Updated: May 4, 2022
What is a Virtual Network
Virtual Networks are networks built in cloud environment. They are similar to traditional networks in an on premise environment but with additional advantages offered by cloud such as flexibility, scalability, availability.
Azure Virtual Networks allow you to securely connect with Azure cloud resources such as Azure Virtual Machine (VM), the internet as well as on premise resources.
Azure Virtual Network
Azure Virtual Network (VNet) is the Virtual network on Microsoft Azure cloud environment. With Azure Virtual Network you can build your own private network in Azure. This private network is secured and contains its own range of private IP addresses.
Using Azure VNet one can integrate various Azure Virtual Machines (VM) on cloud to connect and securely communicate with each other. You can also integrate the internet, and on-premises networks in to VNet (called Hybrid network).
What are the key benefits of Azure Virtual Network
Flexibility - Virtual Networks can be set up and configured easily and in short time. Also it can be deleted, re-confgured easily without any hassles. Thus making it truly flexible.
Scalability – Virtual Networks leverage the benefits of cloud infrastructure, hence they can be easily scaled up or down as and when needed and in shortest time - depending upon the business needs. There is no capital expenditure involved in scaling up and user only has to pay for the resources being used.
Availability – Virtual Networks over Azure cloud get the benefits of highly available architecture of Azure cloud. Azure cloud has a strong presence all geographical regions and has built-in redundancy for disaster recovery. Thus making it highly available.
What are the ways to use Azure Virtual Network:
There are multiple ways in which you can configure and use an Azure Virtual Network. These configurations differ on the basis of what (resources) is included within the VNet and how it connects to resources outside the VNet.
A) Internally over Azure Cloud:
Using all required Azure Resources included in a single Azure Virtual Network:
In its basic form, one can integrate various Azure resources such as Azure Virtual Machines (VMs), Azure App Services in to one Azure Virtual Network.
In such case, all the integrated Azure resources communicate privately with each other over Virtual Net, using Private IP addresses.
Using Service Endpoint to extend to other Azure Resources:
You can extend the Azure virtual network to other Azure resources through use of Service End points. Using service end point the Azure virtual network Private IP addresses can communicate with other Azure resources such as Azure Storage services through Service End points. This provides security to Azure Virtual network because of Service end points at the same time you can extend the network securely to other resources.
Because of Service end points, the network traffic is not routed through internet hence it avoids security risks (such as Denial of Service attacks). Also the outbound network traffic from VNet is only allowed for specified resources, thus restricting it further.
Using VNet Peering:
VNet Peering allows two or more Azure Virtual Networks to connect to each other.
Azure Virtual Machines in multiple VNets commmunicate with each other using Microsoft Azure’s backbone infrastructure.Thus, the network traffic is routed through private network.
VNet Peering can be done for connecting Azure VNets located in:
a) Same Azure region
b) Multiple Azure regions
VNet Peering is quite usefu in multiple ways because it offers:
a) Ways to connect Virtual networks in multiple regions with each othe. This is especially useful in case of multi-national enterprises that have regional networks and there is a need to share data privately, securely over network across these Azure regions.
b) The network traffic is high speed, low latency and highly secured since it utilizes network backbone infrastructure of Microsoft Azure and not routed through the internet.
c) VNet peering offers a way to exchange data across multiple Azure subscriptions in multiple Azure regions and multiple Active Directory tenants. This is a quite powerful feature of Azure VNet peering.
B) Ways to connect VNet to On premise resources:
Point to site Virtual Private Network (VPN):
This type of Virtual network is established between a virtual network and a single computer in your on premise network.
This type of connection is useful when you have only a couple of users/ developers who want to connect remotely using VPN to Azure VNet. This type of connection requires little or no changes to your existing network. The communication between your computer and a virtual network is through an encrypted tunnel over the internet.
This type of connection is established between your on-premises VPN device and an Azure VPN Gateway that is deployed in a virtual network.
This type of connection enables any on-premises resource within a network to access a virtual network. The communication between your on-premises VPN device and an Azure VPN gateway is sent through an encrypted tunnel over the internet.
Azure Express Route Connection:
ExpressRoute connections are private network connections and don't route over the public internet. Express route connections are faster and more reliable. They offer high speed networks with very low latencies than typical internet connections. These type of connections are typically used in enterprise applications to transfer data between on-premises systems and Azure VNets.
Address Spaces in VNet:
Each Azure resource in a VNet is assigned a private IP address. The address space range for this is 10.0.0.0/16. Hence as an example, a Virtual Machine in Azure VNet can have a private IP address like: 10.0.0.4
Subnets in VNet:
Subnets are like sub-networks within an Azure Virtual Network. They allocate a portion of Azure virtual network’s address space to each subnet. A resource can be part of one Subnet.