This blog post has taken from Module 2 of Microsoft certified Azure Solution Architect Design. In this blog post, I have discussed the Planning and recommendation of virtual networks from Azure Solution Architect Design AZ-304 perspective.
In this blog, you will see How to Design a Virtual network, What things you need to remember before taking a subscription for single and multiple Virtual networks, Fundamentals of Virtual networks, Planning and recommendations of the virtual network, and much more…
Apart from this, you can also check my blog on Azure Core Cloud Services: Azure Compute Options which is another blog from Microsoft certified Azure Solution Architect Design
What Is Virtual Network?
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data centre but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Why We Use Virtual Network?
The main purpose of a virtual network is to enable a data centre or service provider network to provide the most suitable and efficient networking structure for the applications it hosts – and to alter that structure as conditions warrant, using software rather than requiring physical changes in connections to hardware. The ability to virtualize workloads (applications) and to transport them across network infrastructure with minimal service degradation gave rise to the first cloud architectures.
Planning Of Virtual Networks
Fundamental Elements Of Virtual Network
- Address Space: When creating a VNet, custom private IP address space is specified using public and private (RFC 1918) addresses. Azure assigns resources in the virtual network a private IP address from the address space that has been given during configuration.
- Subnets: Subnets enable segmenting a virtual network into one or more subnet networks and allocating a portion of the virtual network’s addresses space to each subnet. Azure resources are deployed to a specific subnet that is segmented using VNet address space.
- Regions: VNet is scoped to a single region/location. Multiple virtual networks from different regions can be connected using a virtual network peering.
- Subscription: VNet is copied to a subscription. Implement multiple virtual networks within each Azure subscription and Azure region.
- All Azure resources are created in an Azure region and subscription.
- A resource can only be created in a virtual network that exists in the same region and subscription as the resource
- You have to choose the lowest network latency for users.
- Choose the region according to data residency, compliance, and resiliency requirements
Things need to be considered before choosing virtual networks
- Do you require isolation?
- Do we need multiple subscriptions for isolations?
- How many IP’s required in a virtual network?
- VNet to VNet or Hybrid?
- Do you have any Administration organizational requirements for resources and different VNets?
- Network traffic can be a filter to or from resources in a virtual network using network security groups and NVA.
- You can control how Azure route traffics from subnets.
- You can define your own rules to allow and deny traffic from or to resources
- Virtual networks can be in the same or different supported Azure regions.
- Virtual networks can be in the same and different Azure subscription
- Azure VPN Gateway connects a virtual network to an on-premises network using site-to-site VPN or Azure Express route
- Combine peering and VPN Gateway to create a hub and spoke networks
Permissions And Policies
- Permissions are assigned to scope in the hierarchy like Management Group > Subscription > Resource Group > Individual Resource
- The azure policy allows for creating, assign and manage policy definitions
- To work with Azure virtual networks (peering, network security groups, service endpoints) assign members built-in Owner, Contributor, or Network contributor roles
- Microsoft Azure Architect Design Step By Step Activity Guides (Hands-On Labs)
- Basic of Virtual Network [Official Microsoft]
- Tips To Prepare Exam AZ-304: Microsoft Azure Architect Design
- [AZ-304] Microsoft Azure Architect Design (beta): Everything You Need To Know
Next Task For You
Interested in preparing the exam for Azure Certifications as well? Check out this blog post to know all about exam preparation Tips To Prepare Exam AZ-304: Microsoft Azure Architect Design. Also, check out this blog to know more about the core services of azure [AZ-900] Microsoft Azure Core Services: Compute, Network, Storage & Database
Click on the register now button below to register for a Free Masterclass on Microsoft Azure Solutions Architect Certification, Live Demo & Q/A which will help you clear the exam with flying colors.