Detailed Course Outline
Overview
Contoso Mortgage Company (CMC) is in the process of expanding their cloud footprint and needs a secure global cloud network. They have tasked you and your team with designing and deploying their Azure network environment and gradually scaling up to meet the demands of their enterprise level security and network requirements. CMC is currently focused on leveraging a combination of PaaS and IaaS resources in Azure. It is up to you to present the best design based on their requirements.
Challenge 1: Build the foundation
Contoso Mortgage requires a strong foundation that they can leverage for development and future production workloads. They want to leverage a shared services model that is designed to scale to multiple regions in the future. In this challenge, your team is tasked with designing and deploying CMCs Azure network foundation.
Learning objectives:
- Design and implement Azure Virtual Networks
- Design and implement hybrid connectivity
- Validate hybrid connection
- Understand BGP configurations in Azure
Challenge 2: Deploy the first application
The application team has asked for their OHND App to be the first project deployed on Azure. Your task is to deploy the web and application tier reliably in Azure. This will be the first of many applications deployed. Be sure to plan your network design accordingly.
Learning objectives:
- Deploy and load balance a web application
- Ensure network design is scalable for future workloads
- Validate application is highly available and traffic is redirected in the case of an outage
- Enable secure access to manage VMs
Challenge 3: Design and implement network security
In this challenge, you will address the network security requirements presented by CMC. The Network Security team requires central control over the security aspects, such as Firewall, and requires granular management capabilities for each workload.
Learning objectives:
- Design and deploy subnet level network security
- Design and deploy a solution to inspect and filter inbound and outbound traffic from the Azure network
- Design and deploy a solution that provides a central security policy and route management
- Utilize cloud native network monitoring tools
Challenge 4: Design and implement web application security
CMC requires web application security that leverages layer 7 load balancing. In this challenge, you will design a solution that meets their requirements and integrates with your existing network design.
Learning objectives:
- Design and document the options considered and present the best solution
- Implement secure delivery of web applications
- Ensure all web applications are secure by default
Challenge 5: CMC goes global
CMC is ready to go global. In this challenge, you will expand the network architecture to multiple Azure regions and establish global connectivity between VNets in the Azure regions. Your network design must continue to evolve to meet the growing needs as the company expands.
Learning objectives:
- Design and deploy a muti region cloud network
- Design and implement global load balancing
- Design to optimize the application user experience including the case of a regional outage
Challenge 6: Secure access to Azure PaaS services
In this challenge, you will design a solution that provides private access to the PaaS database as well as a solution that ensures Azure services are automatically integrated with DNS.
Learning objectives:
- Design and implement a solution to keep database access on the internal network and not over public endpoints
- Understand the DNS solutions available in Azure
- Design and implement a DNS solution in Azure
Challenge 7: Centrally manage Azure Virtual Networks at scale
In this challenge, you will operationalize your network design by leveraging cloud native scaling and management tools.
Learning objectives:
- Vnet peering network management at scale
- Network security management at scale
- Hierarchal network security
Challenge 8: Integrating name resolution between Azure and on prem
In this challenge, you will learn advanced DNS techniques to manage and integrate your private DNS on-prem and in Azure.
Learning objectives:
- Resolving prem names in Azure
- Resolving azure names from on prem
- Enabling access to private endpoints from on-prem
Challenge 9: Retrospective – Looking back
Now that you have solved all of CMC’s challenges, as team take the time to reflect and answer the last set of questions. The objective of this challenge is to reflect on design decisions and analyze the pros and cons of your solutions.
Learning objectives:
- Communicate design decisions and tradeoffs
- Understand design limitations
- Reflect on a global scale