A new version, version 2 of this whitepaper “Microsoft Azure Network Security Whitepaper” is now available. This update is based on capabilities available as of Oct 2014.
Download it from Microsoft Azure Network Security Whitepaper V2.
Windows Azure networking provides the infrastructure necessary to securely connect your virtual machines to one another, as well as bridge between the cloud and your on-premises data center.
This white paper seeks to uncover these inner-workings and give insights on how customers can take advantage of the platform’s native features to best protect their information assets. The paragraph below highlights some of what you will see in this white paper:
Fundamental to any shared cloud architecture is the isolation provided for each customer. In Windows Azure, a customer subscription can include multiple deployments, and each deployment can contain multiple VMs. Windows Azure provides network isolation at several points:
- Deployment: Each deployment is isolated from other deployments. Multiple VMs within a deployment are allowed to communicate with each other through private IP addresses.
- Virtual Network: Multiple deployments (inside the same subscription) can be assigned to the same virtual network, and then allowed to communicate with each other through private IP addresses. Each virtual network is isolated from other virtual networks.
An example of such a topology is shown in Figure 1.
Figure 1. An example of isolated multi-tier IaaS applications hosted within Windows Azure.