm going to write the same thing this is the v-net where in 10 1 0 0 16 well you can also try i'm going to create with one subnet which is 10 1 1 0 24 without a subnet you cannot create vnet but once the entire network boundary is chosen then you can add n number of subnets the second subnet is going to be 10 1 2 0 24 you might ask is there any limitation for the v-net in the subscription level yes there is called soft limit and there is also called hard limit soft limit is 50 v nets per subscription and hard limit is 500 why is there a difference so that microsoft can keep a track of the usage once your soft limit is over call microsoft and there is no charge for it they will move from 50 to 500 they will enable the hard limit for you you can use the same numbering also now let's go back to the portal and try the same thing i already have a resource group called networking you can type in virtual network on top or you can also choose from the left hand side i'll add a virtual network i'll use the same resource group and i'm going to name it as vnet1 i'll create it in west us the next is ip address and by default azure gives the ip address you are free to change it here we are going to use the 10 1 series and the subnet without one subnet we cannot add the v-net and the subnet is 10 one which is already fixed for v-net 1 0-24 on the v-net level we have two different level of security ddos and firewall which we have already covered in az900 but once the v-net creation is done we will go back to the whiteboard and once again understand what is ddos and what is firewall i'm not going to choose the tag let me go ahead and create our first network boundary while the creation is going on we will try to understand the security part of it so here is our v-net you might ask why do i have to talk about security it's cloud it's supposed to be a silver bullet isn't it it's not security is a shared responsibility any cloud vendor you go to the cloud vendor will take care of certain things and you have to take care of certain things for example the data that you put in cloud it's always a customer's responsibility to give the identity and access management to the right set of people similarly on the v-net level i am going to call it as perimeter security and i have two levels of security here which is my ddos which is the distributed denial of service by default ddos basic is enabled you can also upgrade it to the standard one and you also have firewall azure firewall which is nothing but a firewall as a service please go to azure pricing calculator choose azure firewall as the product and choose your target region and check how much is surprising for firewall azure firewall is one of the very few expensive resources within azure have you ever wondered why you are able to access everything in your office but not facebook or i'm not able to access anything but only bbc and cnn it's all because firewall it's nothing but your access control list wherein you can allow and deny some of the ip addresses or the website it can be one one one one or it can also be wild card entry the star is called wild card entry dot facebook.com which means photos.facebook.com videos.facebook.comsales.facebook.com anything.facebook.com since v-net is always on the ip address level firewall has to be on the v-net these are the two different levels of security that we have on the v-net level now let's go back to our portal our v-net is ready if you click on this subnet we have our first subnet can we create one more subnet so i'm going to call it as s2 and call it as 10 to 24 series we'll keep all the other options as basic because we haven't learned about network security group routing table and service endpoint hey there so that was our as your administration trainer talking about uh the virtual network ip address spacing and cider which is classless inter domain routing you'll be that is the one which will be using uh quite extensively at different places uh so just to do a quick recap on what we covered so you have a virtual network that's outer line we already saw that and then within this net virtual network you create something called as subnet and within a subnet then you create or when you create a subnet that is where or when you create a virtual network you get a bigger ip range or ip group or continuous block of ip addresses you break that bigger network into smaller networks we call subnet and any machine that you create like whether a windows or linux machine or a load balancer or any gateway any device that needs a ip address that ip address will be picked up from this subnet ip address so that's what is that subnet and ips will belong now in this subnet you're going to create for example machines machines will have something called as network interface cards or in ethernet card or in a virtual way through which you then one machine can talk to another machine and additionally on those virtual machines you will have can assign ips will show them as well then this network can then either talk to other network later in this we're going to see how they talk or how do you connect these two networks separately also later in this module we're also going to talk about how can you connect your network on the cloud which is v-net virtual network with on-premise so that's network now when you create a network you will go and can create subnets and you can create uh depending on how bigger the virtual network was and that bigger or size will be dictated by the cider range you select when you create a virtual network um and all those things were explained earlier in the previous lesson so if you missed that or if you want to recap one more time have a look at that previous lesson one more time then um similarly then you will be creating subnets inside that and this is an example of subnet being created and then what you can do is you can create ip addresses those ip addresses can be public or private now public ip addresses are one which you can access from the internet or you can um go out from these public ip addresses to the out as well now whereas private ipad bases are ip addresses which are which can be only visible or you can connect only from within that network you can't connect from outside so if i'm on internet and i want to connect to that machine which is have a private ip i can't do that unless i have some other things which are like load balancer which we'll see in later but directly i can't reach out from internet to this private ip i can only do public ip now other thing is that these ips can be can be dynamic or static dynamic ips every time that ip might change as well um whereas static ips are ips will stay always remain same so if so the dynamic ips which which as your provide might um you can assign a machine a dynamic ipv meaning next time a machine restart the ip address might change whereas in static ip the ip address will always stay same on the menu sign so let me quickly show it to you on azure account and and how do you create these ip addresses or neck or network interface cards or or v-net or subnets so this is i'm on azure portal you should already have created an account in azure portal if not um there is a previous module or separate module about how do you create an account in azure and then portal walkthrough about just quickly if you're this is like basically white background and left hand side is all this is uh the navigation easy navigation menu bar now if you might looked into the previous uh lesson uh the trainer was instructor was showing you black screen and that configuration you can change by going to this gear box here you click on this and you can say uh first of all do you want to sign out and i've set in my settings never to sign out when inactive so but depending on where exactly you're accessing you might say sign out or after 15 20 30 minutes as well when to sign out then our inactivity time you can also see the default view home page or dashboard or like do you want to see fly out which means left hand side is gone or docked and what kind of a theme you want you want black or white theme so if you see now it's all black theme or i want this theme or i won't prefer this theme depending on also high contrast do you want contrast none or white or black contrast so depending on that you can see and do you want to enable pop-up notification any notification comes that comes as a pop-up or not so that's just quick on change on screen now