Virtual Networks

 What are Azure Virtual Networks?

Azure Virtual Network is your private network within Azure. Azure Virtual Network is commonly abbreviated as “vnet.” Like on-premises servers, Azure virtual machines need networking for communication to other resources, like other virtual machines or storage accounts.

While you define VNets in the Azure cloud, VNets can also communicate with the Internet and on-premises resources. By default, all VNet resources can communicate outbound to the Internet. To allow inbound communication from the Internet, you can create rules to allow Internet traffic or add a public IP or Load Balancer.

You can create a point-to-site VPN, where your individual computer can connect to the network. If you need to configure a connection to your on-premises network, you can deploy a site-to-site VPN solution, and the Azure VNet becomes an extension of your on-premises datacenter. If you require a more private connection to the Azure cloud, consider implementing ExpressRoute so your traffic does not traverse the Internet.

Elements of Azure Virtual Networks

Azure VNets provide multiple services and functionalities for connecting Azure resources. Microsoft designs these services so organizations have all the tools to meet their cloud deployment requirements. The following sections describe some of the key concepts for deploying Azure Virtual Networks.

Address Space

When you create a VNet, you first need to specify a private IP address space in the RFC 1918 range. This IP address space contains familiar IP addresses, such as 10.0.0.0, 192.168.0.0, and 172.16.0.0. A virtual network contains one or more of these address ranges where you create additional subnets.

Azure Virtual Network address spaces cannot overlap with each other. Azure will display a warning message if you try to create a virtual network using an existing address space. You can continue past this warning if you do not plan to peer the two virtual networks. As a best practice, you should not use overlapping network spaces with your on-premises data center if you intended on creating a hybrid network.

Subnets

Subnets are smaller segmentations of the virtual network. Subnetting allows you to allocate a smaller portion of the VNet’s address space to specific resources. Subnets improve IP address allocation by defining fewer IP addresses in the virtual network’s usable space.

Network Security Groups

Within a virtual network, Network Security Groups (NSG) protect each subnet. You use NSGs to filter traffic in and out of a virtual network. For each rule, you define the source and destination, port, and protocol to identify the traffic. An NSG contains default security rules that automatically secure resources by blocking Internet traffic but allowing traffic from other virtual networks.

Routing and Peering

Azure automatically creates routes between subnets, virtual networks, on-premises networks, and the Internet. However, you can implement route tables to control where Azure routes traffic for each subnet. For example, you can deploy a hub-and-spoke network and force all subnet traffic to go to a central hub first.

You can also use your on-premises BGP routes to your Azure virtual networks. You use these when you connect your on-premises data center to the Azure cloud through an Azure VPN Gateway or ExpressRoute connection.

While Azure automatically connects subnets in the same virtual network together, routing between different virtual networks requires network peering. Virtual network peering connects multiple VNets together, and the virtual networks appear as one for connectivity purposes. The traffic between the virtual networks traverses the Microsoft backbone infrastructure, not the Internet.

How to Create Azure Virtual Networks

Microsoft provides multiple ways to create Azure Virtual Networks. This tutorial covers three ways:

• Using the Azure Portal
• Using Azure PowerShell
• Using the Azure CLI

This tutorial uses a resource group named virtualNetworks-rg to host each virtual network. You will create each virtual network in a different region. To follow along with this tutorial, you will need:

• An Azure subscription with sufficient permissions to create resources, such as Owner or Contributor
• Install the Azure Az PowerShell module and connect to your tenant using the Connect-AzAccount command
• Install the Azure CLI and connect to your tenant using the az login command

Azure Portal

To create an Azure Virtual Network using the Azure Portal:

1. Navigate and sign in to the Azure portal.
2. Select Create a resource on the Azure Portal homepage.
3. On the Create a resource page, search the marketplace for virtual network and select it from the results.
4. On the Virtual Network page, select Create.
5. On the Create virtual network page, configure the information in the Basics tab.

• Subscription: select the subscription to bill the resource against
• Resource group: create a new resource group or choose an existing one
• Name: enter vnet-westus-001
• Region: select the West US region

1. Select Next: IP Addresses button at the bottom of the page.
2. In the IPv4 address space section, Azure has pre-populated the address space 10.1.0.0/16. Select this existing address space and change it to 10.100.0.0/16.
3. If you want to add subnets now, select + Add subnet, then enter the subnet name snet-subnet1 and an address range of 10.50.25.0/24.

 

 

1. Review the address space and subnets, then select Review + create, then Create after the portal validates the configuration.

Azure PowerShell

To create a virtual network and subnets using Azure PowerShell:

1. Create a virtual network using the New-AzVirtualNetwork command, specifying:

• The virtual network name (vnet-eastus-001)
• Resource group (virtualNetworks-rg)
• Location (eastus)
• Address prefix (172.16.0.0/16).

