Hello and welcome back to Cyber Aires. Microsoft Azure Administrator A Z 103 course. I'm your instructor, Will Carlson. And this is Episode 35. Where will finally begin our discussion about networking in Azure?
In today's episode, we're gonna talk about and get a high level understanding of all the different concepts here in a Z 103 that pertained to networking an azure.
We're gonna talk about some best practices as well, and we're also going to get into portal and configure our first virtual network.
But first, for an overview of networking in azure, you'll see that azure is gonna be composed of virtual networks. And these virtual networks are typically going to be a large groups of I P addresses. So if you're familiar with cider notation, these air typically gonna be slashed 16 at dress blocks.
Microsoft recommends that you have fewer large V nets as opposed to a lot of small V nets to manage. This is gonna leave room for you to create multiple sub nets or subdivisions of that larger V net. Typically, for example,
the sub nets will be slashed 24 address spaces instead of the larger slash 16.
It's also recommended that you avoid overlapping address spaces in your azure environment and your on premise network. So setting up networking here in Azure requires a little bit of planning to make sure that when you begin connecting all of your azure virtual networks and then your networks on premise to your azure environment
that you don't end up with any
really nasty I p address conflicts that have to be resolved.
A couple of other things here about virtual networks in particular in Azure are going to be that they are region and subscription based,
and they're typically going to be secured with a network security group. Now there are a couple of other ways, primarily one other way, really to secure virtual networks, and we'll talk about that in the course. But the primary way to do this is with a network security group,
and what this image here shows is the larger container of an azure Virgil network divided in this instance into three smaller sub nets. And it's this that interacts with the Internet. Public azure storage and other azure service is such as azure sequel databases, So keep those two primary containers in mind,
virtual networks and sub nets.
The other important item to talk about here, primary of the primary function, is going to be a nick card, which would be on each of your virtual machines as well.
So you have a couple of options when you're trying to communicate between and within a resource is within the azure environment. And the 1st 1 of those is going to be a virtual network. We talked about that briefly in the previous slide, but a virtual network is just going to be again. A series of I P addresses, all lumped together,
went in the container of essentially a virtual network
virtual network service in points. We've also talked about in previous videos about storage, and that's a way that we can make assets within the azure environment communicate securely together.
Virtual network peering is gonna be the concept of taking assets or virtual networks that are different, but both within the azure environment and connecting them together in a way so that they can communicate with resource is in each of the other virtual networks.
Now we have a couple of options as well for communications between azure and are on premise network. The 1st 1 of these is going to be a point to cite VP in
and appoint decide VPN is going to be an end point or a computer connecting and talking into the azure environment. So think, possibly a backup server. And if that's the only thing you have communicating with Azure, it's more simple to simply create a VPN connection from that server into the azure environment. That's a point to site B P. And
the alternative here would be a site to site B, p n. And these were gonna be between your on premise locations and the azure environment, typically from your on Prem location with an edge device, a router of some sort that negotiates the VPN connection back toe azure.
The last option here, when we're trying to set up connectivity between our on premise infrastructure and the azure environment is going to be an express route,
and the express route is a circuit purchased from a provider that ultimately terminates in the azure environment directly.
There are a number of ways to get this done from a networking standpoint,
but effectively, this is a way to get the azure environment on your network connected directly to you
without having to use the public Internet.
Another important concept here in networking with Azure is going to be the ways that we filter traffic into and out of the azure environment.
The primary one of these we already briefly talked about and those were gonna be network security groups.
The other one of these is gonna be a network virtual appliance. And this is a software based or a virtualized hardware appliance that you can run in your environment. Think Palo Alto, Ford, Annette,
Cisco or any other firewall or router manufacturer that you could put in line and a virtualized appliance and continue to use most likely similar firmware and operating systems to communicate and secure your environment. In addition to the Azure Default Network security group.
