Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

8. Glossary

Administrative Distance (AD) — Value indicating the trustworthiness of a routing source. Not directly used in Azure but relevant for hybrid scenarios with BGP.

Application Security Group (ASG) — Logical grouping of NICs for simplified NSG rules without IP addresses. See Section 6.1.2.

Azure Bastion — PaaS service providing secure RDP/SSH access to VMs without public IPs. Requires AzureBastionSubnet.

Azure Firewall — Managed, cloud-native firewall service with threat intelligence and FQDN filtering. See Section 6.2.

Azure Front Door — Global Layer 7 load balancer with CDN and WAF capabilities. See Section 4.4.

BGP (Border Gateway Protocol) — Dynamic routing protocol used by VPN Gateway and ExpressRoute for route exchange.

CIDR (Classless Inter-Domain Routing) — IP addressing notation (e.g., 10.0.0.0/16) specifying network and host portions.

DNS Private Resolver — Managed service enabling DNS forwarding between Azure and on-premises. See Section 2.2.3.

ExpressRoute — Dedicated private connection between on-premises and Azure, bypassing the public internet. See Section 3.3.

FQDN (Fully Qualified Domain Name) — Complete domain name (e.g., www.contoso.com).

Gateway Transit — VNet peering feature allowing spoke VNets to use hub's VPN/ExpressRoute gateway. See Section 2.3.1.

IKE (Internet Key Exchange) — Protocol establishing security associations for IPsec VPNs.

IPsec — Protocol suite providing authentication and encryption for VPN tunnels.

Load Balancer — Azure service distributing traffic across backend pool members. See Section 4.1.

NAT Gateway — Azure service providing outbound internet connectivity with static IPs. See Section 2.3.4.

NSG (Network Security Group) — Stateful packet filter for Azure VNet resources. See Section 6.1.

Private DNS Zone — Azure DNS zone for internal name resolution within VNets. See Section 2.2.2.

Private Endpoint — Network interface with private IP connecting to Azure PaaS services. See Section 5.1.1.

Private Link — Azure feature enabling private connectivity to PaaS services and custom services. See Section 5.1.

Route Table — Collection of user-defined routes (UDRs) associated with subnets. See Section 2.3.2.

Service Endpoint — Feature extending VNet identity to PaaS services for network-level access control. See Section 5.2.

Service Tag — Named group of IP prefixes managed by Microsoft for use in NSG rules.

SNAT (Source Network Address Translation) — Translating private source IPs to public IPs for outbound connections.

Subnet Delegation — Granting Azure services permission to inject resources into a subnet.

Traffic Manager — DNS-based global traffic distribution service. See Section 4.2.

UDR (User-Defined Route) — Custom route overriding Azure's system routes.

VNet (Virtual Network) — Isolated network segment in Azure. See Section 2.1.

VNet Peering — Connecting VNets for direct, low-latency communication. See Section 2.3.1.

Virtual WAN — Managed networking service for global enterprise connectivity. See Section 3.4.

VPN Gateway — Azure gateway for site-to-site and point-to-site VPN connections. See Sections 3.1 and 3.2.

WAF (Web Application Firewall) — Layer 7 protection against web application attacks. See Section 6.3.

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications