Terms

Azure

During this lab we will be working with the below Azure constructs.

  • Azure Portal - Is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments.

  • Cloud Shell - Is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

  • Regions - Regional datacenters deployed within a latency-defined perimeter. They’re connected through a dedicated regional low-latency network. This design ensures that Azure services within any region offer the best possible performance and security.

  • Availability Zones - Are connected by a high-performance network with a round-trip latency of less than 2ms. They help your data stay synchronized and accessible when things go wrong. Each zone is composed of one or more datacenters equipped with independent power, cooling, and networking infrastructure. Availability zones are designed so that if one zone is affected, regional services, capacity, and high availability are supported by the remaining two zones. Azure AZ

  • Resource Group - Is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

  • VNet - enables Azure resources, such as Azure Virtual Machines, to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

  • Subnet - Is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one virtual network. NICs connected to subnets (same or different) within a virtual network can communicate with each other without any extra configuration.

  • ILB - Internal load balancers are used to load balance traffic inside a virtual network within Azure.

  • VNet Peering - Enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes.

  • UDR - You can create custom, or user-defined(static), routes in Azure to override Azure’s default system routes, or to add additional routes to a subnet’s route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets.

  • Security Groups - Filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

  • Images - Managed image resources can be created from a generalized virtual machine (VM) that is stored as either a managed disk or an unmanaged disk in a storage account. The image can then be used to create multiple VMs.

  • ARM - Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account.

  • VM Scale Sets - Virtual machine scale sets (VMSS) let you create and manage a group of load balanced VMs.

  • Azure Marketplace An online store that contains thousands of IT software applications and services built by industry-leading technology companies.

cPacket

cPacket Networks is a company that provides “Network-Aware Application Performance” tools. Vectra uses the cVu appliance by cPacket to create a virtual TAP for Azure environments. It’s important to note that since cPacket captures these packets via routing we don’t have visibility to instances on the same subnet. In this lab we cover east-west traffic monitoring only. If north-south traffic must be captured there are additional steps required such as; routing to a firewall/gateway subnet, using Azure Gateway Load-Balance, or deploying cPacket in NAT mode. In a production environment cVu should be deployed with a minimum of 3 appliances behind an Azure ILB. The cVu appliance is a Network Virtual Appliance (NVA) similar to a firewall in terms of reliability. The cVu appliance is licensed by total throughput and not the number of appliances.

  • cVu - TAP and packet broker that forwards to Vectra Sensor over vxlan (required)

  • cClear - Unified management console for all cPacket appliances (not required)

  • cStor - Stored packet capture for full TCP analytics (not required)

  • ccloud - Command line interface to help deploy cVu-V, cStor-V, and cClear-V into several public clouds

Vectra

  • Brain - The Brain is available in 2 sizes:

    • Standard_E32s_v3 (Default) 32 Cores 256GB RAM

      • 15 Gbps

      • Up to 150,000 IPs monitored

    • Standard_E16s_v3 16 Cores 128GB RAM

      • 5 Gbps

      • Up to 50,000 IPs monitored

  • Sensors - In Azure Sensors are deployed in a VM Scale Sets (VMSS). There is only one Sensor deployed per (VMSS). Having the Sensor in a scale set insures there is always a Sensor online. The Sensor is limited to 1Gbs or 2Gbs depending on the hardware profile in Azure. If deploying the Sensor from the Azure MarketPlace it must be placed in an empty Resource Group.