A virtual network (VNet) is a logically isolated, private network in the cloud that lets your resources communicate securely, much like a traditional on-premises network, but without the physical hardware.
What a Virtual Network Does:
. Connects cloud resources:
Virtual machines, databases, app services, and containers can communicate with each other.
. Controls traffic flow:
You define IP address ranges, subnets, routing, and security rules.
. Isolates resources:
Keep workloads private and protected from the public internet.
. Connects to on-premises networks:
Using VPN gateways or Azure ExpressRoute.
. Enables secure internet access:
Decide what can go in and out using Network Security Groups (NSGs) and firewalls.
Scenario
Your organization is migrating a web-based application to Azure. Your first task is to put in place the virtual networks and subnets. You also need to securely peer the virtual networks. You identify these requirements.
. Two virtual networks are required, app-vnet and hub-vnet. This simulates a hub and spoke network architecture.
. The app-vnet will host the application. This virtual network requires two subnets. The frontend subnet will host the web servers. The backend subnet will host the database servers.
. The hub-vnet only requires a subnet for the firewall.
. The two virtual networks must be able to communicate with each other securely and privately through virtual network peering.
. Both virtual networks should be in the same region.
Skilling tasks:
. Create a virtual network.
. Create a subnet.
. Configure VNet peering.
Architecture Diagram.
Create hub and spoke virtual networks and subnets:
An Azure virtual network enables many types of Azure resources to securely communicate with each other, the internet, and on-premises networks. All Azure resources in a virtual network are deployed into subnets within the virtual network.
a. Sign in to the Azure portal.
b. Search for and select Virtual Networks.
c. Select + Create and complete the configuration of the app-vnet. This virtual network requires two subnets, frontend and backend.
i. On the Basics Tab, Create a Resource Group, Name the Resource Group and Select a Region.
ii. Go to the IP Address Tab, Populate the IP address and Configure Subnet from the deployment guide.
iii. Create the second Subnet.
Note: Leave all other settings as their defaults. When finished select “Review + create and then Create.
d. Create the Hub-vnet virtual network configuration. This virtual network has the firewall subnet.
i. Choose the Resource Group RG1, Name Vnet, Select a Region then Select the IP Addresses Tab.
ii. Configure Azure Firewall Subnet.
Then Review and Create, Create.
Configure a peer relationship between the virtual networks.
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure.
a. Search for and select the app-vnet virtual network.
b. In the Settings blade, select Peerings.
c. + Add a peering between the two virtual networks.
i. Give the Remote peering link a name and Virtual network.
ii. Choose a Local virtual network peering link name.
Note: Leave all other settings as their defaults. Select “Add” to create the virtual network peering.
d. Once the deployment completes, verify the Peering status is Connected.
Thanks for your time, till my next post.
Top comments (1)
Nice clear guide!! I like how you broke down hub and spoke with actual subnets. One tip … if you plan to expand later, consider enabling “allow forwarded traffic” and “use remote gateways” when peering. It saves headaches when adding more VNets or connecting on-prem networks later…