Scaler
Academy
Data Science
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
Microsoft Azure Tutorial
Azure Virtual Network

Azure Virtual Network

By Hari Hara Sankar
5 mins read
Last updated: 28 Nov 2023
150 views
Learn via video courses
Topics Covered

Overview

In the modern world, networking plays a major role in connecting various resources and services securely. Azure Virtual Network (VNet) is a powerful and flexible networking solution offered by Microsoft Azure for creating secure networks. Let's explore the components, advantages, and a step-by-step demo of Azure VNet in this article.

What is Azure Virtual Network?

Azure Virtual Network is one of the services provided by Azure, allowing organizations to create their private network environment in the cloud for establishing secure and isolated connections between various Azure resources, and on-premises data centers, and even extend on-premises networks to the cloud. Let's explore how Azure VNet implements security in each case:

structure of azure virtual network

Connection to the Internet:

  • Azure provides Network Address Translation (NAT) for resources deployed within a VNet.
  • Azure Firewall is used to control traffic by defining rules to permit or deny specific traffic based on source, destination, port, and protocol.
  • Azure DDoS Protection Standard service is available for VNets to safeguard them from Distributed Denial of Service (DDoS) attacks.

Connections between Azure Resources:

  • Network Security Groups (NSGs) are security features that are associated with subnets and use inbound and outbound security rules to control traffic flow between Azure resources.
  • Azure Virtual Network also supports service endpoints that allow Azure services, to be accessed securely from within the VNet without reaching the public internet.

Connections with On-Premises Resources:

  • Azure VPN Gateway enables secure communication between Azure VNets and on-premises networks. The VPN Gateway supports:
    • Site-to-site VPN where an encrypted tunnel is established between the on-premises VPN device and the Azure VPN Gateway, allowing resources in both environments to communicate securely
    • Point-to-site VPN which enables secure communication between individual devices and the VNet.
  • Azure ExpressRoute provides a dedicated private connection between an on-premises network and an Azure VNet, bypassing the public internet.
  • Virtual network Azure acts as a hybrid Cloud which facilitates seamless integration between on-premises and cloud resources. We can access all the cloud resources from the on-premise cloud environment.

Advantages of Using Azure Virtual Network

  • Virtual network azure provides the ability to create a secure and isolated network environment in the cloud.
  • Feature to design custom network topologies within a VNet, including multiple subnets with their unique IP address ranges.
  • Provides secure and encrypted connections between on-premises networks and Azure VNets through VPN Gateway.
  • Ensures high availability of network connectivity within VNets, providing consistent and reliable access to resources.
  • Scalability features for the accommodation of increasing demand for resources without affecting performance.
  • Integrates with other Azure services like Azure Load Balancer, Azure Application Gateway, and Azure Firewall, enabling a complete networking solution.
  • Cost optimization by controlling data traffic and efficiently utilizing resources within the VNet.
  • Connectivity between on-premises networks and resources in the cloud, enabling hybrid cloud scenarios and easy migration of workloads.

Components of Azure VNet

  • Address Space:
    Represents the range of private IP addresses that can be used within the network. When creating a VNet, users define the address space using CIDR notation, such as 10.0.0.0/16, which provides a pool of IP addresses for resources within the VNet.
  • Subnets:
    Allow users to further divide the address space of a VNet into smaller segments, each with its range of IP addresses. For example, a VNet can have subnets for web servers, application servers, and databases, each with its unique IP address range.
  • Network Security Groups (NSGs):
    Azure's built-in firewall mechanism that provides security at the network level. NSGs contain a set of inbound and outbound security rules that control traffic flow to and from resources within subnets.
  • Virtual Network Gateway:
    Responsible for routing traffic between VNets and on-premises networks connected through VPN Gateway or ExpressRoute.
  • Azure DNS:
    Provides domain name resolution for resources within a VNet. It allows users to create custom domain names for Azure resources and manage DNS records for better accessibility.

How to Launch an Instance Using Azure VNet?

A Virtual network Azure acts as a container for multiple resources that can be assigned to different subnets. We can create multiple virtual machines that belong to the same virtual network by using different subnet addresses. The process of creating a virtual network Azure and Virtual Machine is illustrated in the next section.

structure of subnets and instances in a VNet

Demo: Step-By-Step Demo of Creating Azure Virtual Machine and Virtual Network

Step 1: Create a VNet

  • In the Azure Portal, click on Create a resource in the left-hand navigation pane and

  • Search and click on Virtual Network from the search results.

    search page for Azure Virtual Network

  • Click on Create Virtual Network to start the VNet creation process.

    Azure Virtual Network home page

  • Fill in the required details:

    • Region:
      Select the Azure region where you want to deploy the VNet.
    • IP address range:
      Specify the IP address range for the VNet, using CIDR notation (e.g., 10.0.0.0/16).
    • Subnet name and address range:
      Create a subnet within the VNet, providing a name and its IP address range (e.g., 10.0.0.0/24).
    • Click on Review + Create to create the Virtual Network.

    Azure Virtual Network creation page

Step 2: Create a Network Security Group

  • In the Azure Portal, click on Create a resource and search for Network Security Group.

    Network Security Group home page

  • Click on Create and fill in the required details for the NSG, such as name, subscription, resource group, and region, and click Create.

    Network Security Group creation page

  • Define inbound and outbound security rules by using the Settings tab in the NSG to allow or deny specific types of traffic.

    rules of NSG

Step 3: Create an Azure Virtual Machine (VM)

  • In the Azure Portal, click on Create a resource and search for Virtual Machine.

  • Click on Virtual Machine from the search results to start creating the VM. Select Azure Virtual Machine from the menu.

    Virtual Machines home page

  • Fill in the required details in the Basics tab:

    • Image:
      Choose the operating system image for the VM, such as Windows or Linux.
    • Size:
      Select the size of the VM based on your requirements.
    • Username and password (for Windows) or SSH public key (for Linux): Provide login credentials for the VM.
    • Click on the Networking tab on the top to proceed to the next step.

Step 4: Configure Networking

  • In the Networking tab, select Virtual network and choose the VNet and subnet you created earlier.

    Network Security Group networking page

  • Choose whether to assign a public IP address to enable internet access for the VM (optional).

  • Select the Network Security Group you created earlier, if applicable.

    Network Security Group configurations settings

Step 5: Review and Create the VM

  • Review all the settings you configured for the VM.
  • If everything looks correct, click on Create to start the VM deployment process.

You have now successfully created an Azure Virtual Network and launched a Virtual Machine within that VNet.

Conclusion

  • Azure Virtual Network (VNet) is a networking service in Microsoft Azure, that enables users to create private and secure network environments in the cloud.
  • VNet provides secure isolation, allowing resources within the network to communicate securely while protecting them from unauthorized access from the internet.
  • Network Security Groups (NSGs) act as a built-in firewall, controlling inbound and outbound traffic for resources within a subnet.
  • Azure VPN Gateway provides secure encrypted connections between Azure VNets and on-premises networks, supporting site-to-site and point-to-site VPN connections.
  • Azure Virtual Network integrates with other Azure services, such as Azure Load Balancer and Azure Firewall, providing a comprehensive networking solution.
  • The VNet infrastructure is highly available, ensuring consistent and reliable network connectivity within the Azure environment.
  • VNet supports efficient cost management, with options to control data traffic and optimize resource utilization.
  • Virtual network azure can be used to isolate development, testing, and production environments, ensuring stability and security in the cloud environment.