Open in app

Sign in

Write

Sign in

AZ104 —Azure Virtual Network (VNET)

Setumo Raphela
2 min readNov 6, 2020

· Azure virtual networks provide key networking capabilities:

  • Isolation and segmentation
  • Internet communications
  • Communicate between Azure resources
  • Communicate with on-premises resources
  • Route network traffic
  • Filter network traffic
  • Connect virtual networks
  • VM in Azure can connect out to the Internet by default.
  • You can enable incoming connections from the Internet by defining a public IP address or a public load balancer.
  • Point-to-site Virtual Private Networks

o This approach is like a Virtual Private Network (VPN) connection that a computer outside your organization makes back into your corporate network, except that it’s working in the opposite direction.

o In this case, the client computer initiates an encrypted VPN connection to Azure, connecting that computer to the Azure virtual network.

  • Site-to-site Virtual Private Networks
  • A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network.
  • In effect, the devices in Azure can appear as being on the local network.
  • The connection is encrypted and works over the Internet.
  • Azure ExpressRoute

o For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach.

o Azure ExpressRoute provides dedicated private connectivity to Azure that does not travel over the Internet.

· You can control routing and override those settings as follows:

o Route tables

§ A route table allows you to define rules as to how traffic should be directed. You can create custom route tables that control how packets are routed between subnets.

o Border Gateway Protocol

§ Border Gateway Protocol (BGP) works with Azure VPN gateways or ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.

· Azure virtual networks enable you to filter traffic between subnets by using the following approaches:

  • Network security groups

§ A network security group is an Azure resource that can contain multiple inbound and outbound security rules.

§ You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

  • Network virtual appliances

§ A network virtual appliance is a specialized VM that can be compared to a hardened network appliance.

§ A network virtual appliance carries out a particular network function, such as running a firewall or performing WAN optimization.

· Port 3389 is opened automatically by default when you create a Windows VM in Azure.

Azure
Vnet
Virtual Networks
Microsoft
Az 104

--

--

Setumo Raphela

Written by Setumo Raphela

69 Followers

Entrepreneur | Data Scientist | AI | Jet Skier | Author |Oracle

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams