Select Page

Networking in Azure: A Guide for Beginners

Written by True Topia

May 17, 2022

Networking in Azure 101– Azure Virtual Network (VNet) is the most fundamental component of your Azure private network. Several kinds of Azure resources, such as Azure Virtual Machines (VM), can communicate securely with one another and also the internet, and on-premises networks, thanks to VNet. VNet is akin to a core network running in your own data center. Still, it comes with Azure’s infrastructure features like capacity, reliability, and segregation.

AZURE networking services overview

Azure networking services offer a wide range of networking features that can be combined or used independently.

  • Connectivity services:  Connect Azure and on-premise resources by employing any or all of the following networking services in Azure: Virtual Network (VNet), Virtual WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, Peering service, and Azure Bastion.
  • Application protection services: Use any or all of the following networking services in Azure to safeguard your applications: Load Balancer, Private Link, DDoS protection, Firewall, Network Security Groups, Web Application Firewall, and Virtual Network Endpoints.
  • Application delivery services. Deliver applications on the Azure network by utilizing any or all of the following networking services in Azure: Content Delivery Network (CDN), Azure Front Door Service, Traffic Manager, Application Gateway, Internet Analyzer, and Load Balancer.
  • Network monitoring: Monitor your network resources with any or all of the following Azure networking services: Network Watcher, ExpressRoute Monitor, Azure Monitor, or VNet Terminal Access Point (TAP).

Connectivity services

Virtual Network (VNet), ExpressRoute, VPN Gateway, Virtual WAN, Virtual network NAT Gateway, Azure DNS, Azure Peering service, and Azure Bastion are the services in this area that offer communication between Azure resources, connectivity from an on-premises network to Azure resources, and the branch to branch connectivity in Azure.

Virtual network

AZURE Virtual Network (VNet) is the fundamental building block for your private network in AZURE. You can use VNets to:

  • Communicate between AZURE resources
  • Communicate between each other
  • Communicate to the internet
  • And with on-premises networks

ExpressRoute

You can use ExpressRoute to expand your on-premises networks into the Microsoft cloud via a private connection supported by a connectivity provider. This is a secure connection. The internet does not carry traffic. You can connect to Microsoft cloud services such as Microsoft Azure, Microsoft 365, and Dynamics 365 via ExpressRoute.

VPN Gateway

VPN Gateway enables you to establish secure cross-premises connections to your virtual network from on-premises sites and secure relationships between VNets. The connections can be configured in various ways, including site-to-site, point-to-site, and VNet-to-VNet.

Virtual WAN

Azure Virtual WAN is a networking service that allows you to connect your branches to and from Azure in an optimal and automated way. Azure regions act as hubs to which you can connect your components. You may use the Azure backbone to link branches to VNets as well. Many Azure cloud connectivity services, like site-to-site VPN, ExpressRoute, and point-to-site user VPN, are combined into a single functional portal with Azure Virtual WAN.

AZURE DNS

Azure DNS is a DNS domain hosting service that uses Microsoft Azure resources to deliver name resolution. You can manage your DNS records that use the same credentials, APIs, tools, and pricing as your other Azure services if you host your domains in Azure.

AZURE Bastion

The Azure Bastion service is a centrally managed PaaS service that you may deploy within your virtualized environment. It allows you to connect to your virtual servers through RDP/SSH directly from the Azure site using TLS. Your virtual servers do not require a public IP address when connected using Azure Bastion.

Virtual network NAT Gateway

Virtual Network NAT (network address translation) simplifies outbound-only internet connectivity for virtual networks. All outbound connectivity uses your specified static public IP addresses when configured on a subnet. Without a load balancer or public IP addresses directly attached to virtual machines, outbound connectivity is possible.

AZURE Peering Service

AZURE Peering service administration upgrades client availability to Microsoft cloud administrations, for example, Microsoft 365, Dynamics 365, programming as a help (SaaS) administrations, AZURE, or any Microsoft administrations open through the public web.

Application protection services

This section explains how Azure networking services can help you protect your network resources. – Use any or all of Azure’s networking services to safeguard your applications, including DDoS protection, Private Link, Firewall, Web Application Firewall, Network Security Groups, and Virtual Network Service Endpoints.

