Microsoft Entra Private Access gives users secure access to the internal network and cloud-based services from anywhere in the world. Setting up and maintaining (complex) VPN connections is now a thing of the past. Microsoft Entra Private Access is part of Microsoft Global Secure Access, which includes a range of identity and network access security products. The service is based on the SASE framework (Secure Access Service Edge), which combines WAN functions and zero-trust network access (ZTNA) in a cloud-based platform.
An essential aspect of using cloud services is ensuring availability and performance. Outages or performance problems have a significant impact on today’s business processes and lost revenue, image damage and angry customers.
Azure Service Health is a free service from Microsoft Azure. The service provides real-time information in a dashboard about the status and performance of Azure services. The service continuously monitors resources and proactively informs about service problems.
SMB over QUIC is a network protocol used by Windows. It allows secure, shared use of resources such as files on the network. To use SMB (Server Message Block) without QUIC, TCP port 445 is required. Some Internet providers block TCP port 445 for security reasons. Therefore, it is not possible to connect to a file share on Azure by SMB successfully.
To bypass the blocking of TCP port 445, there are several options to choose from, including the following:
- VPN (Virtual Private Network), e.g. AlwaysOnVPN
- Third party software, e.g. MyWorkDrive
- SMB over QUIC (Quick UDP Internet Connection)
Low network latency between virtual machines generally contributes to optimized performance. The proximity placement group feature in Azure ensures that virtual machines within the same proximity placement group are physically located in the same datacenter.
Proximity placement groups in Azure are particularly suitable for services and workloads (ERP, databases, real time services) with low latency requirements.
Microsoft Azure Arc is a solution that enables resources to be centrally managed and monitored across multiple environments. Azure Arc extends the management capabilities of Azure to on-premises resources or other cloud providers such as Amazon Web Services (AWS) or Google Cloud Platform (GCP).
Resources integrated into Azure Arc are administered via the unified Azure Portal. Regardless of where they are physically or geographically located. Overall, Azure Arc provides consistent, centralized and simplified management of resources.
This guide describes how to deploy a Windows Server hosted outside the Azure Cloud step-by-step using the Azure Connected Machine Agent in Azure Arc.