bydev / notes

Azure Virtual Networks

Azure Virtual Networks (VNets) enable secure communication between Azure resources, on‑premises environments, and the internet. VNets extend traditional networking concepts such as addressing, routing, and access control into the cloud environment, providing a familiar framework for administrators while supporting cloud‑native integration.

Key Features of Azure Virtual Networks

  • Public and Private Networking: Support for both public internet connectivity and private, internal communication.
  • Custom Address Spaces: Administrators can define private IP address ranges and subdivide them into subnets for logical resource segmentation.
  • Integrated DNS: Azure includes a built‑in DNS service for resource name resolution. Custom DNS servers may also be configured.
  • Public IP Assignment: Public IP addresses can be assigned directly to resources or managed behind an Azure Load Balancer.
  • Service Integration: VNets connect seamlessly with services such as Azure App Service Environments, Azure Kubernetes Service (AKS), and Virtual Machine Scale Sets.
  • Traffic Routing: Azure automatically manages routing between subnets, peered VNets, on‑premises connections, and the internet.
  • Traffic Filtering: Control over inbound and outbound flows through:
    • Network Security Groups (NSGs): Rule‑based filtering applied at the subnet or network interface level.
    • Network Virtual Appliances (NVAs): Specialized virtual machines (e.g., firewalls, WAN optimizers) for advanced traffic management.

Connecting Cloud and On‑Premises Resources

Azure VNets support hybrid connectivity models for integration with on‑premises networks:

  • Point‑to‑Site (P2S) VPN: An encrypted connection from a single client device to the Azure VNet, commonly used for remote access.
  • Site‑to‑Site (S2S) VPN: An encrypted tunnel between an on‑premises VPN device and the Azure VPN Gateway, enabling devices in Azure to appear as part of the local network.
  • Azure ExpressRoute: A dedicated, private circuit to Azure that does not traverse the public internet. Provides enhanced security, reliability, and bandwidth.

Connecting Virtual Networks

VNets can be linked to create larger or more complex environments:

  • VNet Peering: Enables low‑latency, high‑bandwidth communication between VNets, while maintaining separate administrative boundaries.
  • User Defined Routes (UDRs): Custom routing rules for directing traffic between subnets or VNets, overriding default Azure routing.

Additional Considerations

  • Service Endpoints: Provide secure, direct access to Azure services (e.g., Storage, SQL Database) from within a VNet.
  • ExpressRoute: Recommended for organizations requiring high‑security, high‑bandwidth private connectivity to Azure.
  • Network Security Groups: Critical for implementing security policies through traffic filtering rules.
  • VNet Peering: Effective for connecting VNets without requiring gateways, improving performance and lowering latency.

Conclusion

Azure Virtual Networks provide a scalable and secure foundation for deploying workloads in the cloud. Through features such as NSGs, NVAs, VPNs, ExpressRoute, and VNet peering, organizations can extend their on‑premises networks, implement fine‑grained traffic control, and maintain reliable communication across hybrid and cloud‑native environments.