The last main concept we're gonna talk about here in networking for Azure is going to be the ways that we can route traffic
1st 1 of these is gonna be route tables, and these are just what it sounds like. There are ways for you is the administrator to set up some routes in a round table to control how traffic ultimately traverse is into and out of unless you're three. The azure environment
as you're also exposes some ways to connect your on prim routes through B G p
back into the azure environment as well. And we'll talk briefly about that
now that we've covered some of the general basics about our road map here for networking and azure. I want to go ahead and get straight into portal, and we're gonna set up our very first virtual network to get started. We're obviously gonna click on the virtual networks blade,
and you can see that I already have a few virtual network set up to facilitate some of the other lab work that we've done in this course. But I'm gonna go ahead and add an additional virtual network.
I get to name this virtual network, and it's always wise to have a naming convention. We're gonna just call this test V net
and you can see that Azure has gone ahead and incremental. Attend got four slash 16 address space for me, And that's because I have a number of other virtual networks that I've let Azure a sign, and it's already assigned that not one, not two in the 20.3 space.
But just as a quick refresher, this slash 16 means that we have these two available numbers in our octet for addresses, and that gives us a total of 65,000 addresses in this virtual network. It really is quite a few. I've got this tight in here to my free trial subscription.
I need to select a resource group.
We're gonna put this in. The security resource group will tie this to a location and then I have the option to name my sub net. We're gonna leave. That is default. And we can see that Azure has gone ahead and set me up this first sub net as 10.4 dot 00 slash 24.
Which means I only have addresses available in this particular octet here at the end
for 256 addresses within this sub net.
Now we'll talk more about service in points again. But in the creation of this sub net, I could go ahead and enable those service in points if I wanted to.
And you're also has a virtual firewall service. But because this is not on the a Z one of three exam outline. We're gonna go ahead and skip past the details of that function at this point, and we're gonna go down and click on Create.
And now we can see that that virtual network has been created. Remind you that virtual networks are region and subscription based and virtual networks do not cost you any money to deploy. So again, virtual networks are completely free.
Another item to cover here about virtual networks is outbound. Internet from the virtual network is on by default, and inbound Internet is denied by default. So any resource is that you deploy within. The virtual network will be able to get to the Internet, but they are not available from the Internet in.
Another interesting thing about virtual networks is that Azure goes ahead and builds all of the necessary resource is so that every resource I have within a virtual network, regardless of its sub net,
can communicate with each other.
I can have three servers in seven that a and four servers in sub net be, and I can communicate across all of those. Resource is through the virtual network because Azure goes ahead and builds a d. N s server in that virtual network for me as well. We'll talk more about all those details, but it is an important fact to know
all Ri sources within a virtual network can communicate with each other by default.
So if you have a need to isolate those devices within the virtual network, you'll either have to do that with the network security group. Or simply put, the resource is that you want to segregate and two separate virtual networks again. We'll talk more about those details in the considerations as we go throughout the course, but
that is how we set up our first virtual network here in Azure.
So in this episode we talked about a few best practices so non overlapping I p address spaces between Azure and are on premise locations, always leaving room in sub nets. So don't set your sub net masks so small that you only have a very limited number of I P addresses. You can see that azure by default
gives us an entire slash 24 for our seven it or 256
I P addresses in that sub net.
Microsoft also recommends fewer large the nets the slash sixteen's rather than a bunch of small ones that have to be managed to that player.
We secured sub nets, virtual networks with network security groups.
An outbound Internet is on by default for a virtual network, some really important things to remember about virtual networks.
We also talked about some of the various types of communication in azure. Both communication between resource is on azure communication between on prime resource is and how we filter and route traffic here in the azure environment as well. And we step through the very simple steps
of configuring our first virtual network in Azure as well be of the portal
coming up. Next, we're gonna talk about the concept of private eye peas and how and where they're assigned. And we're also gonna talk a little bit more about public eye peas and how and where they're assigned as well, along with the skews available for both of these products.
Thanks for joining me on this episode today, and I'm looking forward to the rest of our discussion about networking in Asher