Virtual Network aka VNet is a simplified version of the internet. This allows to provision and manages different virtual private networks (VPN) to make an isolated and highly secured network. It also allows configuring to link different VNets. This can resemble as a set of connected systems and servers which can communicate between each other but it cannot be accessed via the internet. The resources like virtual machines inside a virtual network can only respond to requests that initiate from that virtual network. A Special VPN key is required to access the VMs or web applications which are deployed in virtual private networks.
What is Azure Virtual Network
Azure Virtual Network is a cloud service offering from Microsoft which is a representation of a virtual network in the cloud. In general, Azure Virtual Networks are used to secure development and deployment environments with any kind of network attacks and data leaks. Virtual machines, web apps, database, load balancer etc. should always be kept inside the Virtual network. With Azure, it is very easy to create and configure highly secure private networks with the help of network security groups.
Azure Virtual Network Architecture
source https://docs.microsoft.com
The above is a typical architecture of a virtual Network for n-tier application architecture. The entire virtual network has been subdivided into different subnets based on workloads like web tier that contains the User interface, the Business tier that operates the business logic and data tier that hosts the data source. The idea to create and bind each group of Virtual machines into different subnet is useful in a way that we can assign one Network Security Group (NSG) to each subnet and can control the traffic flows between the tiers. For example, an HTTP request from the internet should not directly reach to data tier subnet. We can assign access policy to the Network Security Group of Subnet attached with data tier which only allows incoming requests from business tier subnet. Any other requests trying to reach data tier with any protocol other than business tier will be denied. Similarly, we can assign an access policy on NSG of business tier subnet that the incoming request source IP address should fall in the range of web tier subnet. Additionally, we can also control the traffic requests to the Active Directory by putting that in a separate Subnet inside a Virtual Network.
Before we go ahead and create a Virtual Network, there are a couple of terms to understand :
Resource Group
A Resource Group is a logical container for all related resources. Generally, all the Azure resources created for a particular environment like test environment can be put in a single resource group and assign access to users as per need. For any application architecture all resources (like VMs, VNets, IP, App Service, Azure Functions etc.) which combine make a complete system need to be replicated for each environment like Dev, Test, UAT, Pre-Prod, and Prod. So, we can have different resource group for each environment and create all required resources within the corresponding resource group. Then, we can provide access to the test team to the test resource group only and dev team to the dev resource group only.
Public IP
Resources like websites, API apps, Load balancers, Application gateways will require a public IP address in order to receive requests from the internet and that is achieved by a public IP address. We can also have a public IP address for the Virtual Machines but it is not recommended as it can allow malicious attacks. Subnet: A subnetwork or simply subnet is a range of IP addresses within a Virtual Network. It can be considered as all the machines in a particular project of an organization are having a separately identifiable IP addresses corresponding to a particular range. Now, we can assign a network security group to this range of IP addresses (Subnet) in order to allow some RDP connection to Project specific machines. Different tiers of an application architecture are also placed in different subnets to isolate them from each other.
Network Security Group
A network security group is a set of rules or policies for incoming and outgoing requests. A network security group is generally attached at the subnet level. The advantage of applying network security groups to Subnets is that we can control the data flow. This is important in terms of network security. With an NSG, we can define the IP range for the source of incoming requests.
Create a Virtual Network using the Azure Portal
Login to the Azure portal portal.azure.com and click on Create a resource.
On the Marketplace select Networking tab and click on Virtual network as shown below.
In the Create VNet screen, provide a name to the virtual network and an address space. Choose subscription, resource group and location.
Additionally, also provide a subnet name and address space which should fall within the range of address space of virtual network and click on Create button.
From the top right corner notification tab, click on Go to resource button.
Let’s create a network security group. Click on Create a resource and select Networking tab and click on Network Security group.
Provide name, subscription, resource group and location.
Click on create button.
Go back to the virtual network and click on subnets.
Select the subnet and open its details.
We can attach the network security group to the subnet and save.
Go to the network security group and click on Inbound security rules.
We can add/ delete more security rules to enhance network security.
Creating a Virtual Network using PowerShell
Launch cloud shell from the top on the portal.