DDoS Protection

Azure DDoS Protection protects against even the most advanced DDoS attacks. The solution provides better DDoS mitigation capabilities for your business and assets hosted in your virtual networks. Customers that use Azure DDoS Protection also have access to DDoS Rapid Response assistance, which allows them to contact DDoS professionals during an active attack.

AZURE Private Link

Azure Private Link allows you to use a private endpoint in your virtual network to access Azure PaaS Services (Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services. The Microsoft backbone network transports traffic between your virtual network and the service. As a result, it is no longer essential to expose your service to the public internet. Instead, you can create your private link service in your virtual network and offer it to your customers.

AZURE Firewall

AZURE Firewall is a well-managed, cloud-based network security administration that safeguards your AZURE Virtual Network assets. Utilizing AZURE Firewall, you can halfway make, implement, and log application and organization availability approaches across memberships and virtual organizations. Sky blue Firewall operates a static public IP address for your virtual organization assets permitting outside firewalls to recognize traffic beginning from your virtual organization.

Web Application Firewall

Your web applications are protected by the Azure Web Application Firewall (WAF) from common internet attacks and weaknesses like SQL injection and cross-site scripting. In addition, managed rules give out-of-the-box protection from the OWASP top 10 liabilities in Azure WAF. Customers can also set up custom rules, which are customer-managed rules that provide extra security depending on source IP ranges and request elements, including headers, cookies, form data fields, and query string parameters.

Customers can use Azure WAF with Application Gateway to protect organizations in public and private address spaces on a regional level. They could also use Azure WAF with Front Door, covering public endpoints at the network edge.

Network security groups

A network security group can monitor network activity to or from Azure resources in an Azure virtual network.

Service endpoints

Virtual Network (VNet) service administration endpoints broaden your virtual organization’s private location space and the character of your VNet to the AZURE administrations over an immediate association. Endpoints permit you to tie down your essential AZURE assistance assets to just your virtual organizations. Traffic from your VNet to the AZURE assistance generally stays on the Microsoft AZURE spine organization.

Application delivery services

This segment depicts organizing administrations in AZURE that assist with conveying applications – Content Delivery Network, AZURE Front Door Service, Traffic Manager, Load Balancer, and Application Gateway.

Content Delivery Network

Content Delivery Network (CDN) offers engineers a worldwide answer for quickly conveying high-data transfer capacity content to clients by reserving their substance at decisively positioned hubs worldwide.

AZURE Front Door Service

AZURE Front Door Service empowers you to characterize, make due, and screen the worldwide steering for your web traffic by enhancing best execution and moment worldwide failover for high accessibility. With Front Door, you can change your worldwide (multi-district) consumer and enterprise applications into robust, elite execution customized current applications, APIs, and content that contact a worldwide crowd with AZURE.

Traffic Manager

AZURE Traffic Manager is a DNS-based traffic load balancer that enables you to convey traffic ideally to administrations worldwide AZURE locales while giving high accessibility and responsiveness. Traffic Manager provides a scope with traffic-directing techniques to circulate such as priority, weighted, performance, geographic, multi-value, or subnet.

Load Balancer             

The AZURE Load Balancergives elite execution, low-idleness Layer 4 burden adjusting for all UDP and TCP conventions. It oversees inbound and outbound associations. You can arrange public and interior burden-adjusted endpoints. You can characterize rules to plan inbound associations with back-end pool objections by utilizing TCP and HTTP wellbeing and examining choices to oversee administration accessibility.

Network monitoring services

This segment portrays organizing administrations in AZURE that assist with checking your organization assets – Network Watcher, AZURE Monitor Network Insights, AZURE Monitor, ExpressRoute Monitor, and Virtual Network TAP.

Network Watcher

Network Watcher, Azure Monitor Network Insights, Azure Monitor, ExpressRoute Monitor, and Virtual Network TAP are all networking services in Azure that let you monitor your network resources.

AZURE Monitor Network Insights

Azure Monitor for Networks offers a thorough picture of health and statistics for all installed network resources without requiring any configuration. It also gives you access to network monitoring tools like Connection Monitor, network security group tracking, and traffic analytics.

AZURE Monitor

AZURE Monitor expands the accessibility and execution of your applications by conveying a complete answer for gathering, dissecting, and following up on telemetry from your cloud and on-premises conditions. In addition, it assists you in understanding how your apps function and effectively identifies errors that may harm them or the resources they rely on.

