網路拓撲和連線能力總覽Network topology and connectivity overview

這一系列的文章會檢查與 Microsoft Azure 之間的網路和連線能力相關的主要設計考慮和最佳作法。This series of articles examines key design considerations and best practices surrounding networking and connectivity to, from, and within Microsoft Azure.

規劃 IP 定址Plan for IP addressing

您的組織務必規劃 Azure 中的 IP 位址,以確保在內部部署位置和 Azure 區域之間的 IP 位址空間不會重迭。It's vital that your organization plans for IP addressing in Azure to ensure that the IP address space doesn't overlap across on-premises locations and Azure regions. 本節提供規劃混合式執行之 IP 位址的指引This section provides guidance on planning IP addressing for a hybrid implementation

設定內部部署和 Azure 資源的 DNS 和名稱解析Configure DNS and name resolution for on-premises and Azure resources

網域名稱系統 (DNS) 是整個企業規模架構中的重要設計主題。Domain Name System (DNS) is a critical design topic in the overall enterprise-scale architecture. 某些組織可能會想要在 DNS 中使用現有的投資。Some organizations might want to use their existing investments in DNS. 其他人可能會看到雲端採用將其內部 DNS 基礎結構現代化,並使用原生 Azure 功能的機會。Others might see cloud adoption as an opportunity to modernize their internal DNS infrastructure and use native Azure capabilities. 本節將探討針對混合式執行規劃 DNS 和名稱解析的指導方針。This section explores guidance on planning DNS and name resolution for hybrid implementations.

定義 Azure 網路拓撲Define an Azure network topology

網路拓撲是企業規模架構的重要元素,因為它會定義應用程式彼此通訊的方式。Network topology is a critical element of the enterprise-scale architecture because it defines how applications can communicate with each other. 本節探討適用于 Azure 部署的技術與拓撲方法。This section explores technologies and topology approaches for Azure deployments. 它著重于兩個核心方法:以 Azure 虛擬 WAN 和傳統拓撲為基礎的拓撲。It focuses on two core approaches: topologies based on Azure Virtual WAN, and traditional topologies.

虛擬 WAN 網路拓撲Virtual WAN network topology

本節將探討用來執行 Azure 虛擬 WAN 網路拓撲的選項。This section explores the option for implementing an Azure Virtual WAN network topology.

傳統的 Azure 網路拓撲Traditional Azure networking topology

本節將探討用來執行傳統 Azure 網路拓撲的選項。This section explores the option for implementing a traditional Azure networking topology.

Azure 的連線能力Connectivity to Azure

本節將擴充網路拓撲,以考慮將內部部署位置連線到 Azure 的建議模型。This section expands on the network topology to consider recommended models for connecting on-premises locations to Azure.

本節說明如何整合適用于 PaaS 服務的 Azure Private Link 與中樞和輪輻網路架構中的 Azure 私人 DNS 區域。This section describes how to integrate Azure Private Link for PaaS services with Azure Private DNS zones in hub and spoke network architectures.

Azure PaaS 服務的連線能力Connectivity to Azure PaaS services

本節將探討先前的連線章節, 探討使用 Azure PaaS 服務的建議連線方法。Building on the previous connectivity sections, this section explores recommended connectivity approaches for using Azure PaaS services.

規劃輸入和輸出網際網路連線能力Plan for inbound and outbound internet connectivity

本節說明與公用網際網路之間的輸入和輸出連線所建議的連線性模型。This section describes recommended connectivity models for inbound and outbound connectivity to and from the public internet.

規劃應用程式傳遞Plan for application delivery

本節將探索主要的建議,以安全、可高度擴充且高可用性的方式,提供面向內部和外部應用程式。This section explores key recommendations to deliver internal-facing and external-facing applications in a secure, highly scalable, and highly available way.

規劃登陸區域網路分割Plan for landing zone network segmentation

本節將探討在登陸區域內提供高度安全內部網路分割的主要建議,以推動網路的零信任實行。This section explores key recommendations to deliver highly secure internal network segmentation within a landing zone to drive a network zero-trust implementation.

定義網路加密需求Define network encryption requirements

本節將探討可在內部部署與 Azure 之間,以及在 Azure 區域之間達成網路加密的重要建議。This section explores key recommendations to achieve network encryption between on-premises and Azure as well as across Azure regions.

規劃流量檢查Plan for traffic inspection

在許多產業中,組織要求將 Azure 中的流量鏡像至網路封包收集器,以進行深度檢查和分析。In many industries, organizations require that traffic in Azure is mirrored to a network packet collector for deep inspection and analysis. 這項需求通常著重于輸入和輸出網際網路流量。This requirement typically focuses on inbound and outbound internet traffic. 本節探討在 Azure 虛擬網路內鏡像或點擊流量的重要考慮和建議方法This section explores key considerations and recommended approaches for mirroring or tapping traffic within Azure Virtual Network.

與其他雲端提供者的連線能力Connectivity to other cloud providers

本節提供將 Azure 企業規模登陸區域架構整合至其他雲端提供者的不同連線方法This section provides different connectivity approaches to integrate an Azure enterprise-scale landing zone architecture to other cloud providers.