What is Azure Virtual Network
Your private network in Azure is constructed primarily using Azure Virtual Networks (VNets). Azure Virtual Machines (VM) and other types of Azure resources may securely communicate with one another, the internet, and internal networks thanks to VNet. Like a typical network you may run in your own data center, a VNet also offers the size, availability, and isolation that Azure’s infrastructure offers.
Why use a virtual network powered by Azure?
Azure resources can securely connect with one another, the internet, and internal networks thanks to the Azure virtual network. A virtual network can be used for a variety of tasks, including connecting Azure resources to the internet, connecting Azure resources with one another, connecting Azure resources to on-premises resources, filtering, and rerouting network traffic, and integrating Azure services.
Communicate with the internet
By default, every resource in a VNet can communicate outbound to the internet. By giving a resource a public IP address or a public load balancer, you can send incoming communications to it. To manage your outbound connections, you can alternatively utilize a public load balancer or public IP address. See Outbound connections, public IP addresses, and load balancing for more information about outbound connections in Azure.
Communicate between Azure resources
Azure resources securely exchange information with one another using one of the following methods:
Using a virtual network: You can set up Azure App Service Environments, the Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale Sets in a virtual network in addition to deploying virtual machines (VMs) and various other types of Azure resources. See Virtual network service integration for a comprehensive list of Azure resources that you can use to set up a virtual network.
Through a virtual network service endpoint: Via a direct connection, extend your virtual network’s private address space and its identity to Azure service resources like Azure Storage accounts and Azure SQL Databases. You can restrict access to your vital Azure service resources to just a virtual network by using service endpoints. View the Virtual Network Service Endpoints Overview for more information.
Virtual networks can be linked to one another using virtual network peering, allowing resources in either virtual network to communicate with one another. The Azure regions of the virtual networks you connect can be the same or different. See "Virtual network peering" for further information.
Communicate with on-premises resources
Any of the following methods can be used to link your physical computers and networks to a virtual network:
Created between a virtual network and a single computer in your network, a point-to-site virtual private network (VPN). Each machine must set up its connection if it wishes to connect to a virtual network. Since it requires little to no changes to your current network, this connection type is perfect for developers and those just starting out with Azure. Your PC and a virtual network’s communication travels over the internet in an encrypted tunnel. See point-to-site VPN for additional information.
Site-to-site VPN: Established between an Azure VPN Gateway that is installed in a virtual network and you’re on-premises VPN device. Any on-premises resource that you approve can access a virtual network using this connection type. Your on-premises VPN device and an Azure VPN gateway communicate with each other via an encrypted internet channel. See Site-to-site VPN for additional information.
An Azure ExpressRoute partner makes an Azure ExpressRoute connection between your network and Azure. This link is secure and confidential. Internet traffic is nonexistent. Visit ExpressRoute for more information.
Filter network traffic
You can use one or both of the following methods to filter network traffic between subnets:
1. The ability to filter traffic to and from resources by source and destination IP address, port, and protocol is made possible by network security groups, which can also include application security groups. See Network security groups or Application security groups for further information.
2. Virtual machines (VMs) that execute a network function, such as a firewall, WAN optimization, or another network function, are referred to as network virtual appliances. Visit Azure Marketplace to get a list of available network virtual appliances that you can set up in a virtual network.
Route network traffic
Azure by default manages traffic flow across connected virtual networks, on-premises networks, subnets, and the Internet. To alter the default routes that Azure creates, you can use one, both, or neither of the following strategies:
Route tables: You can build unique route tables that specify how each subnet’s traffic will be forwarded. Study up on route tables.
Border gateway protocol (BGP) routes: If you use an Azure VPN Gateway or ExpressRoute connection to connect your virtual network to your on-premises network, you can propagate your on-premises BGP routes to your virtual networks. Learn more about utilizing ExpressRoute and Azure VPN Gateway with BGP.
Virtual network integration for Azure services
By integrating Azure services with an Azure virtual network, virtual machines or computational resources in the virtual network can have private access to the service. There are several ways to include Azure services in your virtual network:
Creating a virtual network with dedicated instances of the service. The services can then be discretely accessed both from networks on-premises and within the virtual network.
Using both your virtual network and on-premises networks, you can access a specific instance of the service discreetly by using Private Link.
By connecting a virtual network to the service through service endpoints, you can also access the service using public endpoints. Service endpoints enable the virtual network to be secured for service resources.
Azure VNet limits
There are restrictions on how many Azure resources you can use at once. Most Azure networking restrictions are set to their highest values. However, as noted on the VNet limits page, you can raise some networking restrictions.
Virtual networks and availability zones
All a region’s availability zones are covered by virtual networks and subnets. They can be divided into availability zones without dividing them for zonal resources. For instance, you can choose the availability zone for a zonal virtual machine without taking the virtual network into account. Other zonal resources are the same way.
Pricing
Azure VNet is free to use; there are no fees associated with it. Resources like Virtual Machines (VMs) and other items are subject to standard fees. Check out the Azure pricing calculator and VNet pricing for additional information.
Conclusion
Azure Virtual Networks are mostly used to build your private network there (VNets). With the help of VNet, Azure Virtual Machines (VM) and other Azure resources of all kinds may securely communicate with one another, the internet, and internal networks. A VNet offers the same size, availability, and isolation as Azure’s infrastructure does, just like a conventional network you may run in your own data center.
