Table of Contents
Virtual networks (VNets) and subnets are fundamental components when setting up an Azure environment, providing the backbone for network communication within Azure as well as between Azure and on-premises networks. As a prospective AZ-104 Microsoft Azure Administrator, understanding how to create and configure these is essential.
An Azure Virtual Network provides a private network in the cloud, with full control over IP address ranges, DNS settings, security policies, and routing. To create a VNet:
Advanced settings can be configured as required, including DNS servers and whether to enable or disable the Azure system route.
After validating the inputs, click ‘Create’ to deploy your VNet. The deployment can take a few minutes.
Once a virtual network is established, you can configure subnets, which divide the network into one or more segments, improving organization, security, and efficiency.
Creating a subnet effectively breaks up your address space into useable blocks, where each can have its own security and configurations. For instance, you might have separate subnets for frontend services, backend services, and a database layer, each with different access controls and policies.
You can secure and control the flow of traffic in and out of VNets and subnets using Network Security Groups (NSGs) and Route Tables.
Azure VNets can also be connected to other VNets or on-premises networks using various connectivity options:
Component | Subnet Name | Subnet Address Range | Purpose |
---|---|---|---|
Web tier | WebSubnet | 10.1.1.0/24 | To host VMs for the frontend |
Business tier | BusinessSubnet | 10.1.2.0/24 | To host application logic VMs |
Data tier | DataSubnet | 10.1.3.0/24 | To host databases and storage |
Gateway subnet | GatewaySubnet | 10.1.255.0/27 | For the VPN or ExpressRoute gateway |
After configuring the VNets and subnets, you would then associate appropriate NSGs with each subnet, defining rules that allow traffic only on necessary ports (e.g., HTTP/HTTPS for the WebSubnet).
In this setup, clear separation of duties is maintained, and security boundaries are defined at the network level, which aligns with Azure best practices and provides a robust environment for deploying applications.
In summary, mastery over the creation, configuration, and management of VNets and subnets is vital for Azure Administrators and the AZ-104 exam. By understanding how to implement these components in Azure, administrators can design and build secure, scalable networks tailored to the needs of any organization.
An Azure Virtual Network is scoped to a single Azure region; however, multiple virtual networks from different regions can be connected using VNet peering.
B) 0/24
0/24 is within the range of private IPv4 addresses that can be used in Azure VNet. The others are reserved for special purposes such as loopback (A), multicast (C), and link-local (D).
NSGs can be associated with either subnets or individual VM instances within a VNet to filter network traffic.
B) /29
The smallest subnet you can create within an Azure VNet is a /29, which provides up to 3 usable IP addresses for VMs and other resources.
Deleting a VNet does not automatically delete the resources within it. You must delete or dissociate resources like VMs before deleting the VNet.
By default, Azure VNets have outbound connectivity to the internet, and inbound connectivity can be configured.
D) They must not overlap.
VNet peering requires that the IP address spaces of the VNets do not overlap to prevent routing issues.
A) Azure VPN Gateway, C) Azure ExpressRoute
Azure VPN Gateway and Azure ExpressRoute are both services to connect VNets to on-premises networks. NSGs are used for filtering traffic, and VNet peering is for connecting VNets within Azure.
By default, VNet peering is non-transitive, which means you cannot route traffic through a peered VNet to a third VNet. You need to establish peering individually.
B) To provide a direct connection to Azure PaaS services from a subnet
Service endpoints provide secure and direct connectivity to Azure PaaS services over the Azure backbone network.
Once a subnet is created in a particular VNet, it cannot be moved to another VNet. You must delete and recreate it in the desired VNet if needed.
C) Apply network security rules to traffic
Applying network security rules is a function of Network Security Groups, not the Azure Load Balancer. The Load Balancer is responsible for balancing traffic and providing public IP addresses.
A virtual network in Azure is a logically isolated network that provides a secure environment to run your resources.
Some benefits of using a virtual network in Azure include increased security, network traffic management, and scalability.
To create a virtual network in Azure using the portal, you can follow the quick-create guide found in the Azure documentation.
A subnet in Azure is a range of IP addresses in your virtual network that can be used to isolate and manage network traffic.
To manage subnets in Azure, you can navigate to the Subnets service in the Azure portal and configure subnet settings as needed.
Some features of subnet management in Azure include address space configuration, network security group configuration, and service endpoints configuration.
To extend a subnet in Azure, you can navigate to the Subnets service in the Azure portal, select the subnet you want to extend, and add a new “Gateway subnet” with the desired address space and name.
A network security group in Azure is a way to filter network traffic and enforce security rules for resources in your virtual network.
You can configure a network security group in Azure by creating a new security group, specifying the security rules, and associating the security group with your virtual network.
An Azure Virtual Network Gateway is a type of virtual network resource that allows you to connect your virtual network to other virtual networks, on-premises networks, or the Internet.
You can monitor and analyze network traffic in Azure using the Azure Network Watcher service, which provides tools for troubleshooting and diagnosing network issues.
You can configure a custom DNS server in Azure by creating a new DNS zone and specifying the custom DNS server’s IP address in the virtual network settings.
Yes, you can create a virtual network in Azure using PowerShell or the Azure CLI.
The maximum number of subnets you can create in a single virtual network in Azure is 4096.
No, you cannot change the address space of a subnet in Azure after it has been created. You will need to delete and recreate the subnet with the desired address space.
If this material is helpful, please leave a comment and support us to continue.