Azure Virtual Network

Build and manage your private network infrastructure in the cloud.

What is Azure Virtual Network?

Azure Virtual Network (VNet) is the foundational building block for your private network in Azure. It enables you to securely connect Azure resources to each other, to the internet, and to your on-premises environments. VNet allows you to provision and manage a logically isolated network in the Azure cloud, giving you full control over IP addressing, DNS settings, route tables, and network security.

With Azure Virtual Network, you can:

  • Isolate your cloud resources for enhanced security.
  • Establish secure hybrid connectivity between on-premises datacenters and Azure.
  • Control network traffic flow with Network Security Groups and User Defined Routes.
  • Deploy resources into your virtual network.
Explore Azure VNet Pricing

Core Concepts

Subnets

A subnet is a range of IP addresses within your virtual network. You can divide a virtual network into smaller subnets, each with its own range of IP addresses. This allows you to segment your virtual network for security and organizational purposes. Resources deployed within Azure are always deployed into a subnet.

IP Addressing

Azure VNet supports both public and private IP addresses. Private IP addresses are used for communication within your virtual network and with your on-premises network. Public IP addresses are used for communication over the internet.

Network Security Groups (NSGs)

NSGs act as a distributed firewall, allowing you to filter network traffic to and from Azure resources in an Azure virtual network. You can define rules to allow or deny inbound and outbound traffic based on source/destination IP address, port, and protocol.

Route Tables

Route tables allow you to control how traffic is routed within your virtual network. You can define custom routes to direct traffic to specific network virtual appliances or to enforce specific routing policies.

Gateways

Azure VPN Gateway and ExpressRoute Gateway enable secure and high-performance connectivity between your Azure virtual networks and your on-premises networks.

Key Features

  • Isolation and Segmentation: Create isolated environments for your applications.
  • Hybrid Connectivity: Seamlessly connect your on-premises datacenter with Azure using VPN Gateway or ExpressRoute.
  • Enhanced Security: Utilize Network Security Groups and Azure Firewall for granular traffic control.
  • Traffic Management: Distribute traffic effectively with Azure Load Balancer and Application Gateway.
  • Service Endpoints and Private Link: Securely connect to Azure services without exposing traffic to the public internet.
  • Custom DNS: Integrate with your existing DNS infrastructure or use Azure DNS.

Common Use Cases

  • Lift-and-Shift Applications: Migrate existing on-premises applications to Azure while maintaining network connectivity.
  • Multi-tier Applications: Deploy complex applications with web, application, and data tiers, each in its own subnet.
  • Disaster Recovery: Establish a resilient network infrastructure for business continuity.
  • Big Data Analytics: Create secure and isolated networks for your data processing workloads.
  • Dev/Test Environments: Provision isolated networks for development and testing without impacting production systems.

Getting Started with Azure Virtual Network

Ready to build your secure cloud network? Follow these steps:

  1. Create a Virtual Network: Define your IP address space and create your VNet in the Azure portal.
  2. Create Subnets: Divide your VNet into logical subnets for resource deployment.
  3. Configure Security: Implement Network Security Groups to control traffic flow.
  4. Connect Resources: Deploy Azure services like Virtual Machines, App Services, and Databases into your VNet.
  5. Establish Hybrid Connectivity: If needed, set up a VPN Gateway or ExpressRoute for on-premises connectivity.

Refer to the official Azure documentation for detailed guides and tutorials.

Learn More in Azure Docs Try Azure Free