Save the new virtual network to a variable named $vnet.

1. $vnet = New-AzVirtualNetwork `
3. -Name 'vnet-eastus-001' `
5. -AddressPrefix 172.16.0.0/16 `
7. -Location eastus `
9. -ResourceGroupName 'virtualNetworks-rg'

2. Create a subnet for the new virtual network using the Add-AzVirtualNetworkSubnetConfig. You will need to specify:

• Subnet name (subnet1)
• Subnet address prefix (172.16.20.0/24)
• The virtual network using the $vnet variable

Save the new subnet to a variable named $subnet1.

1. $subnet1 = Add-AzVirtualNetworkSubnetConfig `
3. -Name 'subnet1' `
5. -AddressPrefix 172.16.20.0/24 `
7. -VirtualNetwork $vnet

3. Associate the new subnet to the virtual network by piping the $subnet1 variable to the Set-AzVirtualNetwork command. PowerShell will output the updated network object with the subnet information.

1. $subnet1 | Set-AzVirtualNetwork

If you want to create a virtual network and subnets simultaneously, you need to create the subnet object first. When you create the virtual network, you specify the subnet objects.

1. Create a new subnet configuration using the New-AzVirtualNetworkSubnetConfig specifying:

• The subnet name (subnet1)
• The address prefix (172.16.20.0/24)

1. $subnet1 = New-AzVirtualNetworkSubnetConfig `
3. -Name 'subnet1' `
5. -AddressPrefix 172.16.20.0/24

2. Repeat step 1 with a new variable name, subnet name, and address prefix for each subnet to add to the virtual network.
3. Use the New-AzVirtualNetwork command to create a virtual network. Use the -Subnet parameter to specify each saved subnet variable separate by commas. This example uses three subnets.

1. $vnet = New-AzVirtualNetwork `
3. -Name 'vnet-eastus-001' `
5. -ResourceGroupName 'virtualNetworks-rg' `
7. -Location 'eastus' `
9. -AddressPrefix 172.16.0.0/16 `
11. -Subnet $subnet1,$subnet2,$subnet3

Azure CLI

To create a virtual network and subnets using the Azure CLI:

1. Use the az network vnet create command and specify the virtual network properties, including one subnet:

• Name (vnet-centralus-001)
• Resource group (virtualNetworks-rg)
• Location (centralus)
• Address prefix (192.168.0.0/16)
• Subnet name (subnet1)
• Subnet address prefix (192.168.10.0/24)

1. az network vnet create \
3. --name 'vnet-centralus-001' \
5. --resource-group 'virtualNetworks-rg' \
7. --location 'centralus' \
9. --address-prefixes 192.168.0.0/16 \
11. --subnet-name 'subnet1' \
13. --subnet-prefixes 192.168.10.0/24

2. To add more subnets to the virtual network, use the az network vnet subnet create command, specifying:

• Address prefix (192.168.20.0/24)
• Subnet name (subnet2)
• Resource group (virtualNetworks-rg)
• VNet name (vnet-centralus-001)

1. az network vnet subnet create \
3. --address-prefixes 192.168.20.0/24 \
5. --name 'subnet2' \
7. --resource-group 'virtualNetworks-rg' \
9. --vnet-name 'vnet-centralus-001'

More Azure Virtual Network Information

Now that you have created your first Azure Virtual Networks, here is some additional Azure networking information to consider. Azure Virtual Networks provide many more advanced capabilities outside the core networking services.

Pricing

Unlike a virtual machine or other Azure resources, creating virtual networks is free of charge. Creating a virtual network does not incur costs for the resource, and you can create up to 50 virtual networks per subscription. However, if you create a peering connection between different virtual networks, Azure charges for the inbound and outbound data transfers.

For example, peering between two virtual networks in the East US region charges $0.01 per GB for inbound and outbound data transfers. Creating a peering connection between networks in different regions incurs an extra charge. You can view more pricing information for your specific regions here on the virtual network pricing page.

Protecting Resources

Azure also provides several capabilities for protecting your network resources. One is Azure Firewall, which is a cloud-based network security service. Azure Firewall protects resources by enforcing application and network connectivity policies. Azure Firewall has built-in high availability and unrestricted cloud scalability.

In addition to the Azure Firewall, the Azure Web Application Firewall (WAF) is purposefully built for protecting web applications. WAF protects against common exploits and vulnerabilities found in web applications, including those in the OWASP Top Ten list.

Azure also includes basic distributed denial-of-service (DDoS) attack protection at no additional cost. The basic service provides traffic monitoring and automatic attack mitigation. You can also scale up to standard protection, including rapid response support, mitigation policies, and metrics and alerts.

Azure Virtual Network FAQs

What is a virtual network in Azure?

An Azure Virtual Network is a private IP address space for you to deploy resources to, like virtual machines. It uses IP ranges in the RFC 1918 range.

