Microsoft Azure Virtual Network (VNet) is a fundamental building block of Azure cloud services, enabling secure communication between Azure resources, on-premises networks, and the internet. A VNet allows users to define a private, isolated network within Azure, providing flexibility in resource deployment and management.

In this article, we will explore the core concepts of Azure VNets, guide you through the configuration process, discuss best practices, and highlight management strategies to ensure optimal network performance and security.

Understanding Azure Virtual Network (VNet)

What is a Virtual Network?

A Virtual Network (VNet) in Azure is a logically isolated segment of the Azure cloud where you can securely connect Azure resources, such as virtual machines (VMs), web applications, and databases. VNets are similar to traditional networks that you might operate in your own data center but with the benefits of Azure's scalability, availability, and management features.

Key Features of Azure VNets

• Isolation and Segmentation: VNets provide a private address space, allowing you to isolate and segment resources within Azure.
• Communication: Resources within the same VNet can communicate with each other privately using private IP addresses. You can also configure communication between VNets, on-premises networks, and the Internet.
• Integration: VNets can be integrated with Azure services like Azure Load Balancer, Azure VPN Gateway, and Azure ExpressRoute.
• Security: VNets support security features such as Network Security Groups (NSGs), which allow you to control inbound and outbound traffic.

 VNet Address Space

When creating a VNet, you must define an IP address range for the VNet using CIDR (Classless Inter-Domain Routing) notation. For example, you might use an address space of 10.0.0.0/16, allowing for up to 65,536 addresses.

Configuring an Azure Virtual Network

Prerequisites

Before configuring a VNet, ensure that you have:

• An active Azure subscription.
• The necessary permissions to create and manage VNets.

Step-by-Step Guide to Creating a VNet

Follow these steps to create a VNet in the Azure portal:

Access the Azure Portal

Log in with your Azure account credentials.

Create a Virtual Network

1. In the Azure portal, click on Create a resource.
2. Search for Virtual Network and select it from the results.
3. Click on the Create button.

Configure the VNet Settings

In the Create Virtual Network page, configure the following settings:

• Basics:

  • Subscription: Select the appropriate subscription.
  • Resource Group: Create a new resource group or select an existing one.
  • Region: Choose the Azure region where the VNet will be created.

• IP Addresses:

  • IPv4 Address space: Enter the CIDR notation for the VNet's address space (e.g., 10.0.0.0/16).
  • Subnet: Click on + Add subnet to define subnets within the VNet. Specify the subnet name and CIDR range (e.g., 10.0.0.0/24 for a subnet).

• Security:

  • DDoS Protection: Enable DDoS protection if needed.
  • Firewall: Optionally configure Azure Firewall for advanced security.

Review and Create

1. Review your configurations and click Create.
2. Wait for the deployment to complete, and then click Go to the resource.

Adding Subnets to Your VNet

Once your VNet is created, you can add additional subnets:

1. In the VNet overview page, click on Subnets.
2. Click on + Subnet to create a new subnet.
3. Provide a name and CIDR range, ensuring it does not overlap with existing subnets.
4. Click OK to save.

Configuring Network Security Groups (NSGs)

 What are Network Security Groups?

Network Security Groups (NSGs) are used to control inbound and outbound traffic to and from Azure resources within a VNet. NSGs contain rules that allow or deny traffic based on various parameters, such as source and destination IP address, port, and protocol.

Creating and Configuring NSGs

Create an NSG

1. In the Azure portal, click on Create a resource.
2. Search for Network Security Group and select it.
3. Click Create and fill in the required details (name, resource group, and region).

 Define Inbound and Outbound Rules

1. Go to the NSG overview page and click on Inbound security rules or Outbound security rules.

2. Click + Add to create a new rule.

3. Configure the rule by specifying:

   • Source: IP address or CIDR range.
   • Source port range: Specific ports or ranges.
   • Destination: IP address or CIDR range.
   • Destination port range: Specific ports or ranges.
   • Protocol: TCP, UDP, or Any.
   • Action: Allow or Deny.
   • Priority: A number that determines the order of rule evaluation (lower numbers have higher priority).
   • Name: A descriptive name for the rule.

4. Click Add to save the rule.

Configuring Virtual Network Peering

What is VNet Peering?

VNet Peering allows you to connect two VNets, enabling resources in both VNets to communicate with each other as if they are within the same network. Peered VNets can be in the same region or across different regions.

Setting Up VNet Peering

Create a Peering Connection

1. In the Azure portal, navigate to one of the VNets you want to peer.

2. Click on Peerings and then + Add to create a new peering.

3. Configure the peering settings:

   • Name: Enter a name for the peering connection.
   • Subscription: Choose the subscription for the peered VNet.
   • Virtual Network: Select the target VNet you want to peer with.
   • Traffic Forwarding: Choose whether to allow traffic to flow between the two VNets.

4. Click OK to create the peering connection.

Configure Peering on the Other VNet

Repeat the process on the other VNet to complete the peering configuration.

Configuring VPN Gateway for Site-to-Site Connectivity

What is a VPN Gateway?

A VPN Gateway allows you to establish secure site-to-site connections between your on-premises network and your Azure VNet. This is useful for organizations that want to extend their on-premises infrastructure into the cloud.

Setting Up a VPN Gateway

Create a Virtual Network Gateway

1. In the Azure portal, click on Create a resource.

2. Search for Virtual Network Gateway and select it.

3. Click Create and fill in the required details:

   • Name: Enter a name for the gateway.
   • Region: Choose the same region as your VNet.
   • Gateway Type: Select VPN.
   • VPN Type: Choose Route-based or Policy-based based on your requirements.
   • Virtual Network: Select the VNet you want to associate with the gateway.

4. Click Review + Create and then Create to provision the gateway.

Configure Local Network Gateway

1. After the VPN Gateway is created, navigate to Local Network Gateways.

2. Click on + Add to create a new local network gateway.

3. Fill in the details, including:

   • Name: Enter a name for the local network gateway.
   • IP Address: Provide the public IP address of your on-premises VPN device.
   • Address Space: Specify the address range of your on-premises network.

4. Click Create to save the local network gateway.

 Configure the VPN Connection

1. Navigate back to the VPN Gateway and click on Connections.

2. Click + Add to create a new connection.

3. Fill in the details:

   • Name: Enter a name for the connection.
   • Connection type: Choose Site-to-site (IPSec).
   • Local network gateway: Select the local network gateway created earlier.

4. Configure the shared key, which will be used for authentication.

5. Click OK to create the connection.