19 hours 58 minutes
Welcome back. In this episode, we're gonna move on to our next azure resource with virtual networking.
My objectives for you include understanding virtual networking concepts, how they communicate over these virtual networks and basic routing and filtering options we have. Let's get started
first. What are virtual networks? Azure virtual networks or V nets are the building blocks of creating your network and azure.
They provide secure communication within the networks, as well as to the Internet and on premises networks.
The nets connect multiple azure resource is together like virtual machines or storage accounts.
The nets work a lot like the networks found in your on premises data center, but with the additional benefits like scalability, high availability and isolation,
creating virtual networks is free and azure. But there are limitations such as 50 ve nets across different regions,
however, creating additional networking components like be net peering public I P addresses or VP and gateways to have a price associated with them.
There are a few V neck concepts we need to cover before moving forward.
The first is address spaces. When you define Avi net, you give it an address space that other networks or sub nets will reside in it.
Thes address spaces will fall into the range is defined. RFC 1918 are probably want you're already familiar with, like 1 92 That 1 68 That 0.0
from this address space Azure will auto Sign I P addresses to Resource is created inside the network.
Sub nets are segmentation inside the virtual network. This allows breaking up the larger V Net address space into smaller address spaces to deploy specific workloads into,
For example, he might have a sub net for Web front ends in a second submit for database servers.
Looking at our 1 92.1 68.0 network with a 16 bit sub net mask, we could then create a sub net of 1 92.1 68.1 dot zero. Will the 24 bit sub net mask. When creating the Veena, you have to sign it to a region like east US or south central us.
The nets are scope to one region or location as well as the sub nets to find in them.
Finally, ve nets are also scope to subscriptions. Resource is, and one subscription cannot use a V net defined in a separate subscription. Now you'll also notice on this slide on the right. This is what creating a virtual network inside of Azure looks like. You can see some of the values that I've put in here, such as the name,
the address, space
subscription, the resource group and the location, as well as defining the first submit for the virtual network.
Let's talk about V neck communication Inside of Azure. All resource is intervene. It can communicate outbound to the Internet by default.
If you want to allow inbound communication to a resource like a virtual machine, you can create in a sign of public i p address to the resource or replace the resource behind a load balancer that is publicly accessible. If you have to be nets that need to communicate with each other, you can use peering connections. This will enable resource is and virtual networks to communicate with each other.
The virtual networks can be in the same or different azure regions.
Finally, there's the concept of service in points. These allow limiting network access to azure resource is to a specified virtual network sub net. This provides a direct connection from the virtual network to the service and allows using the private address space to access the resource
traffic. Going to the resource through these endpoints is ratted on the azure backbone network.
An example. This would be configuring an end point for a storage account and allowing virtual machines in the sub net to access it directly. As your virtual networks are not just limited to re sources and azure you can't allow communication with on purpose is resource. Is there a couple of different options? The first is through a virtual private network, or VPN.
There are two options we can work with. You're the first is a point to cite VPN.
This is established between a single computer in your network to a virtual network inside of Azure.
Each computer that needs access to the virtual network inside of Azure would need to establish its own connection.
This is similar to how you might establish a VPN connection to access on premises. Network resource is when you're outside the office. The second VPN option is a site to site connection. This is made between an on premises VPN device and an azure VPN gateway deployed in a virtual network.
This will allow multiple on premises. Resource is to access an azure virtual network through the same connection.
This would be a preferred option in the hybrid scenario, or an application of workload is being shared between on premises and cloud resource is
both of these. VP and solutions use encryption to secure the traffic over the Internet.
Finally, there is azure express route.
This is a connection established between Asher and an express rail partner.
This connection is private as the traffic does not traverse the Internet.
Since these connections do not go over the public Internet, they're often more reliable. Faster with lower Leighton sees and more secure connections inside of Azure is made through a virtual network eight way as well, just like a re peon Solutions are.
In fact, you can configure a site to site B being connection as well as an azure express route for the same virtual network. By deploying two different network eight ways
by default traffic and as your networks is automatically routed between seven, it's on premises, networks and the Internet. If needed, you can override these defaults by creating your own roundtables thes round tables can be assigned to individual seven. It's in a virtual network to control where the traffic should go.
You often see these referred to as user to find routes or you tr
he ever azure networks connected to your on premises networks using the methods we talked about earlier. You can publish your on premises B G P routes to the virtual networks.
This exchange of routes informs the azure virtual network gateways about the reach ability of the on premises network address spaces so the resource is can establish communication
With all this network traffic flying around. Sometimes you want to control who can talk to each other or provide some network isolation. This could be implemented in one of two ways.
First, there are in network security groups or NS G's. You can set inbound and outbound security roles to filter traffic between. Resource is
thes. Rules are defined. Using I P addresses ports and protocols, for example, you can easily block remote desktop protocol for a seven it to disallow remote connections. The next is network virtual appliance. This is a virtual machine that performs network functions commonly found in a non premises data center like firewalls or when. Optimizers.
There's several available in the azure marketplace from third party vendors like Baracoa, 40 Gait, Cisco and Riverbed.
That does it for the basics of virtual networking. Let's follow it up with a little post assessment question.
How many options are there to connect to Azure to on premises networks?
The answer is, we have three options. Point to side B peons, site to site B, peons and express route.
Coming up. Next, we're actually gonna get dive back into the azure portal to start creating virtual networks and see what all the options look like.
See you in the next episode.
AZ-301 Microsoft Azure Architect Design
Azure Solution Architects translate business requirements into secure, scalable, and reliable solutions. In this AZ-301 ...
15 CEU/CPE Hours Available
Certificate of Completion Offered
Microsoft Azure Architect Technologies (AZ-303)
An Azure Solution Architect partners with cloud administrators, cloud DBAs, and clients to implement solutions. ...