What is the difference between a VNet and a subnet?

A virtual network (vnet) encompasses a larger IP address space, like 10.10.0.0/16. A subnet represents a smaller subset of that IP address range, like 10.10.5.0/24. Subnets allow for separating resources on the network into logical groupings, like a group of Web or database servers.

How do I make an Azure Virtual Network?

You can make Azure Virtual Networks through the Azure portal, Azure PowerShell, or Azure CLI. Many infrastructure as code languages can make virtual networks, such as ARM templates, Ansible, Terraform, and Azure Bicep.

How much do Azure Virtual Networks cost?

Creating Azure Virtual Networks is free. However, if you peer virtual networks, you are charged based on traffic ingressing and egressing the network. Additional options, like virtual network gateways and firewalls, incur an additional charge.

Closing

Now that you’ve created your first Azure Virtual Network, you should start planning on securing and protecting resources placed in the networks. Whether everything is cloud-only or a hybrid approach with an on-premises data center, the same networking concepts still apply. You need to determine and secure which resources can access other resources and protect against outside threats.

Azure Service Bus Topic

 Azure Service Bus Topic follows the ‘publish and subscribe‘ model. The topic is almost similar to the queue, but it has an independent subscription associated with it. Service Bus Topic ensures a one-to-many form of communication. When messages processes in the Topic, they get copied to each independent subscription. A subscription helps set the filter rules for receiving a message from the topic.

Topic Benefits

Apart from all the benefits offered by the queue, Topic ensures competing consumer, Load Balancing, and Loose Coupling.

Steps to create Azure Service Bus

Prerequisites: You will be required with the Azure Services subscription plan. You can also create a free account valid for one month.

Step 1) Log in to Azure Portal.🚀

Step 2) On the top left corner of the Page, you will see the ‘Create a Resource‘ option, select it and then select ‘Integration‘ to take you to the ‘Service Bus‘ option.

Step 3) To commence the Azure Service Bus facilities, create a unique namespace. The namespace acts as a container to communicate with Service Bus in an application.

A dialogue box will appear with the name ‘Create Namespace’ where you will specify the name of the namespace, Subscription, Resource group, Location, and Pricing Tier.

After filling in all the details, click on the ‘Create’ button.

The different types of pricing tier offered are shown in the image below. You have to keep in mind that you won’t be able to create a Topic with the Basic tier. A Standard/ Premium tier is mandatory to proceed further for Topics.

Step 4) After clicking on the ‘Create‘ button in the above step, deployment gets initiated. It takes several minutes to deploy the resource. Click on ‘Go to Resource‘ to proceed for Service Bus creation.

Step 5) The successful deployment of the service bus namespace can be verified when the following homepage appears. Azure Service Bus provides two entities: Queue and Topic (refer to the image below).

Here we will create both entities, i.e. Queue and Topic.

First, we will “Create a Queue.”

Step 6) From the created Service Bus Namespace (k21ServiceBus, in this case) page, select ‘Queue’ from the navigational menu, then select ‘+ Queue‘ to create the queue.

Step 7) On the Create Queue page, specify the queue’s name, check for the green right tick mark, then click on ‘Create’. The default values get filled automatically.

Step 8) Under the Queue page, we will see the created queue.

Now, we will look at how to create a Topic.

Step 9) From the created Service Bus Namespace (k21ServiceBus, in this case) page, select ‘Topics’ from the navigational menu, select ‘+ Topic’ to create the topic.

Step 10) On the Create Topic page, specify the topic’s name, then click on ‘Create‘. The default values get filled automatically.

Step 11) Under the Topics page, we will see the created topic.

Step 12) Topic includes the additional step of creating a subscription. The subscription option come under the page named Service Bus Topic. (1) – Select the ‘Subscription’ from the navigation menu, and click on (2) ‘+Subscription’.

Step 13) The ‘Create subscription‘ page will appear, specify the details and click on ‘Create’, the subscription will be created.

Step 14) Connection Strings are required to connect and provide information to the application to communicate with the Azure Storage Account.

To get connection String for Service Bus namespace. Under the ‘All resource’, click on the namespace you created. Select Shared access policies. Select RootManageSharedAccessKey.

Step 15) Under the RootManageSharedAccessKey page, you will see the primary and secondary key with the primary and secondary connection string. Copy the key and string for later use.

Azure Service Bus Queue

 Service Queue works on First In, First Out (FIFO) model. The communication between the application occurs via a broker, i.e. Queue. The message sender sends the message to this intermediary (queue), then these messages are then pulled from the queue by the Message Receiver. Message sender doesn’t wait for the confirmation from the receiver; it keeps on processing messages as the queue delivers the message to the receiver in the same order as added to the Queue.

Queue helps when one needs to communicate between web app and Azure application. Further, on-premise cloud and hybrid solution’s hosted apps can make a connection with each other. In addition to that, distributed application’s components can communicate with various organisation.

