Secure Networking Hackathon

Azure Virtual Network, Azure Virtual WAN, Azure ExpressRoute, Azure VPN Gateway, Azure Virtual Network NAT Gateway, Azure DNS, Azure Peering service, Azure Private Link, Azure Traffic Manager, Azure Front Door, Azure Application Gateway, Azure Load balancer, Azure Network Security Groups, Azure Web Application Firewall, Azure Virtual Network Endpoints, Azure Network Watcher 

To be successful and get the most out of this Hack, it is highly recommended that participants have previous experience with:  

• Required knowledge of Azure network administration  
• Required knowledge of Azure Fundamentals  
• Understanding of network configurations, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies. 
• Understanding of software defined networking 
• Understanding hybrid network connectivity methods, such as VPN
• Understanding resilience and disaster recovery, including high availability, and restore operations regarding networking. 

Overview 

Contoso Mortgage Company (CMC) is in the process of expanding their cloud footprint and needs a secure global cloud network. They have tasked you and your team with designing and deploying their Azure network environment and gradually scaling up to meet the demands of their enterprise level security and network requirements. CMC is currently focused on leveraging a combination of PaaS and IaaS resources in Azure. It is up to you to present the best design based on their requirements.  

Challenge 1: Build the foundation   

Contoso Mortgage requires a strong foundation that they can leverage for development and future production workloads. They want to leverage a shared services model that is designed to scale to multiple regions in the future. In this challenge, your team is tasked with designing and deploying CMCs Azure network foundation.  

Learning objectives: 

• Design and implement Azure Virtual Networks 
• Design and implement hybrid connectivity   
• Validate hybrid connection  
• Understand BGP configurations in Azure 

Challenge 2: Deploy the first application 

The application team has asked for their OHND App to be the first project deployed on Azure. Your task is to deploy the web and application tier reliably in Azure. This will be the first of many applications deployed. Be sure to plan your network design accordingly.  

Learning objectives: 

• Deploy and load balance a web application  

• Ensure network design is scalable for future workloads 
• Validate application is highly available and traffic is redirected in the case of an outage   
• Enable secure access to manage VMs  

Challenge 3: Design and implement network security  

In this challenge, you will address the network security requirements presented by CMC. The Network Security team requires central control over the security aspects, such as Firewall, and requires granular management capabilities for each workload.   

Learning objectives: 

• Design and deploy subnet level network security  
• Design and deploy a solution to inspect and filter inbound and outbound traffic from the Azure network  

• Design and deploy a solution that provides a central security policy and route management  
• Utilize cloud native network monitoring tools   

Challenge 4: Design and implement web application security  

CMC requires web application security that leverages layer 7 load balancing. In this challenge, you will design a solution that meets their requirements and integrates with your existing network design.  

Learning objectives:  

• Design and document the options considered and present the best solution  
• Implement secure delivery of web applications  
• Ensure all web applications are secure by default 

Challenge 5: CMC goes global   

CMC is ready to go global. In this challenge, you will expand the network architecture to multiple Azure regions and establish global connectivity between VNets in the Azure regions. Your network design must continue to evolve to meet the growing needs as the company expands.  

Learning objectives:  

• Design and deploy a muti region cloud network 
• Design and implement global load balancing   

• Design to optimize the application user experience including the case of a regional outage  

Challenge 6: Secure access to Azure PaaS services  

In this challenge, you will design a solution that provides private access to the PaaS database as well as a solution that ensures Azure services are automatically integrated with DNS.  

Learning objectives:  

• Design and implement a solution to keep database access on the internal network and not over public endpoints  
• Understand the DNS solutions available in Azure 
• Design and implement a DNS solution in Azure 

Challenge 7: Integrating name resolution between Azure and on prem   

In this challenge, you will learn advanced DNS techniques to manage and integrate your private DNS on-prem and in Azure.  

Learning objectives:  

• Resolving prem names in Azure 
• Resolving azure names from on prem  

• Enabling access to private endpoints from on-prem  

Challenge 8: Centrally manage Azure Virtual Networks at scale   

In this challenge, you will operationalize your network design by leveraging cloud native scaling and management tools. 

Learning objectives:  

• Vnet peering network management at scale 
• Network security management at scale 
• Hierarchal network security  

Challenge 9: Retrospective – Looking back  

Now that you have solved all of CMC’s challenges, as team take the time to reflect and answer the last set of questions. The objective of this challenge is to reflect on design decisions and analyze the pros and cons of your solutions.  

Learning objectives:  

• Communicate design decisions and tradeoffs  
• Understand design limitations   

• Reflect on a global scale   

• Networking is a critical component for any cloud or hybrid solution to ensure performance, resiliency, and security. Azure includes a robust networking infrastructure to support your application and service connectivity requirements. 
• Azure networking and security solutions provide options for customers to connect to Microsoft in a secure and reliable manner. This establishes a foundational structure for building their hybrid cloud strategy.  

• Azure networking built-in experiences across platforms provide for a friction-free experience. Enabling everyone to connect and work securely from anywhere, on any platform.  
• Leverage Microsoft’s comprehensive suite of leading solutions unified across people, devices, apps, and data.   

• Achieving a global hybrid network that is secure, scalable, and resilient to failures 
• Identify Azure Networking solutions that improve application delivery, security, and availability  
• Managing and operationalizing a global hybrid network  

• Target Audience:  

• Microsoft – CE, CSE, CSA, GBB, TPM, ATT, CAE, Support,  
• Customer – Network Engineers, Solution Architects, Security architects, Application developers, DevOps engineers, Systems administrators, Systems integrators 

• Target verticals:  

• Networking, Security, Infra, Apps, Data Architects, cross workload  
• Cross-industry, cross-solution  
• All 

• Customer profile(s): 

• Enterprise customers  
• Customers who want to host workloads in the cloud 
• Customers who are looking to deploy new cloud-native applications and/or infrastructure into Azure 
• Customers who currently have cloud-native applications running in production and are seeking visibility into optimization in terms of networking, routing, performance, availability, and security  
• Customers who have migrated traditional, on-premises workloads to Azure and are seeking additional assistance in optimization for cloud networking operations. 

• 3 Days