AzureStack breakdown of Distributed Firewall
Following up on the previous AzureStack blogpost (Software load balancing –> http://msandbu.org/azurestack-breakdown-of-load-balancing-component/) I wanted to continue on the firewall component, which is also a new component which is now part of Windows Server 2016 as well. The solution in place in AzureStack is the same one that is available in Azure aka (Network Security Groups) now compared to regular firewalls, the NSG can also be based on pure later 2 network, meaning that we can specify rules on virtual machines on the same subnet.So again using the distributed firewall the central component here is the Network Controller, which is used to deploy and manage the policies across the different hosts. All Hyper-V host has a Network Controller Host agent service installed, which is used as a component for multiple services but for the distributed firewall it is a vSwitch port host agent running.
Read the entire article here, AzureStack breakdown of Distributed Firewall
via Marius Sandbu.