AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement Pipelines

Connectivity

In this article, you’ll learn how to architect secure, reliable connectivity for CI/CD pipelines using Azure DevOps. Proper network design ensures that agents communicate seamlessly with code repositories, build services, and deployment targets without compromising security.

Why Connectivity Matters

Connectivity is the backbone of any DevOps workflow. When pipelines cannot reach external package feeds or self-hosted agents lack network access, builds fail and deployments stall. By designing a resilient network topology, you guarantee:

  • Secure access to source code and artifacts
  • Efficient data transfer between pipeline stages
  • Compliance with organizational security policies

Azure Pipelines Network Components

The following table summarizes the key elements involved in Azure DevOps connectivity:

ComponentPurposeExample or Link
InternetProvides access to public endpoints and third-party servicesDownload NuGet packages, Docker images
Virtual Network (VNet)Isolates pipeline resources in a private Azure networkAzure VNets
Network Security Groups (NSGs)Enforce inbound/outbound traffic rules at subnet and NIC levelsAllow HTTPS (443) to Azure Artifacts
Agent PoolsExecute build and deployment jobs on Microsoft-hosted or self-hosted machinesSelf-hosted agents in a VNet require NSG and routing configuration
Inbound/Outbound Port RulesDefine which ports and protocols can enter or leave your VNetAllow outbound 443, 80 for dependency retrieval

Advanced Connectivity Features

Azure provides private and service endpoints to enhance security by avoiding the public internet:

Troubleshooting Connectivity Issues

Even the best network designs encounter issues. Start with these steps:

  • Verify NSG rules and route tables for correct port ranges and address prefixes.
  • Check DNS resolution and outbound connectivity from self-hosted agents.
  • Use Azure Monitor and Network Watcher to review logs for dropped packets or denied traffic.

Note

Enable NSG Flow Logs in Azure Monitor to capture detailed traffic information and speed up root cause analysis.

Best Practices for Secure Connectivity

  • Define least-privilege NSG rules and avoid overly permissive configurations.
  • Keep self-hosted agent VM images and NSG rule sets up to date with security patches.
  • Continuously monitor network performance metrics and security alerts.

Warning

Overly broad port rules increase attack surface. Always restrict access to specific IP ranges and protocols.

The image illustrates best practices for connectivity, emphasizing regular updates and network performance monitoring. It includes icons representing updates and performance metrics, with accompanying text for each practice.

Conclusion

Robust network connectivity is critical for seamless CI/CD operations in Azure DevOps. By correctly configuring VNets, NSGs, agent pools, and leveraging private or service endpoints, you’ll ensure your pipelines remain secure, reliable, and performant.

The image is a flowchart illustrating the CI/CD process, including stages like Plan, Code, Build, Test, Release, Deploy, Operate, and Monitor. It emphasizes the importance of connectivity and proper network setup for efficient CI/CD.

Further Reading

Watch Video

Watch video content

Previous
Licensing