Networking in Azure is one of the critical building blocks of an Azure implementation. In this video, learn the basic terminology and get an overview of the various networking components.
- [Instructor] You can do so many things in Azure but all of those pieces, whether it's virtual machines, storage or load balancers need to be able to communicate not only internally but externally too. And this is where Azure Virtual Networks fit in. An Azure Virtual Network connects all of our services together. This schematic should look pretty familiar. This would be out typical on-premises network. In our example we have a DMZ with a web server and a DNS server. The backend or internal network as I have called it contains database servers and the domain controller. Traffic will enter via the router, passes through the firewall, the load balancer then distributes the traffic to the web servers, the traffic is then passed to the database servers via another firewall. Let's take a look at this configuration in Azure. In the Azure environment, the most obvious change is our physical servers are now virtual machines. We still maintain the separation between the frontend and backend servers using subnets. And we still have load balancers to manage and direct that traffic. The firewalls are replaced with network security groups or NSGs. And NSGs are used to permit or deny traffic. And we'll be exploring network security groups in detail later in this course. The key thing to know here is the concepts are still the same. An Azure Virtual Network provides isolation and segmentation from the other virtual networks. It enables seamless communication between the resources in the network and also allows for external communication. And that could be to the internet or your on-premises locations. We can also filter and route traffic as well as connect our virtual networks when required. Let's explore some of these options in a little bit more detail. Starting off with isolation and segmentation. We can have multiple virtual networks per region and subscription. And we can further isolate or segment these networks using subnets just as we do on-premises. But one thing to keep in mind here, all default traffic is routed between all subnets in a VNet. To control the flow of traffic you can use a network security group or a network virtual appliance. Now would be a good time elaborate a little bit on subnets. Subnets must be a part of the virtual network address space that you initially configure. And these address spaces cannot overlap between subnets. We can also use a service endpoint to restrict access to a resource within that subnet such as Azure Storage. Virtual networks also allow external communication. Of course the first we probably want to communication to is the internet. And all outbound access is allowed by default therefore if you do not want a virtual machine to send traffic out you'll need to restrict that. And all inbound access requires a public IP. We can also connect to our on-premises environments. I have mentioned filtering and routing traffic a few times now. And this can be called pushed using network routes, network security groups or network virtual appliances. And we'll be talking about network routes and security groups later in the course. Of course we're going to need to connect our networks as well and this can be done in one of two ways. The first way is through a VNet peer. VNet peering allows us to connect virtual networks in the same or different regions and across different subscriptions. And it provides seamless communications between those networks. The other option to connect your networks is to use a VNet to VNet connection. Just like peered networks we can connect VNets in different regions and subscriptions but this model requires a virtual network gateway and it provides a secure tunnel for your communication between those networks. And we'll be spending time later in the course on these two connection methods. This was a very high level overview of Azure networks. We'll be diving into each of these concepts in-depth throughout this course. I just wanted to provide an overview to get us started.
- Creating virtual networks via the portal and PowerShell
- IP addressing for virtual networks
- Configuring network routes
- Configure VNET peering
- Configure VNET-to-VNET connections
- Configuring Azure DNS
- Creating network security groups
- Crating effective security rules