Alternatively, open PowerShell command prompt locally on the system. Check for the latest version of AzureRM module. To continue, the version should be 5.4.1 or later. Run the below command to check for version
Get-Module -ListAvailable AzureRM
Login to Azure with the following command :
Connect-AzureRmAccount
Create a resource group by running the following command :
New-AzureRmResourceGroup -Name DNTResourceGroup -Location EastUS
Create a Virtual Network in the same location where resource group is and attach the Vnet with the resource group
$virtualNetwork = New-AzureRmVirtualNetwork ` -ResourceGroupName DNTResourceGroup ` -Location EastUS ` -Name DNTVirtualNetwork ` -AddressPrefix 10.10.0.0/16
Create a subnet within the virtual network
$subnetConfig = Add-AzureRmVirtualNetworkSubnetConfig ` -Name default ` -AddressPrefix 10.10.0.0/24 ` -VirtualNetwork $virtualNetwork
Now that our Virtual Network is ready, we can assign this virtual network to Virtual machines. Let’s create a VM with the following command :
New-AzureRmVm ` -ResourceGroupName " DNTResourceGroup " ` -Location "East US" ` -VirtualNetworkName "DNTVirtualNetwork" ` -SubnetName "default" ` -Name "DNTVm1" ` -AsJob
Get the IP address of VM with the help of following command
Get-AzureRmPublicIpAddress -Name DNTVm1 -ResourceGroupName DNTResourceGroup | Select IpAddress
Using the IP from the above command, run the below command to download the RDP file and use it to connect the VM.
mstsc /v:<publicIpAddress>
Summary
A virtual network is a network of IP addresses in a range connected together. It is an important aspect of consideration while designing solutions in the cloud. In order to secure each layer of application architecture inside a highly secured network, it is recommended to create different subnets for different tiers of an application and attach each subnet with a network security group with limited inbound and outbound security rules.
If you want to learn more about Azure cloud by implementing step-by-step Azure services you can choose an unlimited Azure online training program to enhance your skills by 10x to earn azure certification.
FAQs
An Azure Virtual Network (VNet) is a network or environment that can be used to run VMs and applications in the cloud. When it is created, the services and Virtual Machines within the Azure network interact securely with each other.
What is a virtual network and how does it work? ›
A virtual network is a network where all devices, servers, virtual machines, and data centers that are connected are done so through software and wireless technology. This allows the reach of the network to be expanded as far as it needs to for peak efficiency, in addition to numerous other benefits.
What is the purpose of Azure VPN? ›
Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE).
What is a virtual network explain in your own words? ›
A virtual network connects virtual machines and devices, no matter their location, using software. In a physical network, layer 2 and 3 functions of the OSI model happen within physical switches and routers.
Why do I need Azure virtual network? ›
Why use an Azure Virtual network? Azure virtual network enables Azure resources to securely communicate with each other, the internet, and on-premises networks.
What is the difference between VPN and virtual network? ›
VPNs and VLANs are different technologies with some similarities. VPNs connect authorized users to corporate network resources, while VLANs connect geographically separate devices. The technology answers to most remote work and education requirements have one word in common: virtual.
What is the difference between virtual network and subnet? ›
Virtual network and subnets. A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one virtual network.
What are the benefits of the virtual cloud network? ›
Benefits of a virtual cloud network
- Faster performance. A VCN's connectivity can enable your network's devices and connections to perform faster. ...
- Improved flexibility. ...
- Greater ability to scale. ...
- Easy access. ...
- Heightened security. ...
- Protection against system failures. ...
- Greater control of network traffic. ...
- Reduced costs.
Here are some of the key advantages of a VPN for both home and professional use:
- Bypass Geo-locked Content. Many popular entertainment websites have different content accessible in specific regions. ...
- Provide Safety Through Anonymity. ...
- Save Money on Region-Based eCommerce. ...
- Cost-Effective Security. ...
- Gaming Pros.
You must have Administrator rights on the client computer from which you are connecting.
- On the client computer, go to VPN settings.
- Select the VPN that you created. ...
- Select Connect.
- In the Windows Azure Virtual Network box, select Connect. ...
- When your connection succeeds, you'll see a Connected notification.
Azure supports three types of Point-to-site VPN options:
- Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
- OpenVPN. ...
- IKEv2 VPN.
Virtual networks are classified into two broad types, external and internal. External virtual networks consist of several local networks that are administered by software as a single entity. The building blocks of classic external virtual networks are switch hardware and VLAN software technology.
What is another name for a virtual network? ›
Virtual private networks (VPNs) Virtual local area networks (VLANs) Virtual extensible local area networks (VXLANs)
How many types are there methods in virtual networking? ›
A network's hardware devices usually define the three common types of virtual networks.
Is Azure virtual network A VPN? ›
Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE).
