Virtual Network Overview

Last updated: October 26, 2023

A virtual network (VNet) is a logical representation of your physical network. It allows you to provision and manage your network resources in a private cloud environment. Virtual networks are fundamental to cloud computing, enabling isolation, security, and connectivity for your applications and services.

What is a Virtual Network?

A virtual network provides a foundation for building secure and robust cloud-based solutions. It enables you to:

Isolate resources: Create private network spaces for your virtual machines and services, preventing unauthorized access.
Connect to on-premises networks: Establish secure connections between your cloud VNet and your existing on-premises infrastructure using VPNs or dedicated circuits.
Control traffic flow: Implement network security groups (NSGs), firewalls, and routing rules to precisely manage traffic entering and leaving your VNet.
Achieve high availability: Distribute resources across multiple subnets and availability zones for resilience.

Key Components of a Virtual Network

Understanding the core components is crucial for designing and managing effective virtual networks:

Subnets

A subnet is a range of IP addresses within your virtual network. You divide your VNet into subnets to logically group resources that share similar security and routing requirements. Each subnet is associated with an address range that is a subset of the VNet's address space.

10.0.0.0/16 (VNet)
├── 10.0.1.0/24 (Frontend Subnet)
├── 10.0.2.0/24 (Backend Subnet)
└── 10.0.3.0/24 (DMZ Subnet)

IP Addressing

Virtual networks use private IP address spaces (RFC 1918). You can assign public IP addresses to resources that need to be accessible from the internet. Dynamic and static IP address assignments are available.

Network Security Groups (NSGs)

NSGs are firewall-as-a-service capabilities that allow you to filter network traffic to and from Azure resources in an Azure virtual network. You can define rules to allow or deny inbound and outbound traffic based on source/destination IP address, port, and protocol.

Routing

By default, Azure virtual networks route traffic between subnets. You can customize routing using route tables to control how traffic flows within your VNet or to external destinations.

Gateway Services

Virtual network gateways provide connectivity between your Azure virtual network and other networks, such as your on-premises data center or other Azure virtual networks.

VPN Gateway: Securely connects your on-premises network to your Azure VNet over the public internet.
ExpressRoute Gateway: Provides a private, dedicated connection from your on-premises network to Azure, bypassing the public internet.

Considerations for VNet Design

When designing your virtual network, consider factors like IP address allocation, subnetting strategy, security requirements, and connectivity needs. Proper planning upfront can save significant time and effort later.

Common Use Cases

Hosting Web Applications: Deploying multi-tier web applications with front-end servers in one subnet and back-end databases in another.
Building Hybrid Clouds: Extending your on-premises datacenter to the cloud for disaster recovery or to leverage cloud scalability.
Securing IoT Solutions: Creating isolated networks for IoT devices to communicate with cloud services securely.
Implementing Big Data Analytics: Providing dedicated network environments for processing large datasets.