here you will go and create v-net i'm not going to create v-net we you saw in one of the previous lessons um on v-net one of the v-net is already right now here now this v-net will have subnets so if you go inside that we net you you will see the list of subnets if you see under this v-net we have one subnet which is default subnet the ip address is 10.0.0.0 side space 24 which means you will have 2 to the power 8 like 32 ips minus it will be always 32 because you have four eight bits eight bits eight bits eight bits thirty two so thirty two minus twenty four eight two to the power eight which is nothing around two fifty six ips and some pipe ips a few starting ips and end ips are blocked or reserved for communication internally by azure so you have around 250 ips available on this machine here for you roughly so that's my subnet now if you want to look at uh the nick so or network interface cards you'll click on network interface nic and right now i have a network interface called card called docker i can already delete if i want so i'll click on this and if i want to delete i can go and delete it here and say yes delete i can go and create maybe it's being used by something else so i'll say network interface cards and then click on add here and i can go and add network interface cards here and then i can attach these network interface cards with a machine so i'll give a name i'll give a resource group now again a resource group is nothing but collection of resources which resource in this case is about my ip address that's resource i'll give a name um or i'll select a virtual network through which the ip will be assigned to this nic card and then i can attach this network interface card to a machine later so that's nick and if i need to look at the eyepiece you simply sell select on ip and this is your public ip so you see what all public ip address you can create and assign the public ip addresses here so go here and assign the public ips from here now this is just talking about um here um do you want public ip to be ipv4 version or ipv6 this is uh the versioning ipv6 is not every application support ipv6 but you can google out on ipv4 and six as well uh so that's ip address again i can assign these ip addresses to my virtual machines later so that's my ip address here so that's in a nutshell about my uh public ip subnets and virtual network in this lesson we are going to look at what is a route table so as a name suggests this is for routing the network or your data or traffic from one network to another network now if you see there is a network these outer data line here represents one network which is v-net one and this is another network called v-net two now machines within a network can talk to each other without any routing table that's an internal within we need the machines can talk to each other but if a machine in one network or one v-net needs to go out to other places like storage account or you have this network which needs to talk to your application in on premise which is your customer data center or this network a machine in this network needs to talk to another network this is where you will be needing route tables where you create a route table now when i say a machine in one network needs to talk to another network they need route table that's one method of connecting other method is v-net peering which we'll cover in a later module so in a nutshell route table will dictate or help in connections going out of the virtual or from a network which could be other services or it could be other networks or it could be your on-premise data center now let's quickly go and see how do you create a routing rule or before i go further and explain you let me see explain you what is this here so we can say there is a user defined route and that might say that all these ips or maybe 10.0.0.16 might you want to take this to some other network so you will add a route rule and say if anyone try to access from this network 10.0.0.0 something 16 take it to this way so that is what that route table will use similarly let's suppose this is a network we are already on 10.0 and if you forget another rule which says that any ips from 192 range or any ips from this range take it to my connect it through vpn gateway to on premise then that's how it will know that hey routing i need to go to this particular on-premise via the vpn gateway so all those things you will define in route table so let me quickly go and show it to you on the uh as your portal how do you create a route table so this is where i'm on back on azure portal you type a route tables and you see a route table here so by default there is no nothing so you click on either create a route table or click on add a route table here you specify on your subscription so you select your subscription in my case it's microsoft partner network you might be having a trial version and then you specify the resource group which i said is collection of resources i can use one of the existing one which i created in past if you're doing it first time you will not have any resource group so you'll create a resource group maybe say i'll use this in future as well so i'll say network or k21 network or network underscore k21 network k21 that's how i know that it's for my networking i'm using then you specify the name of that route table so i'll say a route table one in which region this route table exists and propagate gateway routes that is basically let's suppose you configure or you connect this routing table with another network or you like for example on premise or vpn gateway so the whatever is uh the routes mentioned in the uh gateway that you have to either manually add all those rules but if you select this option here it will automatically propagate those gateway rules here as well again gateway routes again this is a little bit more advanced networking topic um on propagating that gateway rules but depending on which training you're attending you can ask your appropriate trainer in the networking module when we go deeper into these topics you click on create a route table now you've just created outer shell you have not written any route rules here so we'll once you've reviewed click on create and it will take few seconds to create this uh and you will see a notification here saying that routing table deployment in progress and you'll see that deployment succeeded successfully so you refresh here and then once it's done it will say deployment is complete you go to the resource or you can go back again search here and say route table again and you will now see the route table being created here so let me see it should be now we have deployment success sorry it was came a little bit later so i'll refresh here yeah so we see a route table here now click on this route table and now we need to write the rules or routing rules which are saying so click on route table and this is where you see routes click on routes and then click on add and this is where i'll say that for example to on premise or to customer data center and then address prefix which means what i p address arranges so we'll say 192.168.0.0 for slack 16 which means all the ips within this range um you take them to which where exactly virtual network gateway so now uh what is virtual network network gateway will cover when we do vpn gateway that's what is virtual network gateway so i'll point it to say any range ip is coming from to any ips if my machine in this network on which i'm going to attach i'll show that as well so this route table needs to be associated to a a network or to a subnet so or to a machine we'll see that as well in a minute so that machine or that network will when any any machines in that network needs to go to this ip address that connection will take to the virtual network gateway and then gateway will have the definition for further forward and where exactly you're doing which is on premise that's how the connection will be click on okay now you've added a route and then you can say on which subnet this routing table is associated so you select subnet and click on associate and then pick up one of the uh network so in this case uh i don't have i don't have i have not created any network otherwise i would have it would have been visible here and say virtual network and then you add um uh here so let me quickly or you can do it i'm not going to show it to here because we want to keep it short and quick so this is where