Microsoft Learn

Azure Virtual Network (VNet) Overview

Last updated: October 26, 2023

Azure Virtual Network (VNet) is the fundamental building block for your private cloud in Azure. It represents your own private network in the cloud. VNet enables Azure resources, such as Virtual Machines (VMs), to securely communicate with each other, with the internet, and with your on-premises networks. It provides the same benefits of a traditional on-premises network, such as:

• Isolation: Resources within a VNet are isolated from other VNets.
• Segmentation: You can divide your VNet into subnets for better organization and control.
• Traffic Control: You can control traffic flow within your VNet and to and from external networks.
• Connectivity: You can connect your VNet to other VNets or to your on-premises network.

Key Concepts of Azure VNet

Subnets

A subnet is a range of IP addresses within your VNet. After you create a VNet, you can divide it into one or more subnets. Each subnet within the VNet can contain Azure resources. Assigning resources to different subnets is the first step in network isolation.

IP Addressing

Each VNet is assigned a private IP address space. You can choose to use public or private IP addresses for your resources. Azure provides services to manage IP addresses, including DHCP for dynamic IP assignment and static IP assignment for specific resources.

Network Security Groups (NSGs)

Network Security Groups (NSGs) act as a distributed firewall, allowing you to filter network traffic to and from Azure resources in an Azure virtual network. You can associate an NSG with a subnet or an individual VM. NSGs contain security rules that allow or deny inbound network traffic to, or outbound network traffic from, various Azure resource types.

Route Tables

User-defined route tables allow you to control how traffic is routed between subnets, the internet, and your on-premises networks. You can create custom routes to override Azure's default routing behavior.

Gateways

Azure VNet Gateways are used to enable connectivity between VNets and on-premises networks. This includes:

• VPN Gateway: Connects your VNet to an on-premises network over the public internet.
• ExpressRoute Gateway: Connects your VNet to an on-premises network over a private, dedicated connection.

Benefits of Using Azure VNet

• Enhanced Security: Isolate your resources and control traffic with NSGs and firewalls.
• Hybrid Cloud Capabilities: Seamlessly extend your on-premises network to Azure.
• Scalability and Availability: VNet is a highly available and scalable service that supports your application's growth.
• Global Reach: Deploy your applications in Azure regions around the world.

Example Scenario: Web Application Deployment

Consider a typical web application deployed in Azure. You might:

1. Create a VNet to host your application's resources.
2. Divide the VNet into subnets for your web servers, application servers, and databases.
3. Use NSGs to restrict access to the database subnet only from the application server subnet.
4. Configure a public IP address for your web servers to allow internet access.
5. Optionally, use a VPN Gateway to connect your VNet to your development environment on-premises for easier management.

{
  "name": "AllowHttpInbound",
  "properties": {
    "priority": 100,
    "protocol": "Tcp",
    "access": "Allow",
    "direction": "Inbound",
    "sourceAddressPrefix": "*",
    "sourcePortRange": "*",
    "destinationAddressPrefix": "*",
    "destinationPortRange": "80",
    "description": "Allow inbound HTTP traffic"
  }
}
                

Azure Virtual Network is a powerful and flexible service that provides the foundation for building secure, scalable, and highly available applications in the cloud.