<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

What is Microsoft Azure Virtual Network?

microsoft azure virtual network

Azure Virtual Network (VNet) is a platform enabling you to create and maintain private networks in the context of Azure cloud and services. VNet works in a similar fashion a network in a data center works while introducing added advantages such as scale, availability, and isolation. 

VNet enables resources such as Azure Virtual Machines (VM) to establish secure connections to each other, the Internet, and on-premises networks. 

 

How Azure Virtual Network Operates 

VNet employs four fundamental concepts that include address spaces, subnets, regions, and subscription-based services. 

  • Address Spaces: With VNet, you are using public and private (RFC 1918) addresses to specify your custom private IP address range. Then, Azure assigns an IP address within this address range to resources in your virtual network. 
  • Subnets: With subnets, you create one or more sub-networks and allocate a range of IP addresses to each of those subnets. This way, you can also allocate specific Azure resources to a specific subnet. 
  • VNet operates within a single location but you can use Virtual Network Peering to connect virtual networks from different locations or regions. 
  • Subscriptions: VNet is a subscription-based service enabling you to deploy multiple networks within different Azure regions under a single Azure subscription. 

What Connections Azure Virtual Network Supports 

VNet supports different network connections for your resources, both inbound and outbound communications. 

 

VNet Internet Communications 

By default, any of your resources within a VNet is allowed to perform outbound communications to the public Internet. You need to assign a public IP address or a public Load Balancer if you are to enable inbound communication to this resource.  

 

Communications between Azure Resources 

VNet provides you with several methods for your resources to communicate within Azure. 

  • Virtual Network: You can implement virtual machines and a few other types of Azure resources within a virtual network. Those include Azure App Service Environments, the Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale Sets. 
  • Virtual network service endpointYou can create direct connections to extend your virtual network private address range and the identity of your virtual network to Azure service resources, such as Azure Storage accounts and Azure SQL Database. Thus, your critical Azure service resources will operate only within the virtual network for better security. 
  • VNet Peering: By connecting virtual networks to each other, you enable resources in any virtual network to communicate between themselves through virtual network peering. VNet allows you to connect networks you connect in the same or different Azure regions 

 

Communications between On-premises Resources 

VNet offers different options to connect on-premises networks and computing devices by using one or a combination of connectivity methods listed below. 

  • Point-to-site virtual private network: This method connects a virtual network and a single computer in your network with each computer configuring its own connection. You need not make fundamental changes to your existing network for this connectivity to work. 
  • Site-to-site VPN: This type of connection works between an on-premises VPN device and an Azure VPN Gateway in the context of a virtual network. Any resource you authorize can communicate within the specified virtual network. 
  • Azure ExpressRouteThis connection method enables the communication between your network and Azure through an ExpressRoute partner. 

The first two connectivity methods work by creating an encrypted tunnel to communicate over the Internet while Azure ExpressRoute creates a private connection. 

 

Network Traffic Filtering and Routing 

VNet provides you with tools to both filter and route your network traffic between subnets. 

You can filter network traffic by implementing network security groups or network virtual appliances. Thus, you are filtering the traffic by creating multiple inbound and outbound security rules for your network security groups and application security groups. 

With network virtual appliances, you create virtual machines that perform a network function such as a firewall, WAN optimization, etc. 

Azure creates default routes for traffic between your subnets, connected virtual networks, on-premises networks and the Internet but you can customize how routing works by using route tables or border gateway protocol (BGP) routes. With route tables, you make your own route tables defining how traffic is routed to each subnet. When using Azure VPN Gateway or ExpressRoute connection to connect a virtual network to your on-premises network, there is an option to propagate your on-premises BGP routes to your virtual networks. 

 

VNet Integration with Azure Services 

The platform enables you to integrate your virtual networks with Azure services by using one of several options. 

You can deploy dedicated instances of the service into the virtual network and then access it privately from your virtual network or on-premises networks. Other methods for privately accessing an Azure service from your virtual network or on-premises networks is by deploying a Private Link or by accessing the service through public endpoints. The latter method requires you to extend the virtual network through service endpoints. 

 

How Much Does Azure Virtual Network Cost?

Microsoft does not charge you for the use of VNet but you should pay for other resources, such as virtual machines and other products. 

Below, you can see the most basic pricing plan for a customer using Azure Virtual Network in the Central US region. 

 

Basic Cost of Azure Virtual Network 

Azure_Virtual_Network_Pricing

Source: Microsoft 

 

You should be aware that additional charges apply, so check and calculate the actual total costs beforehand. 

 

Conclusion 

Azure Virtual Network is a free tool you can implement to connect Azure services to your resources. It is available for Linux and Windows and offers a high level of scalability through easy to use interface. 

To implement Azure Virtual Network, you should first configure an Azure account and all the related services and while VNet is free, you should make a proper assessment of how much the use of all the associated services would cost. 

Topics from this Article

Microsoft, Cyber Security, Microsoft Azure, Remote Access, Remote Users, VPN

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Detecting and Preventing UNC1878

Recently, The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA) released an alert that warned that the healthcare industry was being targeted by hackers.

What is Microsoft Azure Virtual Network?

Azure Virtual Network (VNet) is a platform enabling you to create and maintain private networks in the context of Azure cloud and services. VNet works in a similar fashion a network in a data center works while introducing added advantages such as scale, availability, and isolation. 

What is Microsoft Azure Traffic Manager?

Azure Traffic Manager is a DNS-based load balancer to manage user traffic distribution of service endpoints in different data centers. This tool can service any of the Azure global regions and secure an optimal level of availability and responsiveness for your services.