you will select network and that means these subnets will be attached um on here for you so in that case any subnet that has this route attached it will use that routing way to go out to uh the destination which is your on-premise server so that's about a route table so let's look in this lesson what is network security group so network security group is think of it as a firewall at a network level which is provided in built by azure network so network security group is used to filter out the network traffic coming going out or coming in so going up coming in to or going out from as your network it could be or any resources like virtual machine or load balance and other places other things so network security group contains security rules going out which is like egress and coming in which is increase rules to allow or deny any inbound traffic going out or go coming back and as well so what you do is it's quite simple and straightforward you go and create a network security group and in that security group you write rules like what is allowed what is denied so and then you attach that network security group to a either a virtual machine or to a network as well so that's what we that's what is about network security group now let's look into uh the portal and see how to uh create a network security group and attach it or add some rules into this so i'm into the portal again just search for network security group so this is the third number here click on network security group and by default i'm using some docker so we'll leave it default you click on you may not see that in your on your portal click on add and then always you will have so you will be selecting your subscription by default you might have a trial account or um depending on kind of a subscription in my case we are partner microsoft partners we see microsoft partner network you select a resource group now as i said we created a resource group earlier but if not if you don't have any resource group you click and say create a new resource group is collection of resources like network security group is one resource my ips are another resource network is another resource so i'll click here and say i created this network k21 resource group and then we'll give name of the network security group so we'll say nsg 1 and k21 and then if you want you can add metadata like is it for production is it for dev test or what department we simply say review and create now once you've verified all the details are correct you click on or maybe okay so maybe my network problem at my end and on review and create button you click on create and it will go and create just give it say give it a minute or so and then you will go to the network security group so you can search again nsg and click on that refresh the screen here and you should get a notification saying that deployment is successful and sometimes you have to refresh few times so wait for a minute or so and then come back here and refresh the screen so if you see now i got the network security group you go to this network security group and this is where you will be adding some rules here so if you see by default you see these rules here outbound rule and inbound rule so you can click on inbound and you can add any more admob rules or similarly outbound you can see allow or deny outbound rules now once you have these rules you need to you need to associate this with a subnet or a network interface card so these these network city group group in order to use them you need to be associating them with a subnet so you click on associate and then you select a network i already created a network called vnet and inside that i created a default subnet which is subnet you attach and say okay so now this subnet will start using this particular uh security group you can also attach this network security group to specific um network interface cards as well and if you have created network interface card you you will you will get a uh you can attach it i have not created a network interface card and i see otherwise you can create we looked at nic in one of the previous lessons so that is about firewall or your network security group so network security group is if kind of a firewall at a network level which will filter traffic going out or coming back in and you can write these rules increase incoming egress outgoing in this lesson we are going to look at another component of network which is service endpoint now what service endpoint help you is are these service endpoints are attached or accessible from virtual network that helps you to filter egress network traffic to a particular azure service that as your service could be a as your storage account or it could be a as your database it could be various other services that are available that needs to be accessed from a virtual machine and now they basically provide a much granular access to uh to uh or granular way to control what you can access or how that access happens securely over the network so the best way to do or show it to you is you create a service endpoint and then you go inside a network and then you create a service endpoint and pointing to any of these services so you can point it to it as your active directory or cosmos db or cognitive services or registry which is a image registry any of these services now any resource then in the network can use this service endpoint or through that service endpoint to that particular service rather than going uh maybe um directly to you you enter a specific uh details about that you use that service endpoint so just to show you how it's being created i'm in my portal so i'm going to go first go and create a or go to the network or vnet virtual network and i'm in virtual network here this is the network which i've already created um so go to this network and then below that there will be a service endpoint so you click on service endpoint and then you add a service endpoint here select the service and then click on add that's how the service point point will be created so just to recap service endpoint allows you to filter egress outgoing traffic to a particular service in this case as your storage account or um to here in this case sql database and in this lesson we are going to look at application security group so the application security group as per the diagram as shown in the diagram helps you to manage security of your virtual machines by grouping them according to the applications that run on top of that virtual machines so for example you have a couple of virtual machines that act as a web server then another set of services acting as an application server and third couple of sets of other services or servers on which your database is running now as you know in a practical world the database server should only allow connections from the application server not from the internet users directly nor they should be able to connect from web servers similarly the application server should only be able to connect from the web server not from the internet and web servers should only allow or should be allowed or internet users should be allowed connections only on the the web servers now what one method is as we saw in network security group what you can do is you can you can create some rules and assign them manually to web servers here and then similarly app servers and say allow connections from specific to these ip addresses and or web server ips addresses or virtual machine ip addresses and then in future you add more virtual machines you add more uh ips allow on app servers here and that becomes a little bit more challenging technically you can do it but it becomes more tiring and cumbersome process so instead of that what you can do is you can create a application security group and say and then go to the virtual machine and say i say these set of servers or these virtual machines are part of this application group server group similarly these set of app machines are part of this application server group and then later you can use these applications service groups into the network security group rules to allow or source a port or source range so what you're going to do is then you say app servers allow connections on port whatever app server port number for example 8080 but only from a application server group or sorry application security group as web server so that way now you don't need to specify the source ips of these web servers uh in firewall