Azure Cloud Networking
VxCloud Azure Cloud Networking Features
Medium and Large Enterprise Azure Cloud Networking Services
Azure Networking Integration
VxCloud SD-WAN and Azure Vnet integration is already setup and tested for clients. Azure VPN Gateway services are used to provide secure networking integration. Connectivity is provided as part of the VxCloud SD-WAN interconnected service. We provide access to South African peering points resulting in improved Azure WAN Access and integration.

Azure VNET Networking
With skilled Azure networking architects we can provide clients with Azure Vnet architecture and designs. It is vitally important for clients to create the correct Azure networking solution before applications and computing services are deployed inside Vnet. Contact VxCloud for a consulting discussion.

Azure VNET Monitoring “Network Watcher”
We have included the new Azure Network Watcher as part of our cloud monitoring service. The new service will provide clients with virtual network gateway connectivity trouble shooting, networking topology, IP flow verification, packet capture, security and NSG flow logs. VxCloud utilizes these services to provide clients with cloud network monitoring and problem resolution. Cloud Networking to Perfection and simplified management reduces TCO by 30%.

VxCloud SD-WAN vs Express Route
We have created an SD-WAN solution that is competing with “Express Route”. The redundancy, reduced cost, security and peering point access provided as part of the SD-WAN solution has created a stable and very efficient cloud network solution. The advantage is that the same network also provides these features to O365 and Google. Please contact VxCloud for demo units and POC testing. We have created the service for assured application performance and Quality of Experience.

Azure Cloud Networking
VxCloud Azure Cloud Networking Integration
VxCloud integration with Azure can be accessed from multiple SD-WAN sites in South Africa. Normal internet traffic such as LTE, ADSL, FTTH, Fibre and Metro Fibre is used to create high availability Azure VPN gateway access. VxCloud gateways are deployed locally to South Africa and managed by VxCloud.

