Update and Maintain Resources in Azure - Update the virtual network

In this scenario, you’re assisting an Azure Administrator with managing cloud resources. While you’re not handling the entire infrastructure, you’ll support by carrying out specific assigned tasks.

At the moment, there is an underutilized Linux virtual machine, and there’s a requirement to deploy another Linux VM that will function as an FTP server. To properly monitor network traffic and resource usage for this new server, the administrator has decided that a separate subnet should be created. The existing subnet will remain unchanged, as it is reserved for future virtual machine deployments.

This article builds on the previous one, and all previously created resources will be reused in this setup.

Create a New Subnet in an Existing Virtual Network

From the Azure Portal homepage, search for and select Virtual networks under Services to begin creating a new subnet within your existing VNet.

• From the Azure portal home page, search for and select virtual networks under services.

-Select the guided-project-vnet virtual network.

• From the guided-project-vnet blade, under settings, select Subnets.

• To add a subnet, select + Subnet.

• For Subnet purpose, leave it as Default.
• For Name, enter: ftpSubnet.

• Leave the rest of the settings unchanged and select Add.

Create a network security group

• From the virtual network blade, select network security group

• Select + Create.

• Select the guided-project-rg resource group.

• Enter ftpNSG for the network security group name.

• Select Review + Create

• Select Create.

• Wait for the screen to refresh and display Your deployment is complete, then select Go to resource.

Create an inbound security rule

• Under settings, select Inbound security rules.

• Select + Add.

• Change the Destination port range from 8080 to 22.

• Select TCP for the protocol.

• Set the name to ftpInbound.

• Select Add.

• Select Home to return to the Azure portal home page.

Associate a network security group to a subnet

• From the Virtual network page, select the guided-project-vnet virtual network.

• Under settings, select Subnets.

• Select the ftpSubnet you created.

• On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.
• Save.

Conclusion

Creating a subnet within an existing Azure Virtual Network (VNet) allows administrators to divide the network into smaller, well-organized segments. Each subnet represents a defined IP address range, making it easier to manage resource placement and control network traffic. Once created, the subnet serves as a dedicated space where resources like virtual machines can be deployed and communicate securely within the broader network.

After setting up the subnet, a Network Security Group (NSG) can be linked to it to enforce security rules. Acting as a virtual firewall, an NSG regulates both inbound and outbound traffic based on parameters such as IP addresses, ports, and protocols. When associated with a subnet, these rules are automatically applied to all resources within it, ensuring consistent protection, restricting unauthorized access, and maintaining controlled communication across the environment.