rule here let me explain you what i mean by that so first is you're going to create a security group so you will go to the application security group and create that security group and then you are going to go to the virtual machine and then assign that particular security group so let's suppose this virtual machine is for web server we'll create a application security group i've already created the application security group called k21 asg and then assign this to this machine then later um i'm going to this security um then i'm going to the my network security group that we covered earlier which is nothing but firewall which will have increase and egress rule so i'll go in the network security group in one of the english rule which is inbound security rule i'll say add a rule but this time i'm saying source is my application security group and whatever the security group which our sign may be web server or db server or app server and so on so that's how i'll be using this network application security group so in a nutshell application security group helps to you to manage your security of virtual machines by putting them into a group of applications or similar set of applications that run and these application security group then can be later used inside the network security group which is a firewall to say allow or deny and in this lesson we are going to talk about azure firewall and as your firewall manager so azure firewall is a managed and cloud or fully managed cloud-based network security service that protects all your azure network resources so it's typical to what you used to do in on-premise used to have a firewall for any um any of our users or like any access that used to come to the network that used to go via the firewall on the similar way you have a managed um firewall that you can or a firewall that you can create and build on azure and set it in front of your network or with your network so that any connections that comes to uh that network will go through the firewall and that firewall basically uh has a pre-built or inbuilt high availability and and it can scale up as the request comes meaning that it's it's high it's highly scalable but means it can um protect any kind of a user access that comes it has um the policies to protect both layer 3 and layer 7 of osi model also it's it uses the threat intelligence from different sources to find out or if any request is coming from a melissa's ip it will automatically detect those malicious ips and protect connections as well so that's what is as your firewall so let's first quickly show and uh see where do you find um or how do you create as your firewall and attach but before that let me also cover azure firewall manager this azure firewall manager is a recently added uh when i say recently i mean in late 2020 early 2021 this firewall is a security management service that provides central security policy and route management for your secure for cloud-based security parameters so you can manage all your security policies as well as routing management for your firewalls there are two type of architecture deployment you can do for firewall one is called a secure virtual hub now what is virtual hub we are going to cover in future lessons and then second is hub virtual network um so these are the two architecture style of doing in azure firewall manager now if you're part of az 303 304 which is as your solution architect this as your firewall manager is a recently added our topic in as your solution architect and that's in that program we're going to cover that a little bit uh in detail about azure firewall manager and its implementation now the hub virtual network implementation there is a hub and spoke model again we are going to look at when you have multiple virtual networks you can connect them with each other and can configure them in a uh hub and spoke model what is hub and spoke model will see in one of the subsequent lessons or you can also deploy as i said earlier in a virtual hub model so what is a virtual van hub wide area network we'll see that as well so in you can deploy this as your firewall in any of these two implementations so now let's go and quickly on azure console and see what is azure firewall or how to create as your firewall so if you notice i'm in my uh microsoft azure portal uh so here you need to do is you need to search for firewall so you click on firewalls and then you will say create a firewall and this is where you provide your resource group we're creating name of the firewall and then there are different tiers like premium service there are the extra this is the preview um phase feature right now but there are two five volt years the premium is more expensive then there are other parameters and policies and other parameters or things that you're going to specify and then you're going to say this firewall will be used with a new virtual network or you're going to create it with existing network now i'm this is because this is a network overview or so i'm going to keep it high level but this is just to show you this is where you come and see the firewall or you can go to virtual network let's suppose this is i have not virtual machines but vnet so these are my virtual networks and then i've already a demo vnet k21 and in that i'll be able to see here under firewall you'll see what firewall is attached so right now there's no firewall you can click and add a new firewall so that firewall similarly you can go and look at firewall manager so you click on firewall manager and this is where you will see the two deployment method i said you can go for either virtual network or virtual hub and if you go for virtual network if it lists down all the virtual networks available virtual hub we have not created any virtual hub right now you don't have that's why you don't have any virtual hub here so that's about firewall and firewall manager in this lesson we are going to look at bastian host or also called as jump box or also like a remote server host now the purpose of this is uh for you as name suggest is a bastion which is a for your clients coming from over the internet uh so let's suppose this is your uh you have a virtual network that we saw earlier in that virtual network you create multiple machines of type windows and linux now one way to connect to these machines over the internet is you open the if it's a windows machine you open port number 3389 rdp port or if it's a linux machine you open port 22. so the rdp is a remote desktop protocol which is or listening on port number 3389 or ssh that stands for secure shell it's listening on port number 22. now both are these these are the data for connection from windows for connection to for machine running on windows or machine running on ss or linux or linux machines on port number 22. so instead of doing that because there could be some security loopholes on on on these two protocols or there might be some compromise risk on these so what you can do or what microsoft azure has introduced is a bastion host or a server which is accepting connections over the internet but on sl protocol 443 which is https protocol so instead of opening the port number 3389 or port number 22 to the internet or for your on-premise you first connect to a bastion host on port number 443 which is https you'll be going browser the user doesn't need any ssh client or the user doesn't need any rdp client they will go to the browser type https and then the best in host host name and then they will be presented with the username and password and they are jumping onto this paste in host and from there they'll be connections open to your backend windows or linux machines and on this best-in-host you will have all the tools that will help you to connect to these virtual machines so this will help in extra security because first of all the uh the data is all encrypted on protocol on port number 443 on https which is a hyper text transfer protocol on a secure manner and then from here um you can you will anyway have a respective another security layer here so that is what best in host is being used for now or sometime also called as jump box over https now if i want to show you how it look like on how will you create on um on cloud or azure and if you're part of uh i think uh it's it's covered in one of the trainings and as your administration and could possibly be an azure solution architect depending on the depending on uh the exam uh