Is VNet same as VPC? ›
In terms of which is better, it largely depends on use case. VNet seems more enterprise focused, whereas Amazon VPC is ideal for more customer-facing resources -- per AWS' use cases.
Is Azure virtual network IaaS or PAAS? ›
Azure offers a massive range of IaaS facilities depending on the needs of your business, from compute and networking to security and storage, including Container Service and Virtual Machines. Find out more about individual services here.
Is a VM better than a VPN? ›
Both VPN and virtual desktops can be secured, but virtual desktops present the least amount of risk to data as they secure data all the way through the endpoint and offer IT teams a faster, easier way to patch known vulnerabilities.
Is firewall a virtual network? ›
A virtual firewall, aka cloud firewall, is a network security solution designed specifically for environments in which deploying hardware firewalls is difficult or impossible, such as public and private cloud environments; software-defined networks, or SDN; and software-defined wide area networks, or SD-WAN.
What are the three types of virtual private networks? ›
VPNs can be divided into three main categories – remote access, intranet-based site-to-site, and extranet-based site-to-site. Individual users are most likely to encounter remote access VPNs, whereas big businesses often implement site-to-site VPNs for corporate purposes.
VNet concepts
For example, if you deploy a VM in a VNet with address space, 10.0. 0.0/16, the VM will be assigned a private IP like 10.0. 0.4. Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet.
Can a VNet have multiple address spaces? ›
Azure VNet is one of the most commonly used Microsoft Azure Networking services. Azure VNet is sort of like a LAN within which you can have address spaces that can be divided into multiple subnets.
What are the components of Azure virtual networks? ›
The following are the main components available in Azure Networks.
- Subnets. Subnets are a range of IP addresses within a network divided into multiple subnets for security in different organizational departments.
- IP Addresses. ...
- Azure Networking Options. ...
- Load Balancing. ...
- Routing Tables. ...
- VPN. ...
- Express Route. ...
- Exchange Provider.
Disadvantages
- Virtual machines are less efficient than real machines because they access hardware indirectly. ...
- Because a virtual machine can be spun up in minutes, server sprawl is something administrators need to mitigate through proper processes.
Benefits of Virtualization
- Reduced capital and operating costs.
- Minimized or eliminated downtime.
- Increased IT productivity, efficiency, agility and responsiveness.
- Faster provisioning of applications and resources.
The problem with these types of intricate, hardware-heavy systems is that in addition to being complex to begin with, they can be inflexible, costly to maintain and highly consumptive of power.
What are 5 advantages of virtualization? ›
Five benefits of virtualization
- Slash your IT expenses. ...
- Reduce downtime and enhance resiliency in disaster recovery situations. ...
- Increase efficiency and productivity. ...
- Control independence and DevOps. ...
- Move to be more green-friendly (organizational and environmental)
Benefits include affordable expertise (particularly with HR, finance, marketing), flexible support, and access to a full suite of services. Disadvantages include challenges with virtual teams can lie in communication, poor leadership/management and incompetent team members.
What is the disadvantage of VPN? ›
Some VPNs may slow your connection speed. You could be blocked from using certain services or websites, like Netflix. VPNs are illegal or tightly controlled in certain countries, such as China. There's no way to tell just how encrypted your data is when using a VPN.
What does a VPN not protect you from? ›
A VPN helps you stay invisible and behind the scenes, but it doesn't give you immunity against online risks like malware, ransomware, phishing attacks, or even computer viruses. That's where your antivirus software comes in.
Using a VPN at home is preferable, advised even, but it isn't always essential. The main reason it may not be necessary, is that your internet activity should already be shielded by your password-protected Wi-Fi network. The other concern is connecting to a remote server can slow your connection speed.
Can I connect to Azure VM with private IP? ›
IP-based connection lets you connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address.
What is Azure ExpressRoute vs VPN? ›
TL;DR: ExpressRoute provides direct connectivity to Azure cloud services and connects Microsoft's global network. All transferred data is not encrypted, and do not go over the public Internet. VPN Gateway provides secured connectivity to Azure cloud services over the public Internet.
Can I mine Bitcoin in Azure VM? ›
Crypto mining with Azure is restricted on certain subscriptions types, including the Azure Free Account and the Azure for Students account. However, on Pay-as-you-go subscription type it does not currently have any terms that prohibit cryptocurrency mining.
What are the 4 main types of VPN? ›
Types of Virtual Private Network (VPN) Protocols:
- Internet Protocol Security (IPSec): Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network. ...
