Create and configure virtual networks and subnets

Virtual networks is vital for secure communication of Azure resources.

When adopting the cloud for your IT infrastructure, it is essential to note that they still need the same networking capabilities as on-premises deployments. The fundamental principles of computer networking are relevant even in the cloud.

As you create a virtual network, consider key settings such as the region or location for the network, security features like network encryption (which safeguards traffic within the virtual network), Azure Firewall (a cloud-based security service), and DDoS Network Protection. These choices ensure efficient and secure communication within your cloud infrastructure. 

Azure resources are network resources, that is to say that they need a network (virtual network) to communicate among themselves and other resources on the internet. If you cannot connect to a VM provisioned on Azure, of what use is it? 

Subnets

To create a virtual network, you need to define at least one subnet. With subnets, you can divide your virtual network into smaller manageable parts. Subnets are practically a range of IP addresses within a virtual network that can be used to better organise and secure resources. 

Each subnet gets a unique portion of the virtual network address space within the virtual network, which improves address allocation efficiency and enhances security. 

By dividing a virtual network into smaller subnets, you can manage and optimise traffic flow more efficiently. Segmentation can reduce congestion and improve overall network efficiency. 

Resource allocation is more effective with subnets. For example, you can place high-traffic resources in separate subnets to ensure they do not interfere with other mission critical applications. 

Subnets can be associated with Network Security Groups (NSGs), with which you can control inbound and outbound traffic by restricting access to only necessary resources, just like firewalls. And by isolating different types of resources into separate subnets, you can set more granular policies.   

Each subnet contains a range of IP addresses within the virtual network address space, with the first four and the last address reserved. In the first four addresses you have the network address, the default gateway. While the last address is for the virtual network broadcast address. 

So, when you want to further group related resources within a virtual network in logical segment or route between resources within a virtual network and with on-premises networks or simplify IP address allocation and management, reducing the risk of IP address conflicts or isolate resources for compliance, regulatory and business requirements or more, Subnetting will do.     

When you need to group related resources within a virtual network into logical segments, route traffic between resources within the network and with on-premises networks, simplify IP address allocation and management to reduce the risk of conflicts, or isolate resources for compliance, regulatory, and business requirements, subnetting is the solution. 

Creating Virtual Network 

To create a virtual network, in the Azure portal, search for ‘virtual network’ on the search resources bar. Select Virtual networks, fill in the name, resource group, select the region, and set up the security features, IP addresses and tags as needed then review and create. Do not forget that you cannot change IP address space once the virtual network is created. 

IP Addressing 

Azure resources can use IP addresses to communicate among themselves, local (on-premises) network and the internet.  

Public and Private IP Addresses: Private IP addresses communicate within Azure virtual network and between your local network and Azure, while with public IP addresses, resources can communicate with the internet.