Getting Started with Azure Virtual Networks
Azure virtual networks enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as an extension of your on-premises network with resources that links other Azure resources.
In this lecture, the focus is on introducing and explaining the key concepts of virtual networks in Azure. You’ll learn about how Azure virtual networks (VNets) provide a way for Azure resources such as virtual machines (VMs), web apps, and databases to communicate internally, with the internet, and with on-premise networks. This is likened to an extension of an on-premise network into the cloud, integrating with Azure resources.
The foundational elements covered include address space configuration, where the distinction between public and private IP addresses is clarified, and the importance of allocating a private IP range to your virtual network is emphasized. It’s explained that within this address space, resources are assigned a private IP.
The concept of subnets is detailed, illustrating how to segment a virtual network into smaller networks, each with a portion of the VNet’s address space. This segmentation aids in efficient address allocation and allows for network security groups to secure resources within these subnets.
Next, the lecture touches on the geographical scope of VNets, which are confined to a single region, but can be interconnected across regions through virtual network peering. The role of an Azure subscription in the scope of a virtual network is also explained, highlighting that multiple VNets can exist within a single subscription and within each Azure region.
The lecture further delves into the networking capabilities of VNets, including isolation, segmentation, and various forms of communication—whether it’s between Azure resources, internet communication, or linking to on-premise resources. The routing and filtering of network traffic are presented as key features, along with the ability to connect virtual networks together.
As for network traffic, it’s illustrated how virtual machines connect to the internet by default and how you can enable incoming connections from the internet using public IP addresses or a public load balancer. The lecture also presents how Azure VNets enable secure communication between Azure resources using either VNets or service endpoints. The differences and use cases for point-to-site VPNs, site-to-site VPNs, and Azure ExpressRoute are described to show how on-premise networks can be extended to Azure.
The lecture goes into the specifics of controlling network traffic with route tables and the Border Gateway Protocol (BGP), along with the use of network security groups and network virtual appliances to filter traffic.
Lastly, the concept of virtual network peering and user-defined routes (UDRs) is introduced, providing the means to create an interconnected network across different regions globally through Azure.
For exam preparation, you’re reminded of the importance of understanding these VNet concepts, networking capabilities, and ways to enable secure communication between Azure resources. Understanding, rather than implementing, the available options is stressed as crucial for the exam.