topic uh so they'll be definitely a hands-on lab on as your administration on how to create a best in host and how do you connect it but let me first let me quickly go and show it to you on portal so this is your azure portal you should all have a account you simply go on to the bestian host um and or search for sorry best thing uh bst i o and yeah so you click on this best things and click on this and from here you will click on create paste and now there'll be there's some additional charge i think it's what i've heard is a little bit expensive uh service but you can check it out you can't stop one thing good point is as of uh january or february 2021 you can't stop the best in host you can only terminate it so they'll be you'll be charged for every time best in host is running so like similar to that we create a resource or you put this pest in host on a resource group you give it a name you tell in which region you're going to place this pest in host and then where do you configure this pesticide in which network you're going to configure this you'll be providing the ip address um whether you want to create a new ip address for this best in host or you want to use an existing ip address and you can review all the details and create it so that's best in host in this lesson we're going to look at nat gateway and we'll also look at azure dns so first what is nat gateway net stands for network address translation so it basically hides the identity or ip address of the server which is going to present its client so to give an example let's suppose um you and me are talking but i don't want to present myself saying that my myself is atul and we put one person in the middle and that person you talk to that person and that person in text in turn talks to me and then i'll i'll basically respond back and that person the middle will forward request to you so that nats is basically what it does it's hiding the identity network address translation it's translating the address from client to the server and server when server responds back it translate it gives the resp uh it hides the server's identity or server's uh network address and then present to the client as if that that nat server is presenting that's what it this net does in simple terms so nat simplifies the outbound only internet connectivity for virtual network meaning when a request goes out from a machine or a subnet running inside a machine then it will go out when it present to the external world it will be connecting through the nat gateway and present the ip address of the net instead of the server's ip address that's what in a simple one words happens so outbound connected is possible without any load balancer or public ip directly attached to the virtual machine so this will also help if you have a virtual machine and there is no public ip or there is no outbound connectivity or there is no load balancer for outbound connectivity that will help you in reaching out and will translate the ip address of the client now and that is fully managed by azure and highly resilient which means it automatically will have active active you don't need to worry about having high availability for nat so now with that nat you get a public ip and you can also set a public ip prefix which means a number of ip addresses which means you put a site cider address and i'll explain you what i mean by the address here or explain you what is prefix means so not only you can use one ip but a set of ips that you want to present uh you can use or nat gateway will use any of these ip addresses uh to present to the client that's what it will be doing and how do you attach a network net gateway so i've already let's suppose you've created a get nat gateway i'll show it to you how to create it but then you will go to a virtual network inside that you will go to the subnet and then when you click on that subnet for it the example in this case default gate default subnet inside that there will be a gate net gateway option you can select that and that is how you associate the net gateway so the machines within that subnet will start using that nat gateway let's quickly go and show it to you how to create that nat gateway again this is a big nurse 101 i'm not going to go in detail but depending on which training you are part of whether it's as your administration as your solution architect we might be going deep into these topics or giving you more hands-on lab so simple is we'll create a net gateway and this is where you will provide all the basic name of the gateway and in which availability zone you want to place the net gateway resource group by now hopefully you know what is the source group but this is what i wanted to show you outbound ip you can select a ip address of associated with this ip uh with this load balancer and this is where you will be selecting the pre public prefix i public ip prefix which is nothing but a set of ip addresses insider format so this is like you see name and then how many ips do you want side 28 which will have 16 ips or do you want cider 31 which will only have two ips or if you want to have four ips you will select cyto 30 that is how you do so that's our nat gateway now what is dns so dns as name suggest is a domain name server it you when you access a website you use them or you access them via name for example catonian academy or a google.com or something else those names are usually but actual servers are listening on a particular ip so how to translate name to an ip that is handled by dns so dns will be converting a name to an ip so that client can then reach out to that ip by that name instead of behind the scene they will use that name so that's what dns does it resolves name to an ip address and these dns names that you have can be managed within azure that's what as your dns says so how do you i also when you're creating a network um default uh sorry azure comes with its own default dns server or you can have external dns zone management or you can say hey i want to out i want to externalize or i want to use a custom dns server so you might have like let's suppose you have microsoft active directory or some other dns management solution so instead of using azure dns for name resolution you want to use custom you can go and change that as well so you'll be changing it to you'll be going to was your virtual network and then inside that you'll be saying dns server and then you say i'm going to use default dns or i want to use custom which probably could be external source like godaddy or something and then you can also manage your dns so that's dns lesson we have to look at load balancers now as name suggests load balancer balances the load it takes a request from the client and then forward it to the backend servers on which your application is running so there might be bunch of virtual machines on which you might be running a web server or an application server so load balancer will forward those requests coming from the client to the backend server and then as the respond response comes back from the backend server forward that response back to the client now there are a few load balancing rules which means it could be round robin meaning first request to this vm second request comes from another client or maybe same client to the second machine and third machine and so on so that's a round robin or maybe weight is wise you can say like 40 or 50 to the first vm and then remaining 25 percent to the second vm and remaining 25 to 3rd vm like that you can do so there are multiple load balancing rules you can write or you can say server affinity or client client affinity which means if a request comes from the client always forward the first time whatever server it goes to for the next three hours or four hours or eight hours always send uh to the same client unless uh maybe client deletes a cookie or something like that and then there are health probes basically to constantly monitor that these backend vms are up or not and if our application is running and the listener on our web server or application server listening on these servers are actually responding or not and then depending on whether if they're not listening then take them out from the load balancing backend servers or not to forward these requests that's load balancer now load balancers are of two type public load balancer or we call external load balancers and also the internal load balancer or private load balancer will