The basic building piece for your Azure private network is the Azure Virtual Network (VNet). VNet enables numerous types of Azure resources, including Azure Virtual Machines (VM), to securely connect to one another, the internet, and on-premises networks. When it comes to scale, availability, and isolation, VNet is identical to a traditional network within your own data center but comes with additional Azure infrastructure features.
Table of Contents:
Check out this Intellipaat Microsoft Azure Full Course video:
Why use an Azure Virtual network?
Azure virtual networks enable on-premises networks and the internet to be safely connected to Azure resources. A virtual network can be used to filter network traffic, route network traffic, interact with Azure services, and communicate between Azure resources, and on-premises resources.
Advantages of using Azure Virtual Network
Several benefits of using the Azure virtual network are:
- It provides a safe environment for your applications.
- By default, a subnet in a VNet can connect to the public internet.
- We can easily route traffic from resources.
- It is a very secure network.
- It has excellent network connectivity.
- It simply creates complicated network topologies.
Azure Vnet Capabilities
Below mentioned are the capabilities of Azure Vnet:
- Isolation and segmentation: Virtual machines will be isolated from other resources when deployed into virtual networks. Because we’ve added the virtual machine to a virtual network, it can’t be accessed from the Internet or other Azure resources unless we permit connectivity between them. We can also employ subnets within virtual networks to further segment our network resources.
- Communication with the Internet: By default, all virtual network resources can communicate outbound to the Internet. However, it must create an inbound Internet connection. We have the option of using public IP addresses or load balancers.
- Communicate between resources: Communication between the virtual network’s resources or with other resources via service endpoints.
- Communication with on-premises resources: Your workloads in the Azure virtual network can interact with workloads in our on-premises data center smoothly by deploying either a point-to-site VPN, a site-to-site VPN, or an Express route.
Features of Azure Virtual Network
There are numerous features available within the Azure virtual network for traffic control:
- Filter network traffic: To filter traffic arriving at virtual network resources, we can utilize Network Security Groups, Application Security Groups, Azure firewalls, or third-party network virtual appliances.
- Route network traffic: We can route network traffic using routing tables, or we can set user-defined routes to route all outgoing traffic, for example, through a firewall.
- Monitor network traffic: You will be able to monitor both inbound and outgoing communications using network security groups and traffic analysis monitoring systems.
- Subnet: The subnet is important since various configurations will be performed at the subnet level. It is a set of IP addresses in the VNet. Vnet can be divided into numerous subnets based on various architectural concerns, such as deploying a virtual machine, an App services environment, an integration service environment, and so on. VMs and PaaS services are installed in separate subnets inside the same VNet and can connect with one another without any further configuration. Subnets are set up with route tables, NSG, service endpoints, and policies.
Azure Virtual Network Architecture
A typical virtual network design for an n-tier application architecture is shown in the diagram above.
The virtual network has been partitioned into subnets depending on workloads such as the:
- web tier, which contains the user interface,
- the business tier, which operates the business logic,
- and the data tier, which hosts the data source.
In order to assign one Network Security Group (NSG) to each subnet and control traffic flows between the tiers, it is essential to create separate subnets for each group of virtual machines.
For instance, the data tier subnet shouldn’t immediately receive an HTTP request from the internet.
The Network Security Group of the Data Tier Subnet can be given an access policy that restricts access to inbound requests to the business tier subnet only.
Any further attempts to access the data tier using a protocol other than the business tier will be denied
In a similar manner, we can set up an access policy on the business tier subnet’s NSG such that the inbound request source IP address is within the bounds of the web tier subnet.
Additionally, by assigning them to a separate Subnet within a Virtual Network, we may control the traffic requests to Active Directory.
Azure Virtual Network limits
Only networking resources managed by Azure Resource Manager per region per subscription are subject to the following limitations.
Resources | Limit |
Virtual network | 1,000 |
Subnets per virtual network | 3,000 |
Virtual network peerings per virtual network | 500 |
VPN gateways per virtual network | 1 |
DNS servers per virtual network | 20 |
Private IP addresses per virtual network | 65,536 |
Private IP address per network interface | 256 |
Private IP address per virtual machine | 256 |
Get 100% Hike!
Master Most in Demand Skills Now!
Pricing
Microsoft Azure provides a free Virtual Network. Each subscription allows for the creation of up to 50 Virtual Networks across all regions.
VNET Peering connects two virtual networks, either in the same or different areas, and allows you to route traffic between them using private IP addresses (carry a nominal charge).
At both ends of the peer networks, inbound and outgoing traffic is charged. Network equipment that run within a virtual network, such as VPN Gateway and Application Gateway, are also charged.
Virtual network peering:
Through virtual network peering, you can transport communication between virtual networks using private IP addresses. At both ends of the peer networks, ingress and egress traffic is charged.
VNET Peering within the same region
Inbound data transfer | $0.01 per GB |
Outbound data transfer | $0.01 per GB |
Summary
A virtual network is a group of IP addresses that are joined together. It is a crucial factor to take into account while creating cloud-based apps.
It is advised to create distinct subnets for distinct tiers of an application and attach each subnet to a network security group with constrained inbound and outgoing security rules in order to safeguard each layer of the application architecture within a highly secured network.