How Can You Filter the Network Traffic? – Implement and Manage Networking for Azure Virtual Desktop

How Can You Filter the Network Traffic?

You can filter the network traffic between subnets using either or both of the options including Network Security Group (NSG), and application security groups. NSG’s can contain multiple inbound and outbound security rules that permit you to filter traffic to and from resources by source and destination IP address, port, and protocol. Another option is a network virtual appliance (NVA), which is a VM that performs a network function, such as a firewall, WAN optimization, or other network function.

How to Route Network Traffic in Azure?

Azure routes traffic between subnets, connected virtual networks, on-premises networks, and the Internet, by default. You can implement a route table or Border Gateway Protocol (BGP) route. Both options override the default routes that Azure creates.

By using route tables, you can create custom route tables with routes that control where traffic is routed to for each subnet. If you connect your virtual network to your on-premises network using an Azure VPN Gateway or ExpressRoute connection, you can propagate your on-premises BGP routes to your virtual networks.

Virtual Network Integration for Azure Services

Integrating Azure services to an Azure virtual network enables private access to the service from virtual machines or compute resources in the virtual network. You can integrate Azure services in your virtual network with the following options:

•\   If deploying dedicated instances of the service into a virtual network, the services can then be privately accessed within the virtual network and from on-premises networks.

•\   Using a private link to access a specific instance of the service privately from your virtual network or from on-premises networks.

•\   You can also access the service using public endpoints by extending a virtual network to the service, through service endpoints. Service endpoints allow service resources to be secured to the virtual network.

No inbound ports are opened. In this version, the gateway acts as an intelligent reverse proxy. The gateway manages all session connectivity, with nothing but pixels reaching the client.

Azure Virtual Desktop hosts client sessions on the session hosts running on Azure. Microsoft manages portions of the services on the customer’s behalf and provides secure endpoints for connecting clients and session hosts. The diagram above (Figure 4-32) gives a high-level overview of the network connections used by Azure Virtual Desktop.