explain you that as well so you have a users which are exposed to the public or internet that we call public load balancer so they will have a public iep and they probably will be listening on a port number and a load balancer can also listen on multiple load balance sorry multiple listeners so in this case it's listening on a port number 80 and then forwarding request to the backend servers on port number 80. it can also listen on multiple port numbers like 18443 and then forward it to either one single port number 80 or it can forward it to multiple port numbers like 18443 or whatever so you can configure these these are all configurable options so this is load balancer public similarly private load balancer internal load balancer will be for request or in that case that load balancer can only reach from within a as your network so that is basically useful for your backend services so let's suppose in this case user comes they forward it to the public load balancer which goes to a virtual machine where you have your applications running or application server and that application server then in turn forward request to the to the database but the database is through this uh for example the sql database through the another load balancer which is internal load balancer on port number 1443 so that's load balancer this is an example of full diagram you have internet request coming from public load balancer and from that you have web servers running on that vm vm and that in turn will be forwarding request to the backend load balancer and then forward request to the internal load balancers oh sorry this is the internal load balancer forwarding request to the internal uh database servers for example so these azure load balancers work on both layer 7 of osi model so this is what you see is about osi model of networking uh if you google you will understand that or if you want to go a little bit deep into these networking concepts so there are seven layers so this azure load balancer works on layer 7 which is application layer for http and https or these it can it will also it can also work on layer 4 which is tcp protocol so layer 4 and layer 7. now there is a another load balancer which we call application gateway which works on layer seven uh so which we'll talk about in next lesson now if you want to go and create the load balancers you can go to the azure portal and create i'll show it in a minute also these are load balancer both tcp and uh http or https layer 7. we're going to look at application gateway so uh which is something similar to the load balancer that we saw earlier but it's on layer 7 of osi model which is at the application level which is for http or https level so as i said what it's going to do is you have a a browser which will have a app gateway or will hit the request to the load app gateway um and that app gateway will have or this app gateway will have https listener which will then forward request to the backend pools which could be a virtual machine which could be web app or different applications they're listening for web request now there might be some http rules that you can set on this application load gateway so the one difference between load balancer and application gateways app load balancer can listen for both layer 4 which is your tcp level tcp level or an http https level whereas application gateway is specific to the https level uh the advantage in application gateway is that you can use the http rule like you can have path-based routing in this so application gateway support and you can say if a url is for example uh this con on this url then you can say if it's forward slash images forward it to this pool of servers if uh url is forward slash video forwarded this pool of services these are all uh done in application gateway and these are done at a layer 7 load balancer you can also configure a multi-site routing where you can have multiple sites website 1 and website 2 or url 1 and url 2 fronted by the same application gateway and say for website 1 forward it to these pool of servers for app url to forward it to this uh application gateway so that's application gateway let me quickly show it to you on uh azure how do you create one so this is my um as your portal you will search for application gateway uh so application and application gateways click on this and this is where we will say click application gateway and then you specify same as your subscription or which subscription you want under which you define the resource gateway name of the application gateway and then other parameters of the application gateway and then you will see what will be the front-end uh address you will be needing will provide all these details so then you will say front-end what is the urls you want to expose then the back-ends this is where the ur back-end servers and then configuration like if you want host based routing or other rules that you do and then you create application gateway we are going to look at azure traffic manager so this is another network's networking service which is used to route the or to determine what is the best possible endpoint um to route the client request so as shown here let's suppose you are a user and then you want to access a website um so you are going to use that url to dns that we saw earlier the dns will give you the ip address so instead of giving that ip address or the load balancer or the server it will be pointing to the traffic manager or we are going to give this url pointing to traffic manager to the uh to the user the traffic manager will then uh see the client request and based on the rules that you define for the traffic manager uh it will find out the best route or best route for user to access um the quickest way um to access the urls that is what you this traffic manager is used for so user will then take that end point and will access that application so this traffic manager is used uh or more effective when you have disaster query solution or when you want very highly available best possible solution for your customer so to give an example you can have a traffic manager and the traffic manager may be and then you have two sites so for example one site is in um of on europe and second in u.s and maybe third site in in australia or singapore or asia something like that now uh the on top of that there will be a traffic manager traffic manager will forward request to and there are multiple load balancers one is in uh us another in europe another one is in australia or asia and then according to that those load balancers will have their back-end servers now traffic manager will determine based on the rules you define and say hey this person is coming from u.s let them route the traffic to the u.s servers the traffic manager will do or if the person is coming from europe then route traffic to the europe that's one use traffic manager can also be used for failover so if let's suppose one site is not available one region is not available the traffic manager will say hey this backend service is not available let me forward that request to so and so server so that's what is traffic manager used for now you can go into the azure portal and create a traffic manager and then routing method you can all these are routing methods you can do in a weighted which means you can say 50 to this place or this site and the remaining 25 25 for this or you can do based on performance like which is the better uh response time or you can do based on geography so if your user is coming from this country forwarded to this server this sort of servers so these are all purpose of traffic manager we are going to look at one of the two methods to connect your azure network with on-premise networks and on-premise which means when i say on-premise i mean customer data center or the data center which customer already has in their premises or managed by someone else in someone else's promises and from which you want to connect to azure cloud so there are two ways uh one is express route and second is vpn gateway so here in this lesson we're going to talk about a very high level express route and then in the next lesson we'll talk about the vpn gateway so both are ways to connect but express route is a dedicated gateway assume this is a dedicated pipe between the customers network and the microsoft network so this is what you see microsoft edge when we say so one end of the microsoft cloud which is this here and