|
A few months back, a customer called me with a familiar frustration. They had a solid hub-and-spoke topology in Azure — around 100 spoke VNets, one per application team, clean isolation, good governance. Textbook setup. The problem? Traffic between their spokes had to pass through an Azure Firewall Premium they'd deployed in the hub, and they were starting to hit the 100 Gbps ceiling. On top of that, their monthly Azure Firewall bill had grown to a point where the finance team was asking questions — and the honest answer was: *"We're mostly using it as a router, not a firewall.
0 Comments
Almost every platform engineer experiences the same moment when joining a company with a long-running cloud platform.
You open the repository. You start reading the Terraform code. You inspect the CI/CD pipelines. And suddenly… confusion. 
Understanding Azure Network Security: Differentiating Azure Firewall, WAF, DDoS Protection, and NSGs2/7/2025 In the realm of Azure's network security, understanding the distinct roles of services like Azure Firewall, Web Application Gateway (WAF), Distributed Denial of Service (DDoS) Protection, and Network Security Groups (NSGs) is pivotal for crafting a robust security architecture. Each service offers unique functionalities tailored to specific security needs.  In today's data-driven landscape, organizations often grapple with managing large-scale databases efficiently while keeping costs in check. Azure SQL Database offers a solution tailored for such scenarios: the Hyperscale service tier. This tier is particularly beneficial for applications requiring expansive storage without proportionally high compute resources  Most customers I've encountered often approach Azure networking the same way they would with on-premises environments. For instance, they tend to create a dedicated VNet or subnet for each application, believing that this strategy will help organize their resources in the cloud  Terraform 1.10 introduced a groundbreaking concept called ephemeral resources. An ephemeral resource is not persisted to the state file. Take a moment to let that sink in! Ephemeral resources address a long-standing issue: secret values being stored in the state file as plaintext. With ephemeral resources, your secrets are no longer at risk if the state file is compromised. This solution is particularly valuable for enhancing the security of sensitive data.  |
Author
Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 11 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products. 
Top 10 Microsoft Azure Blogs
Archives
February 2026
Categories
All
|
RSS Feed
