In this video, Sharon will provide an overview of Azure Virtual Networks, comparing a typical on premise implementation to an Azure VNet implementation, design options, and the required components.
- [Instructor] You can do so many things in Azure but all those pieces, whether it's virtual machines, storage, or load balancers, need to be able to communicate, not only internally, but externally, too. This is where virtual networks come into play. Azure virtual networks connect all of your services together. Virtual networks, or VNets, are not really that much different than what you already know and do on-premise. We'll be using familiar terminology, we'll point out the differences, and introduce some new concepts. By the end of this course, you'll be very comfortable configuring Azure virtual networking.
What you're currently looking at is a typical on-premise infrastructure. This would be our typical on-premise network. In our example, we have a DMZ with two web servers and a DNS server. The backend, or internal network, contains our database servers and a DC. Traffic enters via the router, passes through a firewall, and then hits the load balancer which distributes that traffic to the web servers. Traffic that then needs to go back to the database servers passes through another firewall, hits another load balancer, which, again, then distributes that traffic.
Now let's take a look at this configuration in Azure. We do have a similar configuration in Azure but there are some differences. We are still maintaining this operation between the front end and back end servers using subnet and we still have load balancers all contained within the single virtual network. The firewalls are replaced with network security groups, or NSGs. We'll be exploring NSGs a little bit later in the course, but for now just know that they permit or deny traffic. And here's a quick comparison of the physical versus an Azure virtual network.
In the physical realm, firewalls are now replaced by network security groups in Azure. The routers that we currently use on-premise are replaced by the Azure virtual network. And the physical load balancers are now replaced with internal and Internet-facing load balancers. Now, let's take a high-level look at the ways we can use an Azure virtual network. Our first example is the cloud only implementation. In the cloud only design, all the resources live within Azure. When you create this network, you can use the same address space that you use on-premise.
This is a great option when you're starting out in Azure doing testing dev or designing a proof of concept. In our next configuration, we have a VNet to VNet. In this example, we're connecting different virtual networks in different regions, or even different subscriptions. And finally, we have the cross-premise, or hybrid, model. In this example, Azure becomes an extension of your on-premise network. We're going to be diving deeper into all of these various configurations later in the course. You may have noticed that I had subnets in my examples, so now would be a good time to elaborate a little bit on subnets within Azure.
Subnets in Azure are no different than subnets on-premise. They provide a logical separation within the network and the subnet must be a part of the virtual network address space itself. But do keep in mind that subnets cannot overlap. This is very important when connecting to on-premise environments or other virtual networks. And finally, keep this in the back of your mind that Azure uses the first and last IP address of the subnet plus three additional IPs are used for other services.
Just as we do on-premise, we need to plan our subnets carefully in Azure. We need to think about our needs today and, more importantly, the needs of the future. Again, you will hear me use the word planning. Azure implementation is all about planning. We'll be exploring some common virtual network components through the rest of this course including Azure load balancers, network security groups, virtual and physical appliances, gateways, and IP addressing. And that's it. A high level overview of Azure virtual networks.
See, it wasn't that bad. We can now start building on this knowledge and, in turn, build our Azure virtual networks.
- Creating an Azure virtual network
- Creating a virtual network using PowerShell
- Deploying a VM into a virtual network
- Modifying IP addresses
- Working with Azure DNS
- Configuring NSGs
- Setting up load balancers
- Configuring Azure load balancers
- Creating an application gateway
- Setting up on-premises connectivity
- Adding gateway VPNs
- Validating VPN devices
- Configuring VNet
- Creating site connections