another end of the my uh this uh express route is this here so customer will be configuring some devices on their side and then there will be two uh dedicated pipes for high availability we also called as express route circuits and there will be one primary sub connection and second is a secondary connection and then that will come and connect to the microsoft edge of which is a you think of it as an edge as a service on the edge side one end of the tunnel and that end of the tunnel will be talking or this edge will be directly anyway connected by default with azure network here or if you can use the same um express route to connect to other microsoft software service or microsoft sas like your peering with office 365 or other public ips or other services so that is all in a nutshell express route so it's a dedicated pipe now one thing to note um here is that which will all cover here as well uh that that is very fast and you always get a dedicated connectivity so whatever m whatever gb is of data are gb gigabits per second traffic that you between your customer network and um and the microsoft azure network now express route is slightly expensive or more expensive than vpn gateway but in vpn gateway the data is traversed between client and server securely over the internet so it will you will you can't guarantee the bandwidth that you get because you're dependent on wide area network or over the internet whereas on this which is express route there is a dedicated line or dedicated pipe and you always know that at least you are going to get that much bandwidth or network traffic a network bandwidth that you agreed with your customer so what is here on left hand side there's something called as gateway which will talk about this gateway which that the customer promises is also called as we represented in azure as a local gateway local network gateway which we'll talk a little later but this is a gateway on customer side and customer will have some devices that they need to put in their data center which will is going to talk to the other end of the express or one end of the express route circuit the other end of that express route service is already connected with microsoft edge and that microsoft edge will be connected to you're going to create a gateway which is another gateway which is express route gateway and that express route gateway will then will be connecting to or connected to your um this virtual network so this is in a nutshell on a high level about express route we are going to look at vpn gateway or virtual private network vpn stands for virtual private network gateway how do you configure and there are two type of gateways s2s and p2s we are going to cover both side to side and point to side and what are these configurations are i will and also very high level overview about what all things are required in order to implement s2s so just to do uh as aside in the one of the previous lessons i said express route is to connect um your azure cloud network with the on-premise network or customer data center through a dedicated pipe whereas as a name suggests the virtual private network vpn gateway is also a connectivity but that connectivity is over the your internet on ipsec vpn tunnel so there's a ipsec and this ik is uh the key uh encryption or encryption key and you can google these things these are all standard vpn keys uh there's nothing specific to azure these are standard ipsec or internet protocol security ike protocol on there as i said there are two ways to connect one is this one here we are talking about s2s stands for side to side so you have on premise and you might have multiple sites of of on-premise or you can have one site of as well so multiple sites or assume you only have one site that will have one end of vpn tunnel so there'll be a vpn device at customer side and there's a another vpn device which you create with something called as vpn gateway that you configure on as your cloud and they one end of this vpn gateway we'll be talking to azure other end of this vpn gateway will be talking to the through this vpn tunnel on to the vpn device that you uh uh that represents on premise so in on premise there'll be public ip uh which will be able to talk to this vpn gateway or this end of the vpn gateway this is a secure tunnel but that data is going to move over the internet here and like that you can configure multiple so that's vpn gateway now as i said the local not oh so then in vpn gateway there is also called as a local gateway uh when you define a vpn gateway you also define a local network gateway so this local network gateway um is different from virtual network gateway but that repre this when you're defining the virtual network or vpn you also need to represent uh this end of on-premise device in your in your when you define the vpn gateway so the virtual representation of the on-premise device or on-premise vpn device will be called as local network gateway so local network gateway is a representation of your on-premise network that correspond or corresponding vpn device as i said earlier so the vpn device its configuration um virtually on you need to represent that somehow in um it's not somehow but by creating this that will be that representation is called as local network gateway so and again when you define the vpn gateway you will also be creating a local network gateway and so here you will be saying name ip address and this is actually the public ip of your of your vpn device in your customer premises that is what you'll be creating so you can create it from your azure portal or you can also create it from as your cli or as your powershell then as i said vpn gateway are of two type one is side to side and second is point to side and i'll explain these two here by the diagram so side to side is your entire data center or customers data center so this is a customer data center and this is your as your we as your server or as your cloud now in the customer data center there will be multiple machines your your laptop when you connect your office network also comes under this so that's we call side to side so this is a customer side this is as your site side to side connection ipsec vpn now this diagram might someone might say radius server it's for authentication and authorization identity so you can integrate this on-premise vpn with your radius server for identity management for login for active directory again we are not going here so that's my side-to-side now you can also configure site to point or sorry to side and point is your laptop point could be my laptop uh which will act as another end of this vpn tunnel so i can install a vpn um client like open vpn on my server on my laptop and then configure a vpn tunnel with my azure vpn for so the data between my laptop which is acting as a point to my azure network will go as a point to site as a secure channel so that pen to site is or that is called as p2s so that's why you see point to side and this is side to side so just to do a quick recap side to side vpn connection is usually to connect your on-premise network or customer data center network to a as your portal over a ipsec ike protocol whether it's ik version 1 or version 2 vpn tunnel now this type of connection requires a vpn device so there will be a physical vpn device that will located on your premises and it will have an externally facing public ip that you'll be using when we said earlier defining a local network gateway now whereas point to site is a vpn gateway connection lets you secure connection from your virtual network from an individual client computer which could be my laptop or your laptop so on that individual client laptop you're going to install a client like open vpn now if you're part of my our azure if you're listing this in as your administration is at 104 there will be a lab activity guide to perform this so this is my side to side and point to side vpn connection so and this is side to side where uh this is my azure network and here i'm defining my on-premise network so this is my local gateway or this is actually a representation of that local gateway which i'm going to define here now when i'm defining a vpn gateway i'll be defining them into i'll be creating something called as gateway subnet so when you create a subnet you will be creating a v subnet which will be marked as a gateway subnet in that i'm going to define my vpn server so that's uh the vpn now there's