Elements of AZURE Virtual Networks

AZUREVNets offer various types of assistance and functionalities for associating AZURE assets. Microsoft has designed these administrations to give organizations all of the tools they require to satisfy their cloud arrangement needs. The accompanying areas portray some of the critical ideas for conveying AZURE Virtual Networks.

Address Space

You must provide a bespoke private IP address space utilizing public and personal (RFC 1918) addresses when constructing a VNet. Azure assigns a private IP address to virtual network resources from the address space you choose. So, if you deploy a VM in a VNet with an address space of 10.0.0.0/16, for example, the VM will be given a private IP address of 10.0.0.4.

Subnets

Subnets are more modest divisions of the virtual organization. Subnetting permits you to dispense a more modest part of the VNet’s location space to explicit assets. Subnets further develop IP address allotment by characterizing fewer IP addresses in the virtual organization’s usable space.

Network Security Groups

Network Security Groups (NSG) safeguard each subnet within a virtual organization. You use NSGs to channel traffic all through a virtual organization. You characterize the source and objective, port, and convention for each standard to recognize the traffic.

How to Create AZURE Virtual Networks

Microsoft provides multiple ways to create AZURE Virtual Networks. Here we are about to cover three such ways:

  • Using the AZURE Portal
  • Using AZURE PowerShell
  • And the AZURE CLI

AZURE Portal

To create an AZURE Virtual Network using the AZURE Portal:

  1. First, navigate and sign in to the AZURE portal.
  2. Then, select Create a resource on the AZURE Portal homepage.
  3. On the Create a resource page, search the marketplace for virtual network and select it from the results.
  4. On the Virtual Network page, select Create.
  5. At Create virtual network page, configure the information in the Basics tab.
  • Subscription: Select the subscription to bill the resource against
  • Resource group: create a new resource group or choose an existing one
  • Name: enter vnet-westus-001
  • Region: select the West US region
  1. Select Next: IP Addresses button at the bottom of the page.
  2. In the IPv4 address space section, AZURE has pre-populated the address space 10.1.0.0/16. Select this existing address space and change it to 10.100.0.0/16.
  3. If you want to add subnets now, select + Add subnet, then enter the subnet name snet-subnet1 and an address range of 10.50.25.0/24.
  4. Review the address space and subnets, select Review + create and create after the portal validates the configuration.

AZURE PowerShell

To create a virtual network and subnets using AZURE PowerShell:

  1. Create a virtual network using the New-AzVirtualNetwork command, specifying:
  • The virtual network name (vnet-eastus-001)
  • Resource group (virtualNetworks-rg)
  • Location (eastus)
  • Address prefix (172.16.0.0/16).

Save the new virtual network to a variable named $vnet.

  1. $vnet = New-AzVirtualNetwork `
  2. ?
  3. -Name ‘vnet-eastus-001’ `
  4. ?
  5. -AddressPrefix 172.16.0.0/16 `
  6. ?
  7. -Location eastus `
  8. ?
  9. -ResourceGroupName ‘virtualNetworks-rg’
  10. Create a subnet for the new virtual network using the Add-AzVirtualNetworkSubnetConfig. You will need to specify:
  • Subnet name (subnet1)
  • Subnet address prefix (172.16.20.0/24)
  • The virtual network using the $vnet variable

Save the new subnet to a variable named $subnet1.

  1. $subnet1 = Add-AzVirtualNetworkSubnetConfig `
  2. ?
  3. -Name ‘subnet1’ `
  4. ?
  5. -AddressPrefix 172.16.20.0/24 `
  6. ?
  7. -virtual network $vnet
  8. Associate the new subnet to the virtual network by piping the $subnet1 variable to the Set-AzVirtualNetwork command. PowerShell will output the updated network object with the subnet information.
  9. $subnet1 | Set-AzVirtualNetwork

If you want to create a virtual network and subnets simultaneously, you must create the subnet object first. When you create the virtual network, you specify the subnet objects.

