A virtual network in Azure functions similarly to an on-premises network, allowing seamless connectivity between various resources. It enables virtual machines (VMs) to connect, form systems like FARMs for internal communication, and even integrate with on-premises systems in specific scenarios.
Each Azure subscription supports multiple regions, and each region can contain one or more virtual networks. These networks remain isolated from each other, even if they reside within the same region.
Key Features of Virtual Networks:
• Each virtual network has its own private address range, defined during setup.
• Virtual networks can include multiple subnets, each with its own address range derived from the main network's address space.
• Azure provides built-in DNS for name resolution, but custom DNS servers can also be configured if you have a specific domain. This allows resources to utilize the assigned domain name.
Key Term: Subnets
Subnets divide virtual networks into smaller, manageable segments, grouping resources based on specific needs. Certain resources, like an application gateway, require dedicated subnets for optimal functionality.

Network Security Groups (NSG):
An NSG is part of the virtual network within a resource group and contains rules to control inbound and outbound traffic for Virtual Machines (VMs).
NSGs can be linked to either network interface cards (NICs) or subnets. When an NSG is assigned to a NIC, it impacts only the VM associated with that NIC. Conversely, assigning an NSG to a subnet applies the same rules to all VMs within the subnet.
Each NSG rule has an assigned priority level. Azure includes predefined rules with the highest priority values, meaning they have the lowest enforcement precedence. These default rules cannot be deleted but can be overridden by custom rules.

Network Interfaces (NICs):
NICs enable Azure Virtual Machines (VMs) to connect with the virtual network (vNet), facilitating communication with both internal and external resources. Depending on the VM size, a single virtual machine can support multiple NICs.
IP Address:
IP addresses allow resources to communicate within Azure, with on-premises networks, and with external resources, including the internet. Azure offers two types of IP addresses:
• Public IP Addresses:
Public IPs enable communication over the internet and with public-facing Azure services. They are created using two SKUs:
o Basic SKU:
 Supports static or dynamic allocation.
 Optional but recommended network security groups (NSGs) can restrict traffic.
 Not zone-redundant.
o Standard SKU:
 Only supports static allocation.
 Requires explicit whitelisting of inbound traffic through configuration (IP addresses, ports, and protocols).
 Zone-redundant.
Public IPs can be assigned to:
 Virtual Machines
 Internet-facing Load Balancers (Layer 3)
 VPN Gateways (P2S and S2S Connectivity)
 Application Gateways (Layer 7)
• Private IP Addresses:
Private IPs are used for communication within an Azure vNet and between the vNet and on-premises networks when connected via VPN Gateway or ExpressRoute.
Private IPs can be assigned to:
o Virtual Machines
o Internal Load Balancers (Layer 3)
o Application Gateways (Layer 7)
VPN Gateways:
VPN Gateways connect networks, such as Azure vNets to each other or to on-premises networks. They are deployed in dedicated subnets and only support dynamic Basic SKU IP addresses, as per Microsoft documentation.
Application Gateway:
Application Gateways are Layer 7 load balancers that route traffic based on URLs, unlike traditional Layer 4 load balancers that operate at the transport layer (TCP/UDP). These gateways require dynamic Basic SKU IP addresses and are always deployed within a virtual network.

Application Gateway SKUs:
Azure offers two SKUs for the Application Gateway:
• Standard:
Includes all the features of a Layer 7 load balancer.
• Web Application Firewall (WAF):
Provides centralized protection for web applications against common attacks and vulnerabilities, in addition to the features of the Standard SKU.
Load Balancers:
Azure Load Balancers operate at Layer 4 (TCP and UDP) and ensure high availability and performance for applications. They route traffic by mapping incoming IP addresses and ports to the private IP addresses and ports of Virtual Machines.
Traffic Manager:
Azure Traffic Manager is a DNS-based load balancer that optimally distributes traffic to services across multiple Azure regions, ensuring high availability and improved performance. It directs traffic to the nearest service endpoint based on traffic-routing methods and the health of endpoints, which are continuously monitored.

This article is brought to you by P2P-Certs, a trusted platform offering comprehensive IT certification guidance.

Author Of article : Geng Chen Read full article