Azure Vnet Solutions
Azure Cloud Monitoring
The Azure Virtual Network service enables clients to securely connect Azure resources to each other with virtual networks (VNets). A VNet is a representation of your own network in the cloud. A VNet is a logical isolation of the Azure cloud dedicated to your subscription. You can also connect VNets to your on-premises network. Ever wondered why you need the internet for applications, VxCloud justifies using the internet as the Cloud Network.
Azure Vnet Isolation
VNets are isolated from one another. Clients can create separate VNets for development, testing, and production that use the same CIDR address blocks. Conversely, Clients can create multiple VNets that use different CIDR address blocks and connect networks together. You can also segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet.
Azure Internet Connectivity
All Azure Virtual Machines (VM) and Cloud Service role instances connected to a VNet have access to the Internet, by default. You can also enable inbound access to specific resources, as needed. VxCloud uses the clients Microsoft licensing benefits and funding to create O365-Azure integration.
Azure Networking Integration
VxCloud SD-WAN and Azure Vnet integration is already setup and tested for clients. Azure VPN Gateway services are used to provide secure networking integration. Connectivity is provided as part of the VxCloud SD-WAN interconnected service. VxCloud provides access to South African peering points to provide improved Azure WAN Access and integration.
Azure Networking Devices
VxCloud can also integrate SD-WAN VPN gateways into other gateways such as Fortinet, Cisco and Palo Alto deployed in Azure as virtual services. This will be done according to client requirements.
Frequently Asked Questions
What are the networking capabilities provided in Azure Virtual Networking?
- Isolation: VNets are isolated from one another. VxCloud can create separate VNets for development, testing, and production that use the same CIDR address blocks. Conversely, you can create multiple VNets that use different CIDR address blocks and connect networks together. You can also segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet. You can optionally configure a VNet to use your own DNS servers, instead of using Azure internal name resolution.
- Internet connectivity: All Azure Virtual Machines (VM) and Cloud Services role instances connected to a VNet have access to the Internet, by default. You can also enable inbound access to specific resources, as needed. The VxCloud SD-WAN utilizes this service from Azure to create Azure networking access. The service is deployed as part of the clients licensing agreement and is highly cost effective.
- Azure resource connectivity: Azure resources such as Cloud Services and VMs can be connected to the same VNet. The resources can connect to each other using private IP addresses, even if they are in different subnets. Azure provides default routing between subnets, VNets, and on-premises networks, so you don't have to configure and manage routes.
- VNet connectivity: VNets can be connected to each other, enabling resources connected to any VNet to communicate with resources on any other VNet.
- On-premises connectivity: VNets can be connected to on-premises networks through private network connections between the VxCloud SD-WAN and Azure, or through a site-to-site VPN connection over the Internet. VxCloud provides multiple VPN gateways for secure Azure access.
- Traffic filtering: VM and Cloud Service role instance network traffic can be filtered inbound and outbound by source IP address and port, destination IP address and port, and protocol.
- Routing: You can optionally override Azure's default routing by configuring your own routes, or using BGP routes through a network gateway.
Do we need express route or are there good alternatives to cloud networking?
How does network isolation and segmentation work?
- Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure assigns resources connected to the VNet a private IP address from the address space you assign.
- Segment the VNet into one or more subnets and allocate a portion of the VNet address space to each subnet.
- Use Azure-provided name resolution or specify your own DNS server for use by resources connected to a VNet.
What does VxCloud include as part of the Azure Cloud Networking Service?
How secure is the VxCloud internet SD-WAN?
Can you provide us with an Example of SD-WAN and Azure Cloud Networking Interconnect?
Download the Azure and SD-WAN demo document and contact VxCloud if you would like to see the live demo.
How can medium sized organizations benefit from SD-WAN and Cloud networking?
The SD-WAN solution can use any network to create enterprise based networking services. The perception that MPLS is still the best network is changing and no longer applies to services that are accessed in the cloud.
How can we get more information and access to technical assistance?
What are the components of Azure Cloud Networking?
All resources connected to a VNet have outbound connectivity to the Internet by default. The private IP address of the resource is source network address translated (SNAT) to a public IP address by the Azure infrastructure. You can change the default connectivity by implementing custom routing and traffic filtering. To communicate inbound to Azure resources from the Internet, or to communicate outbound to the Internet without SNAT, a resource must be assigned a public IP address.
Connect Azure resources
You can connect several Azure resources to a VNet, such as Virtual Machines (VM), Cloud Services, App Service Environments, and Virtual Machine Scale Sets. VMs connect to a subnet within a VNet through a network interface (NIC). To learn more about NICs, read the Network interfaces article.
Connect virtual networks
You can connect VNets to each other, enabling resources connected to either VNet to communicate with each other across VNets. You can use either or both of the following options to connect VNets to each other:
- Peering: Enables resources connected to different Azure VNets within the same Azure location to communicate with each other. The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet. To learn more about peering, read the Virtual network peering article.
- VNet-to-VNet connection: Enables resources connected to different Azure VNet within the same, or different Azure locations. Unlike peering, bandwidth is limited between VNets because traffic must flow through an Azure VPN Gateway. To learn more about connecting VNets with a VNet-to-VNet connection, read the Configure a VNet-to-VNet connection article.
Connect to an on-premises network
You can connect your on-premises network to a VNet using any combination of the following options:
- Point-to-site virtual private network (VPN): The first one that VxCloud SD-WAN will provide is to establish a single PC connected to your network and the VNet. This connection type is great if you're just getting started with Azure, or for developers, because it requires little or no changes to your existing network. The connection uses the SSTP protocol to provide encrypted communication over the Internet between the PC and the VNet. The latency for a point-to-site VPN is unpredictable, since the traffic traverses the Internet.
- Site-to-site VPN: Established between your VPN device (VxCloud SD-WAN Gateway) and an Azure VPN Gateway. This connection type enables any on-premises resource you authorize to access a VNet. The connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between your on-premises device and the Azure VPN gateway. The latency for a site-to-site connection is unpredictable, since the traffic traverses the Internet.
- Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not traverse the Internet. The latency for an ExpressRoute connection is predictable, since traffic doesn't traverse the Internet. Very expensive and suitable for all organisations.
Filter network traffic
You can filter network traffic between subnets using either or both of the following options:
- Network security groups (NSG): Each NSG can contain multiple inbound and outbound security rules that enable you to filter traffic by source and destination IP address, port, and protocol. You can apply an NSG to each NIC in a VM. You can also apply an NSG to the subnet a NIC, or other Azure resource, is connected to. To learn more about NSGs, read the Network security groups article.
- Network virtual appliances (NVA): An NVA is a VM running software that performs a network function, such as a firewall. View a list of available NVAs in the Azure Marketplace. NVAs are also available that provide WAN optimization and other network traffic functions. NVAs are typically used with user-defined or BGP routes. You can also use an NVA to filter traffic between VNets.
Route network traffic
Azure creates route tables that enable resources connected to any subnet in any VNet to communicate with each other, by default. You can implement either or both of the following options to override the default routes Azure creates:
- User-defined routes: You can create custom route tables with routes that control where traffic is routed to for each subnet. To learn more about user-defined routes, read the User-defined routes article.
- BGP routes: If you connect your VNet to your on-premises network using an Azure VPN Gateway or ExpressRoute connection, you can propagate BGP routes to your VNets.
Pricing
There is no charge for virtual networks, subnets, route tables, or network security groups. Outbound Internet bandwidth usage, public IP addresses, virtual network peering, VPN Gateways, and ExpressRoute each have their own pricing structures. For more information of the VxCloud SD-WAN Virtual network, VPN Gateway, and branch office pricing please contact us on 087-815-1000 or email admin@vxcloud.co.za.