- Layer 2 Tunneling Protocol (L2TP): ...
- Point–to–Point Tunneling Protocol (PPTP): ...
- SSL and TLS: ...
- OpenVPN: ...
- Secure Shell (SSH):
Guidance: Azure VPN supports standard IPsec/IKE protocols: UDP ports 500 and 4500. ESP protocol.
What protocol does Azure VPN use? ›
Secure Socket Tunneling Protocol (SSTP), a proprietary TLS-based VPN protocol. A TLS VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which TLS uses. SSTP is only supported on Windows devices.
What are the 3 most common types of networks? ›
LAN (Local Area Network) MAN (Metropolitan Area Network) WAN (Wide Area Network)
Is Azure virtual network free? ›
Virtual Network in Azure is free of charge. Every subscription can create up to 50 Virtual Networks across all regions. VNET Peering links two virtual networks – either in the same region or in different regions - and enables you to route traffic between them using private IP addresses (carry a nominal charge).
What is virtual network and subnet in Azure? ›
A VNET is the address space. It hosts subnet, where you will connect resources. Subnet segment the address space into multiple subnetworks. By default, an IP in a subnet can communicate with any other IP inside the VNET. Azure route traffic between subnets and outside the VNET.
To create an Azure Virtual Network using the Azure Portal:
- Navigate and sign in to the Azure portal.
- Select Create a resource on the Azure Portal homepage.
- On the Create a resource page, search the marketplace for virtual network and select it from the results.
- On the Virtual Network page, select Create.
When a virtual network is configured, a zone sends traffic to an external host in the same way as a system without a virtual network. Traffic flows from the zone, through the VNIC to the virtual switch, and then to the physical interface, which sends the data to the network.
What are the 3 virtualization techniques? ›
In order to do that, three basic virtualization techniques for embedded systems are considered: full virtualization, paravirtualization (as instances of hardware-level virtualization), and containers (as an instance of operating-system-level virtualization).
What are the 3 modes of virtual desktop? ›
The three most popular types of desktop virtualization are Virtual desktop infrastructure (VDI), Remote desktop services (RDS), and Desktop-as-a-Service (DaaS).
How do I connect to Azure virtual network? ›
Connect to your VNet
- On the client computer, go to VPN settings.
- Select the VPN that you created. ...
- Select Connect.
- In the Windows Azure Virtual Network box, select Connect. ...
- When your connection succeeds, you'll see a Connected notification.
Virtual machines created by Virtual machine scale sets Flexible Orchestration mode don't have default outbound access. Virtual network NAT is the recommended outbound access method for Virtual machine scale sets Flexible Orchestration Mode.
Can I use Azure as a VPN? ›
PRO TIP: No, you cannot use Azure as a VPN. Azure is a cloud computing service that provides compute, storage, and networking resources. It is not designed to provide VPN services. Azure also provides a secure connection to the corporate network, and the VPN service is affordable.
What is the features of an Azure virtual network? ›
Azure Virtual Network
Build an isolated, secure environment to run virtual machines (VMs) and applications. Optionally connect to on-premises datacentres for a hybrid infrastructure that you control. Bring your own IP addresses and DNS servers. Secure connections with an IPsec VPN or ExpressRoute.
Why do cloud environments need virtual networks? ›
VCNs help protect against system failures. Even if some physical devices or systems glitch, storing critical data in a virtual environment allows the company to access files and resources from other devices. In addition, most VCNs operate using two different servers.
Is Azure VNet a private cloud? ›
Customers looking to provision their resources in the cloud can choose from the different private networks offered by the various cloud providers. The two most deployed private networks are Virtual Network (VNet) and Virtual Private Cloud (VPC) from Microsoft and Amazon respectively.
A VNet is used to provide the VM with DHCP and Security Group services. A VM would be unable to obtain an IP address without it. In the same manner that a V1Vm could not be created without a cloud service, an Azure VM cannot be created without a vnet.
What are the advantages and disadvantages of a virtual network? ›
VPN Pros & Cons Summary
- VPN Advantages. VPNs allow users to hide their network information and safely browse the web no matter their location. ...
- VPN Disadvantages. Specific activities that require high bandwidth, such as gaming, might not be able to function using a VPN, but they are easily enabled and disabled.
Lower overhead costs.
If you run your company virtually, you don't have to worry about leasing office space, buying furniture, paying for utilities, etc. Even if you establish a main office with just a few employees, you won't need to lease nearly as much office space.