something called as azure stack which is your entire cloud but at customer promises you have the s the hardware and the cloud software but it customer promises that's called as zero stack that also you can integrate with the vpn in the same manner so it's side to side vpn now in order to implement your site to site in on premise you'll be installing or configuring a vpn device on your customer data center or so your customer data centers network team will define that you'll be defining a vpn connection on azure side you'll be creating a vnet or subnet that you want to connect with your for your vpn gateway and then you optionally if you want you can define a dns server on that but you need to create a gateway subnet as i said this subnet is subnet in which you will be creating a vpn gateway so that subnet will act as a gateway subnet so you'll create a vpn gateway uh also you get this update inside that you will be creating a vpn gateway and then you will be creating a local network gateway which will be representing your device which is on cloud and that is a end-to-end you'll be doing again if you're part of azure administration is it 104 there'll be laps for that um on how to implement a point to site uh vpn gateway as i said now then you have a virtual van which is a wide area network so when you have multiple virtual networks okay and you have multiple sites and branches so instead of connecting all of these separate branches separately with each with each of these network on azure cloud what you can define is you can define a virtual van that will act as a hub and again there's another concept of hub and spoke which i'll cover later but there's a implementation of virtual van that you put it you set up and that van will act as a connectivity and that will act as a join and then this v-net can go and talk to this branch or or this v-net can also go and talk to this branch and this or this v-net can also go and connect to all the branch all those which are connected to uh this central virtual van so this virtual van will act as a interface and all these networks can talk to all these sites or the sites can talk to each other and so on so that's virtual when we're talking about networking for beginners um on in microsoft azure my name is atul from team k1 academy so let's begin with this what is v-net pairing so in azure you have different networks and uh these networks are specific to regional or region so you when you create a network it will be available only on that region you can create multiple networks or vnet inside a region but if you want to create or if you have machines on two different regions then you'll be creating two different networks now uh machines within network can talk to each other over the private ip over the internal ip of that net or those machines but if a machine in one network wants to talk to a machine on another network either within the same region or across different region if they want to talk over a private ip then they should be paired which means they should be able to talk to each other and that process is called as peering connecting of two networks within same region or across region is called as peering so if i'm connecting two networks they are within the same region that we call it regional peering if i'm connecting two networks or pairing two networks they are across different regions we call it global v-net pairing or global peering i hope that makes sense now in order for me to peer to networks i'll go to the virtual network vnet uh select the network that i want to appear click on peering inside that network and then you click on add and you'll be able to see a another network uh in and you should be able to peer that now there is one more con property which is called as gateway transit which i'll explain you in a minute but before that i hope you're clear with wiener peering which is connecting of two networks now you can have more than two networks as well so let's assume you have a network one and you have a network two and you have a network three now all these three networks wants to talk to the on-premise network then you'll be creating a vpn gateway as we saw in one of the previous vpn module or express route module you'll be creating a vpn gateway here or express route gateway here you will also need to create one gateway here and one gateway here so three gateways connecting to on-premise device with three different settings that's a very time consuming uh or a unnecessary exercise so what you can do is you can configure these three networks in pairing so you can have one network second network and third network peer to each other but where this network is a central network we call hub network and that hub virtual network will be talking to spoke networks these two different networks uh so that is called as hub and spoke model where one network is able will be connected to other networks one central network which is talking to other networks now beauty with this hub and spoke model is now i only need to configure my vpn gateway in one here which is hub model and which is talking to on premise now if this on premise needs to talk to the spoke model it can do that the only condition is that it needs to configure a gateway transit so i'll explain you that as well so if this on-premises machine here wants to talk to machine here in this network over their internal ips or private ip it can do so this will send a connection to this hub one and then hub will then forward it to the spoke and they will be able to see each other now in order to achieve that there is a property that you set which we saw when we are configuring gateway transit when you're defining you will say oh yes i want gateway transit so in that scenario gateway transit will allow so if i set this gateway transit between these two we net uh this v-net hub and then we net b then any machine on premise can talk to this we need b through this gateway transit because we have allowed the gateway transit so gateway transit is a property that you set at appearing when defining pairing that lets lets one virtual network this network to use the vpn gateway that is paired um to connect across environment so that is what we are going to do so if lets suppose this network is using transit it can use this vpn gateway to go down if this machine is not this vnet is not configured with allow gateway transit then this machine or this network or machine in this network can't use this vpn gateway because gateway transit is not allowed so that's gateway transit so in this model here we have hub which is connected to two spokes a spoke and they can talk to your on premise or other networks are through hub and spoke model with gateway transit so i'm paired but with the gateway transit so this can talk to these and this can talk to these as well through this vpn that we've configured because we enabled gateway transit so that completes this hub v-net pairing which is of two type global v-net peering or regional v-net pairing with a setting called or a harbin spoke model with a setting called gateway transit well that was our expert on azure networks now if you want to learn more and get microsoft certified register for a free class of the azure certification of your choice if you are interested on azure solution architect certification including exams is it 303 and is it 304 i would like to invite you for a free master class on how to kick start your journey as azure solution architect right from learning basics like implementing storage account virtual networking and getting certified by using our step-by-step 12 weeks roadmap to go from complete beginner to a certified azure solution architect i would like to invite you for a free master class on how to kick start your journey as azure administrator right from learning basics like cloud concepts networking storage and getting certified by using our step-by-step 12-week roadmap to go from complete beginner to a certified azure administrator if you are interested register for a free class by going on to k21acadme.com az10402 i highly recommend you to go through this free class to see what to expect in the exam learn basics about azure administrator certification and to get a demo on deploying web servers so k21acadme.com slash az10402 please click on the subscribe button so you don't miss out on our future videos i will see you in another episode of azure video series from k21 academy till then take care