  1. Create a new subnet configuration using the New-AzVirtualNetworkSubnetConfig specifying:
  • The subnet name (subnet1)
  • The address prefix (172.16.20.0/24)
  • $subnet1 = New-AzVirtualNetworkSubnetConfig `
  • ?
  • -Name ‘subnet1’ `
  • ?
  • -AddressPrefix 172.16.20.0/24
  • Repeat step 1 with a new variable name, subnet name, and address prefix for each subnet to add to the virtual network.
  • Use the New-AzVirtualNetwork command to create a virtual network. Use the -Subnet parameter to specify each saved subnet variable separate by commas. This example uses three subnets.
  • $vnet = New-AzVirtualNetwork `
  • ?
  • -Name ‘vnet-eastus-001’ `
  • ??
  • -ResourceGroupName ‘virtualNetworks-rg’ `
  • ?
  • -Location ‘eastus’ `
  • ?
  • -AddressPrefix 172.16.0.0/16 `
  • ?
  • -Subnet $subnet1,$subnet2,$subnet3

AZURE CLI

To create a virtual network and subnets using the AZURE CLI:

  1. Use the az network vnet create command and specify the virtual network properties, including one subnet:
  • Name (vnet-centralus-001)
  • Resource group (virtualNetworks-rg)
  • Location (centralus)
  • Address prefix (192.168.0.0/16)
  • Subnet name (subnet1)
  • Subnet address prefix (192.168.10.0/24)
  • az network vnet create \
  • ?
  • –name ‘vnet-centralus-001’ \
  • ?
  • –resource-group ‘virtualNetworks-rg’ \
  • ?
  • –location ‘centralus’ \
  • ?
  • –address-prefixes 192.168.0.0/16 \
  • ?
  • –subnet-name ‘subnet1’ \
  • ?
  • –subnet-prefixes 192.168.10.0/24
  • To add more subnets to the virtual network, use the az network vnet subnet create command, specifying:
  • Address prefix (192.168.20.0/24)
  • Subnet name (subnet2)
  • Resource group (virtualNetworks-rg)
  • VNet name (vnet-centralus-001)
  • az network vnet subnet create \
  • ?
  • –address-prefixes 192.168.20.0/24 \
  • ?
  • –name ‘subnet2’ \
  • ?
  • –resource-group ‘virtualNetworks-rg’ \
  • ?
  • –vnet-name ‘vnet-centralus-001’

More AZURE Virtual Network Information

Since you have made your first AZURE Virtual Networks, here is an extra AZURE systems administration data to consider. Azure Virtual Networks give further developed abilities outside the center systems administration.

Pricing

In contrast to a virtual machine or other AZURE assets, making virtual organizations is for nothing. Creating a virtual organization doesn’t cause costs for the acquisition. You can make up to 50 virtual organizations for every membership. If you make a looking association between changed virtual organizations,  AZURE charges for the inbound and outbound information moves.

Protecting Resources

AZURE additionally gives a few abilities to safeguard your organization’s assets. One is AZURE Firewall, which is a cloud-based network security administration. Azure Firewall protects assets by implementing application and organization availability arrangements. In addition, Azure Firewall has inherent high accessibility and unhindered cloud versatility.

Azure likewise incorporates essential circulated refusal of administration (DDoS) assault security at no extra expense. In addition, the virtual assistance gave traffic checking and programmed assault alleviation. Similarly, you can increase standard security, including quick reaction support, alleviation strategies, and measurements and cautions.

True PPE

Browse Your Favorite

Workspace
Purpose & Meaning
Productivity
Life Lessons
Confidence
Gear

Meetup 2019, San Francisco

Related Articles

WHAT IS AZURE STORAGE EXPLORER AND HOW TO USE IT?

WHAT IS AZURE STORAGE EXPLORER AND HOW TO USE IT?

Azure Storage Explorer is a free Microsoft utility that runs on Windows, Mac, and Linux and provides a graphical environment for browsing and performing activities on Azure Storage accounts. Unlike most other Azure storage...

AZURE PORTAL: ALL YOU NEED TO KNOW

AZURE PORTAL: ALL YOU NEED TO KNOW

In comparison to actual equipment and administrations, Microsoft Azure is one of Microsoft's many cloud-based solutions. Due to their outstanding remarkable measures to develop breakthroughs in the near future, it has the second...

TOP MICROSOFT AZURE PARTNERS

TOP MICROSOFT AZURE PARTNERS

The below table shows us the list of the Top 14 Microsoft Azure Partners. TOP  MICROSOFT AZURE PARTNERS COMPANYSERVICESHEADQUARTERSOutlookMicrosoft 365, IaaS, Dynamics 365, Secure Email Services, Employee Self Service...