The purpose of this repo is to deliver layered, reusable and github friendly network architecture diagrams for Cloud Solutions Architects to run effective Azure design and skilling sessions. The content is based on real customer and partner design sessions with collaboration from cross-functional architects. The repository will include tips and tools for effective story telling that explain the why behind the design options based on requirements and the art of the possible. The design areas include - Azure Networking, Hybrid connectivity architectures, routing, firewalling, load balancing, multi-region, secure design, cross functional networking areas and AKS networking. The networking complexity is broken down into layers with one diagram per design area using draw.io now diagrams.net. This repo will include configuration snippets to reduce the lab prep time and the need to leave the labs running for demos.

Cloud Solution Architects, Network Architects, Cloud Infrastructure Architects, Solution Engineers

• Build Reusable and github friendly network architecture diagram templates
• Layered diagrams to run effective Azure Design and skilling sessions
• Real world use cases dervied from working with Microsoft customers
• Level 100 to level 400 scenarios in one diagram
• Understand the why behind the design decision
• Minimize lab time
• Growth mindset

0. How to create layered drawio diagrams
1. Azure Hub and Spoke Designs
2. Azure Virtual WAN (vWAN) designs
3. Load Balancing in Azure
4. DNS Options in Azure
5. NVA High Availability in Azure
6. Private Endpoint and Private Link Service in Azure

1. Azure AI Studio Networking- March 28th 2024 Completed - Recording link
2. AVS Networking (April 25th 2024 Webinar Registration Link -coming soon)
3. AKS Networking (Webinar Registration link here- coming Soon)
4. ADF and SQL MI Networking
5. APIM Networking
6. Azure Container Apps, Web Apps Networking

1. IPv6 in Azure
2. Azure Network Security (AzFW, DDoS)
3. ExpressRoute Designs
4. AVD (Azure Virtual Desktop)
5. Azure IoT Networking
6. SAP on Azure

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the Hub-spoke architecure design. This design includes the following layers.

• Hybrid Connectivity Architecture with hub-spoke design
• Site-to-site, Point-to-Site and ExR connected Branches
• Default traffic Flows
• Variation of the default design based on requirements
• Use case for AzFw
• Use case for ARS (Azure Route server)
• Use case for NVA (Pros and Cons)
• VPN Gateway Active Active design challange
• Multi-region design
• Configuration snippets
• Concepts
• Limitations

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the vWAN architectures. This design includes the following layers:

• Hybrid Connectivity Architecture
• Single region default flows with Azure vWAN
• Multi region default flows with Azure vWAN
• Secured vWAN
• BGP Endpoint feature use case
• Use case for routing intent
• Use case for NVA in indirect spokes
• Use case for Custom Routing
• Multiregion with ExR Boe-tie design

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the load balancing architectures. This design includes the following layers

• Azure load balancer (layer 4)
• Azure application Gateway (layer 7)
• Cross Region Load Balancer
• Azure Traffic Manager (Global)
• Azure Front door (AFD)
• Azure Gateway Load Balancer
• Multi-region design
• Use case for Private endpoint with AFD

Download draw.io diagram. More information on how to open .drawio files here.

In this session we walk through the DNS options in Azure.his design includes the following layers

• DNS Options in Azure
• Default DNS configuration
• Custom DNS
• Hybrid DNS
• Private DNS Zones
• Azure Private DNS Resolver

Download draw.io diagram. More information on how to open .drawio files here.

This design includes the following layers:

• NVA LB Sandwich design
• Challenge: Preserving flow symettry
• North South flows
• East West Flows
• Packet Captures
• Use case Floating IP
• Use case for HA Ports
• Configuration Snippets

Download draw.io diagram. More information on how to open .drawio files here.

This design includes the following layers:

• Service Endpoint
• Private Endpoint
• Private Link Service
• VNET Integration vs Private Endpoint
• Use case with Azure Front Door (AFD) with Private Endpoint
• Use case with AKS

Download draw.io diagram. More information on how to open .drawio files here.

• AI Studio Prompt flow with Managed VNET and Private endpoints
• Short Demo with AI Studio Playground
• Azure AI Studio Architecture Components (PaaS and IaaS)
• Key Concepts (Private Endpoints, Webapp, Embedding and Vector Database, Managed EP, AI Models and Prompt flow)
• Traffic flows with managed VNET with Private Endpoints
• FAQ and Feedback Links

Download draw.io diagram. More information on how to open .drawio files here.

• On-Prem Connectivity Using Global Reach
• VPN ER Transit using ARS
• Network Virtual Appliance (NVA) in Azure VNET (with ARS)
• Transit VNET design with NVA in Azure NVET (with ARS)
• Deploy third party Virtual Apppliance using NSX-T segments within AVS
• Secured vWAN HUB Design with Routing Intent

Download draw.io diagram. More information on how to open .drawio files here.

This design includes the following layers

• Azure CNI
• Azure Kubenet
• Azure CNI Overlay
• IPv6 in AKS
• Azure Data platform integration (Example: SQL MI integration, SQL DB, Cosmos DB, OSS DB (mysql, postgreSQL), blob storage)
• Multi-region with Relational DB(SQLMI, SQL DB, OSS DB) (Single Master) (Shopping cart)
• Multi-region with Non-relational or NoSQL (Cosmos DB, MongoDB) (Multi Master) (catalog db)

This design includes the following layers

• Azure ADF (Data movement and orchestration)
• Azure Synapse
• Azure Datalake or blob storage
• SQL MI (source and destination)
• Third Party Cloud (GCP)
• Hybrid SQL Server On-premise
• Cosmos DB, SQL DB (source and destination)
• OSS Databases (postgreSQL, mysql, mariadb)

• APIM Big Picture view
• Default mode
• External network mode
• Internal network mode
• Internal network mode with Azure Application Gateway
• Internal network mode with AKS Backend API
• APIM with Azure firewall/NVA
• APIM Identity - AAD and B2C Integration
• APIM Multi-region Architecture
• Self hosted gateway
• LetsEncrypt Certificates and APIM Custom Domain
• Azure Private DNS Zones integration
• Network Troubleshooting

• Private Endpoint Integration
• Service Endpoint
• VNET Integration
• NAT Gateway Integration
• Azure Private DNS Zone Planning

Draw.io is feature rich. I've listed my top 10 favorite features that are useful for drawing network architecture diagrams

1. Add Shapes: View -> Shapes -> Add Shapes -> Azure.
2. Add Layers: View -> Layers. Create layers and show hide layers.
3. Add Scratchpad: View -> Scratchpad
4. View Outline: View -> Outline
5. Flow animation: Select Flow -> Flow animation
6. Sketch Style (hand drawn style)
7. Whiteboard: Extras-> Theme-> Sketch
8. Curved lines for flows
9. vscode integration
10. Group shapes using CTRL-G

There are three options to open the draw.io diagrams.

1. Use the desktop app Download the desktop app from the microsoft store.

   Dowload drawio file from github and open in the desktop app. File -> Raw -> Save link as.

2. Use the web browser to open the file online using the link here

3. Integrate with vscode using the

Special thank you to my colleagues

• David O'Keefe
• Shaun Croucher
• Xavier Elizondo
• Heather Tze
• Mays Algebary
• Daniel Mauser
• Shruthi Nair
• Jose Moreno
• Sowmyan Soman Chullikkattil
• Mike Richter
• Mike Shelton
• Tommy Falgout
• Amanda Wong
• Israel Ekpo