Queue Benefits

Queue helps in achieving the application scalability and ensure resilience to the application architecture. The load-levelling feature helps the receiver and the sender convey messages at different rates. Application components decoupling is achieved with the queue, which means the sender and the receiver need not communicate simultaneously.

Overview of Azure

 Azure is the name of the cloud computing service owned by Microsoft that provides Infrastructure as a Service (IaaS), Platform as a Service (Paas) and Software as a Service (SaaS). Azure’s cloud computing services are network, storage, compute, database, analytics, security, and many more. In this blog, we will only focus on the basics of network services.

What Is Azure Virtual Network?

An Azure Virtual Network (VNet) may be a network or environment which will be wont to run VMs and applications within the cloud.
When it’s created, the services and Virtual Machines within the Azure network interact securely with one another.

Advantages of Using Azure Virtual Network

Some of the foremost advantages of using Microsoft Azure VNet are as follows:

• It provides an isolated environment for your applications
• A subnet in a very VNet can access the general public internet by default
• We can easily direct traffic from resources
• It is a highly secure network
• It has high network connectivity
• It builds sophisticated network topologies in a very simple manner

Moving on, let’s have a glance at the components of Azure VNet.

Elements of Azure Virtual Network

Azure networking components provide a large range of functionalities that may help companies build efficient cloud applications that meet their requirements.

The components of Azure Networking are listed below, and we have explained each of those components in an exceedingly detailed manner:

1. Subnets
2. Routing
3. Network Security Groups

Subnets

Subnets let users segment the virtual network into one or more sub-networks.
These sub-networks may be separated logically, and every subnet consists of a server.
We can further divide a subnet into two types:

1. Private – Instances can access the web with NAT (Network Address Translation) gateway that’s present within the public subnet.
2. Public – Instances can directly access the net.

Routing

• It delivers the information by choosing an appropriate path from source to destination.
• For each subnet, the virtual network automatically routes traffic and creates a routing table.

Network Security Groups

• It is a firewall that protects the virtual machine by limiting network traffic.
• It restricts inbound and outbound network traffic depending upon the destination IP addresses, port, and protocol.

How to Launch an Instance using Azure VNet?

• First, create a virtual network within the Azure cloud
• Next, create subnets into each virtual network
• Now, assign each subnet with the respective instance or Virtual Machine
• After which you’ll connect the instance to a relevant Network Security Group
• Finally, configure the properties within the network security and set policies
• As a result, you’ll be able to launch your instance on Azure

Moving forward, we’ll see an indication on creating an Azure virtual machine and virtual network step-by-step.

Demo: Step-By-Step Demo of Creating Azure Virtual Machine and Virtual Network

Step 1 − First, log into your Azure Management Portal, select ‘New’ at the underside left corner.

Step 2 − Next, on the Network Services visit Virtual Network -> Quick create.

Step 3 – Now, enter the name and leave all other fields empty and click on ‘next’.

Step 4 − Finally, click on ‘Create a Virtual Network,’ and it’s done.

Note: Now, within the same VNet, create a Virtual machine

Step 5 – First, select ‘create’ to create a replacement Virtual Machine with Windows Server 2012 R2 Datacenter.

Step 6 – Once the fields are entered, select the present resource group that you just had created for the virtual network and choose OK.

Step 7 – Now, choose a desired size and configuration by selecting DS1_V2 Standard type
Note: By default, we might choose a Virtual Network.

Step 8 – Now select the subnet as FrontEndSubnet and don’t change the general public IP address. Also, keep the Network Security Group as none.

Step 9 – Create a brand new availability set and set a replacement name thereto.

Next, set the fault domains as 2 and so disable the Guest OS Diagnosis section.

Step 10 – Finally, click and choose ‘create’.

Congratulations, you’ve got successfully created a VM.

This is all the fundamental information you wish to grasp about Microsoft Azure Virtual Network.

Create an Azure Front Door

 In this guide, Azure Front Door pools two instances of a web application that run in different Azure regions. You create a Front Door configuration based on equal-weighted and same priority backends. This configuration directs traffic to the nearest site that runs the application.

Azure Front Door continuously monitors the web application. The service provides automatic failover to the next available site when the nearest site is unavailable.

Create an Application Gateway

 In this guide, you will use the Azure portal to create an application gateway. Then you test it to make sure it works correctly. The application gateway directs application web traffic to specific resources in a backend pool. You assign listeners to ports, create rules, and add resources to a backend pool.

Protecting Hyper-V VMs by using Azure Site Recovery

 In this guide, you will learn how to set up disaster recovery of on-premises Hyper-V VMs to Azure, Select your replication source and target, Enable replication for a VM. The Azure Site Recovery service contributes to your disaster-recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines and Azure virtual machines (VMs).