Azure Virtual Networks: Overview

On this page

Introduction

Azure Virtual Network (VNet) is the foundational building block for your private network in Azure. It enables Azure resources, such as Virtual Machines, to securely communicate with each other, with the internet, and with your on-premises environments.

This document provides a high-level overview of Azure Virtual Networks, their purpose, key benefits, and core components.

What is a Virtual Network?

An Azure Virtual Network is a logical representation of your network in the Azure cloud. It is a collection of IP address ranges that you define, and it has a number of subnets. You can then associate Azure resources with one of these subnets.

VNets are region-scoped resources. However, you can create VNet peerings to connect VNets in different Azure regions, effectively extending your network across geographical boundaries.

Conceptual diagram of Azure Virtual Network
A simplified view of an Azure Virtual Network connecting various Azure resources and on-premises networks.

Key Benefits

  • Isolation and Segmentation: Create private IP address spaces and segment your network using subnets for better control and security.
  • Secure Communication: Enable secure communication between Azure resources, and between Azure and your on-premises datacenter using VPN gateways or ExpressRoute.
  • Internet Connectivity: Control inbound and outbound internet access for your Azure resources.
  • Traffic Management: Route traffic between subnets, to the internet, and to on-premises locations using routing tables and Network Virtual Appliances.
  • Enhanced Security: Leverage Network Security Groups (NSGs) and Azure Firewall to filter network traffic and protect your resources.
  • Scalability: Easily scale your network infrastructure as your application needs grow.

Core Components

Understanding the core components of Azure Virtual Networks is crucial for designing and managing your cloud network:

  • IP Addressing

    You define a private IP address space for your VNet using CIDR notation. This IP address space is then divided into subnets.

    10.0.0.0/16

  • Subnets

    Subnets are divisions of your VNet's IP address space. Each subnet can contain Azure resources, and you can apply specific security policies to each subnet.

    • Example: 10.0.1.0/24 for web servers, 10.0.2.0/24 for application servers.

  • Network Security Groups (NSGs)

    NSGs act as a basic firewall for controlling inbound and outbound traffic to network interfaces (NICs), VMs, and subnets.

  • Route Tables

    Route tables allow you to define custom routes to control traffic flow between subnets, to the internet, and to your on-premises networks.

  • Gateways

    • VPN Gateway: Enables secure, encrypted connectivity between your on-premises network and Azure VNet over the public internet.
    • ExpressRoute Gateway: Provides a private, dedicated connection between your on-premises network and Azure.

  • VNet Peering

    Connects two Azure VNets, allowing resources in each VNet to communicate with each other as if they were within the same network. This can be done within the same region (local peering) or across different regions (global peering).

Common Use Cases

  • Hosting Applications: Deploying multi-tier applications with web, application, and data layers on separate subnets.
  • Hybrid Cloud Connectivity: Extending your on-premises datacenter network to Azure for disaster recovery or to run hybrid workloads.
  • Data Analytics: Creating secure networks for big data and analytics services.
  • Securing IoT Solutions: Providing a secure and isolated network environment for your Internet of Things devices.
  • Disaster Recovery: Establishing resilient and highly available architectures across multiple regions.

Next Steps

Now that you have a basic understanding of Azure Virtual Networks, you can explore the following topics: