Configure Networking for Azure Virtual Machines

A step-by-step guide to setting up and managing network resources for your Azure VMs.

Introduction

Networking is a fundamental aspect of deploying and managing virtual machines (VMs) in Azure. Properly configuring your network ensures your VMs can communicate with each other, with the internet, and with your on-premises resources. This tutorial will guide you through the essential steps of setting up networking for your Azure VMs.

Prerequisites

  • An Azure account with an active subscription. If you don't have one, you can sign up for a free trial.
  • Basic understanding of networking concepts (IP addresses, subnets, ports).
  • Access to the Azure portal.

Virtual Networks (VNets)

Azure Virtual Network (VNet) is the cloud equivalent of a traditional on-premises network. It provides a private IP address space for your Azure resources, allowing them to communicate securely and privately. VNets are the foundational building blocks for your Azure network.

Step 1: Create a Virtual Network

To create a VNet, navigate to the Azure portal, search for "Virtual networks," and click "Create."

  1. Select your Subscription and Resource Group.
  2. Provide a Region for your VNet.
  3. Enter a Name for your VNet (e.g., MyVNet).
  4. Click "Next: IP Addresses" to configure the address space.

Address Space

The address space defines the range of private IP addresses available to your VNet. It's crucial to choose an address space that doesn't overlap with your on-premises network if you plan to hybrid connectivity.

  • By default, Azure suggests 10.0.0.0/16. You can modify this.
  • Ensure the address space is large enough for your current and future needs.

Subnets

A subnet is a division of your VNet's IP address space. You need at least one subnet to deploy resources. Subnets allow you to segment your network for better organization and security.

  • Click "Add subnet."
  • Provide a Name (e.g., default-subnet).
  • Define the subnet address range (e.g., 10.0.1.0/24). This range must be within the VNet's address space.
  • Click "Add" and then "Review + create."

Tip

It's good practice to create multiple subnets for different purposes (e.g., web servers, database servers) to manage traffic flow and apply specific security rules.

Network Interfaces (NICs)

A Network Interface (NIC) connects an Azure VM to a virtual network. Each VM must have at least one NIC. A NIC is configured with an IP address, MAC address, and potentially other network settings.

Step 2: Create a Network Interface

When creating a VM, you'll be prompted to configure its network interface. You can also create a NIC separately.

  1. Navigate to "Network interfaces" in the Azure portal and click "Create."
  2. Select your Subscription, Resource Group, and Region.
  3. Provide a Name for the NIC (e.g., myVM-nic).
  4. Select the Virtual network and Subnet you created earlier.
  5. Click "Next: IP configurations."

IP Configuration

This section defines the IP addresses assigned to the NIC.

  • Public IP address: Choose whether to assign a public IP address. This allows the VM to be reached from the internet. You can create a new one or use an existing one. For internal-only VMs, you can select "None."
  • Private IP address: This is assigned from the subnet's address range. You can choose dynamic (Azure assigns it) or static (you specify an IP within the subnet range).

DNS Settings

You can configure custom DNS servers or use Azure's default DNS. For most scenarios, Azure's default DNS is sufficient.

Click "Review + create" and then "Create" to provision the NIC.

Network Security Groups (NSGs)

A Network Security Group (NSG) acts as a stateful firewall for your Azure Virtual Machines. It contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks.

NSG Basics

NSGs can be associated with either a subnet or a network interface. Rules applied at the subnet level affect all NICs within that subnet.

Step 3: Create and Configure an NSG

You can create an NSG when creating a VM's NIC or separately.

  1. Navigate to "Network security groups" and click "Create."
  2. Select Subscription, Resource Group, and Region.
  3. Give your NSG a Name (e.g., myVM-nsg).
  4. Click "Review + create," then "Create."

Inbound Rules

Inbound rules control traffic coming into your VM.

  • Priority: Lower numbers are processed first.
  • Source: Specify the source IP address range, service tag, or application security group.
  • Destination: Specify the destination IP address range.
  • Protocol: TCP, UDP, ICMP, or Any.
  • Action: Allow or Deny.
  • Destination port ranges: e.g., 80, 443, 3389 (RDP), 22 (SSH).

Example: To allow RDP access, create an inbound rule with Priority 300, Protocol TCP, Destination port range 3389, and Action Allow.

Outbound Rules

Outbound rules control traffic going out of your VM.

By default, Azure NSGs allow all outbound traffic.

Important

When you create an inbound security rule to allow traffic, ensure you also have corresponding outbound rules if necessary, or that the default outbound rules permit the desired traffic.

Connecting VMs to the Network

Once your VNet, subnets, NICs, and NSGs are configured, you can create your Azure VMs. When creating a VM:

  1. On the "Networking" tab of the VM creation wizard, select the VNet and Subnet you configured.
  2. Choose or create the Network Interface.
  3. Select the NSG you want to associate with the NIC or subnet. If you don't specify one, a Basic NSG will be created with default RDP/SSH rules if applicable.

After the VM is deployed, you can RDP (for Windows) or SSH (for Linux) to it using its public IP address or by establishing a VPN/ExpressRoute connection if you've configured hybrid networking.

Conclusion

You have now successfully configured the basic networking components for your Azure VMs. This includes setting up Virtual Networks, Subnets, Network Interfaces, and Network Security Groups to control traffic flow and ensure security. Remember to plan your IP addressing and subnetting carefully for scalability and security.

Next Steps

Explore advanced networking features like Load Balancers, Application Gateways, VPN Gateways, and Azure Firewall to build more sophisticated and resilient cloud architectures.

Deploy a VM with Custom Networking