Network traffic within peered virtual networks is isolated. For instance, no public Internet, gateways, or encryption is needed in the interaction between the virtual networks. The advantage of utilizing virtual network peering is that it gives a low-latency, high-bandwidth connection between resources in various virtual networks.
In this hands-on lab, learners will create a virtual network using Azure Cloud Shell and Azure CLI and configured VNet peering between virtual networks for secure communication. The other guided challenges in this series are “Configure Authentication with Web Apps” and “Can you Configure Network Security Groups (NSGs) to allow Application and Database traffic?”
Understand the Scenario
In this virtual lab, you are a system administrator for a company that is migrating its web services from its own datacenter to Azure. You need to create and deploy multiple Azure Virtual Networks using VNet peering for secure bidirectional communication, as a proof of concept. To accomplish this task, you are provided with an Azure resource group that initially contains no resources. Your job is to create the necessary resources to complete the challenge.
Create a virtual network for a web server tier using the Azure portal
An Azure Virtual Network (VNet) is a copy of your network in the cloud. It is a legal separation of the Azure cloud assigned to your subscription. When you build a VNet, your settings and VMs within your VNet can interact quickly and securely with each other in the cloud. In this first section of the virtual lab, learners will learn how to create a virtual network for a web server tier. For this, they will first sign in to the Azure portal and create a virtual network named VNet1-11874770. After this, they will configure the virtual network to use address space 10.0.0.0/16 and have a subnet called Web for IP address range 10.0.1.0/24. Finally, they will check a virtual network named VNet1-11874770 exists or not, and has a subnet called Web for IP address range 10.0.1.0/24.
Create a virtual network for an application server tier using Azure Cloud Shell and Azure CLI
Azure Cloud Shell is used to maintain and develop Azure resources. Cloud Shell gives a browser-accessible, pre-configured shell background for running Azure resources without the burden of installing, versioning, and managing a machine yourself. In this section of the virtual lab, you will again create a virtual network for an application server tier using Azure Cloud Shell and Azure CLI. For this, you will launch Azure Cloud Shell and create a Storage Account and file share for Cloud Shell in the existing resource group by using the advanced settings option. After this, you will name the Storage Account and name the file share. Next, in the Azure Cloud Shell, you will learn how to create a virtual network named VNet2-11874770 using Azure CLI and configure the virtual network to use address space 10.10.0.0/16 and a subnet named App for IP address range 10.10.1.0/24.
Configure VNet peering between the virtual networks for secure bidirectional communication
VNet peering is a method that joins two virtual networks (VNets) in the same area through the Azure network. Once peered, the two virtual networks emerge as one for all connectivity goals. It is a logical and crucial isolation of Azure, which allows you to join Azure resources securely. In this section of the virtual lab, learners will learn how to configure VNet peering for secure communication. For this, you will create VNet peering for VNet1-11874770 and VNet2-11874770. For secure bidirectional communication, learners will ensure that the VNet peering for VNet1 points to VNet2 and that the VNet peering for VNet2 points to VNet1. After this, they will name the peering for VNet1 VNet1-to-VNet2, and name the peering for VNet2 VNet2-to-VNet1. For each peering, learners will allow virtual network access and allow forwarded traffic. Finally, you will check that VNet peering is active for both virtual networks, with VNet1 pointing to VNet2 and VNet2 pointing to VNet1 and VNet peering status is Connected.
Lab Summary Conclusion
After completing the “Configure Virtual Network Connectivity using Peering” virtual lab, you will have accomplished the following:
- Created a virtual network for a web server tier using the Azure portal.
- Created a virtual network for an application server tier using Azure Cloud Shell and Azure CLI.
- Configured VNet peering between virtual networks for secure bidirectional communication.