Cloud services like Azure offer a lot of security features straight out of the box, especially if you’re using their platform services. But virtual infrastructures are much like physical infrastructures, connecting virtual machines with software-defined virtual networks. Thus, they need the same security and network management tools as your own data center and your own application infrastructures.
Two services are key to securing and managing Azure-hosted networks, focusing on different parts of the cloud journey.
- The Azure Firewall is for your first application, for API and web-based code that’s important to your business but not critical.
- As applications and services grow, and as businesses move more and more code from on-premises to the cloud, your needs will change and you’ll need tools to help scale your services as well as securing them. To do that, Azure Front Doorcombines security and load-balancing features, using edge services to control and direct access to globally distributed applications.
There’s no conflict between these two services. Azure Firewall gets you started, and you can use it to build out an application until traditional routing and load-balancing techniques start to fail. That’s when you add Front Door to your architecture, adding a new layer above your existing networking tools. They can stay in place as a backup to Front Door, or they can be removed once you’re happy with how Front Door operates.
Using Azure Firewall
Azure Firewall is a cloud implementation of a familiar modern firewall, one that’s ready to go as soon as you add it to your virtual network. It manages incoming and outgoing traffic to and from the public internet, as well as integrating with services like Azure VPN and ExpressRoute. This last option is perhaps one of the most important, because it helps manage your hybrid infrastructure as well, protecting traffic that links on-premises services with the cloud.