Azure Virtual Networks (VNets) and Subnets

Introduction

  • Azure Virtual Networks (VNets) are foundational building blocks in Azure networking, allowing communication between Azure resources securely.
  • A VNet is like a private network in the cloud, similar to a local area network (LAN) in an on-premises environment.
  • Subnets help divide a VNet into smaller, isolated networks for better security and performance.
  • VNets and Subnets are crucial for managing network traffic, enabling secure communication, and organizing cloud resources efficiently.

What is an Azure Virtual Network (VNet)?

Definition

  • A Virtual Network (VNet) is a logically isolated network within Azure that allows resources to communicate securely with each other, the internet, and on-premises networks.
  • It acts like a private cloud network where Azure services, such as virtual machines (VMs), databases, and web apps, can communicate securely.

Key Features of Azure VNets

  1. Isolation and Security
    • VNets are completely isolated from other VNets unless explicitly connected.
    • Supports Network Security Groups (NSGs) to control inbound and outbound traffic.
  2. Custom IP Addressing
    • Uses IPv4 and IPv6 address ranges, allowing users to define custom IP spaces.
    • Supports public and private IPs for secure communication.
  3. Subnets for Network Segmentation
    • A VNet can be divided into multiple subnets for organizing resources.
    • Subnets improve security, traffic management, and performance.
  4. Connectivity Options
    • VNets can be connected to other VNets, on-premises networks, and the internet using:
      • VNet Peering – Connects multiple VNets seamlessly.
      • VPN Gateway – Securely connects an on-premises network to an Azure VNet.
      • ExpressRoute – Provides a dedicated private connection between on-premises and Azure.
  5. Integration with Azure Services
    • VNets allow integration with Azure Virtual Machines (VMs), Azure Kubernetes Service (AKS), Azure SQL Database, and other Azure services.
    • Supports Azure Load Balancer and Application Gateway for traffic distribution.

What is a Subnet in Azure?

Definition

  • A Subnet is a smaller, segmented part of a VNet that helps divide the network into logical sections.
  • Subnets help organize and isolate resources, improving network security and performance.

Key Features of Subnets

  1. Logical Network Segmentation
    • Divides a VNet into multiple smaller networks for better management.
    • Example: A web subnet for web servers and a database subnet for databases.
  2. Traffic Isolation and Security
    • Each subnet has its own security rules and policies to control traffic.
    • Uses Network Security Groups (NSGs) and Route Tables to manage access control.
  3. Custom Address Ranges
    • Each subnet gets a portion of the VNet’s IP address space.
    • Ensures efficient IP address allocation and resource management.
  4. Public vs. Private Subnets
    • Public Subnets – Have access to the internet and require a public IP.
    • Private Subnets – Only accessible within the VNet, no direct internet access.
  5. Supports Different Azure Services
    • Subnets can host Azure Virtual Machines (VMs), App Services, Databases, Kubernetes clusters, and more.
    • Example: A front-end subnet for web apps and a back-end subnet for databases.

Comparison of VNets and Subnets

Feature Virtual Network (VNet) Subnet
Definition A private, isolated network in Azure A smaller segment within a VNet
Purpose Provides a secure network for Azure resources Divides a VNet into logical sections
Security Uses Network Security Groups (NSGs) and Firewalls Uses NSGs and access control per subnet
IP Addressing Defines an address range for all subnets Uses a portion of the VNet’s IP address space
Communication Connects with Azure services, VNets, and on-premises networks Manages internal resource communication

Use Cases of Azure VNets and Subnets

Hosting Web Applications

  • Use Case: A company wants to host a web app securely.
  • Solution:
    • A VNet is created with two subnets:
      • A web subnet for hosting front-end web servers.
      • A database subnet for storing user data securely.

Hybrid Cloud Networking

  • Use Case: A business wants to connect on-premises servers with Azure resources.
  • Solution:
    • A VNet is configured with VPN Gateway to connect with the on-premises network.
    • Subnets are used for different departments (HR, IT, Finance).

Secure Data Storage

  • Use Case: A company wants to store customer data securely.
  • Solution:
    • A VNet is created with a private subnet for database storage.
    • NSGs restrict external access to prevent unauthorized access.

Quiz

  1. What is the primary purpose of an Azure Virtual Network (VNet)?
    A) To provide a public network for Azure services
    B) To connect different cloud providers like AWS and Google Cloud
    C) To create a secure, isolated network for Azure resources
    D) To manage virtual machines only
    E) To provide storage services in Azure
  2. Which of the following statements about subnets in Azure is correct?
    A) Subnets allow dividing a VNet into smaller logical sections
    B) A subnet must always be connected to a different VNet
    C) Subnets do not support Network Security Groups (NSGs)
    D) Subnets are used only for managing storage resources
    E) Subnets must always have public IP addresses
  3. How do Azure VNets and on-premises networks communicate securely?
    A) Through Network Security Groups (NSGs)
    B) By using Azure Load Balancer
    C) By configuring VPN Gateway or ExpressRoute
    D) By manually assigning static IP addresses
    E) By using Azure Blob Storage
  4. What is a key benefit of subnetting in Azure?
    A) It reduces security by allowing unrestricted access
    B) It increases network latency
    C) It allows better traffic isolation, security, and resource organization
    D) It forces all resources to use the same public IP
    E) It prevents Azure Virtual Machines from communicating
  5. Which Azure service allows multiple VNets to communicate directly?
    A) Azure Load Balancer
    B) Virtual Network Peering
    C) Azure App Service
    D) Azure SQL Database
    E) Azure Monitor

Answers

  1. C – To create a secure, isolated network for Azure resources
    • Why others are incorrect?
      • A – VNets are private, not public networks.
      • B – VNets connect within Azure, not between cloud providers.
      • D – VNets manage various services, not just VMs.
      • E – VNets handle networking, not storage.
  2. A – Subnets allow dividing a VNet into smaller logical sections
    • Why others are incorrect?
      • B, C, D, E – Subnets are not mandatory for connecting VNets, they support NSGs, and they do not require public IPs.
  3. C – By configuring VPN Gateway or ExpressRoute
    • Why others are incorrect?
      • A, B, D, E – Secure communication between on-premises and Azure requires VPN Gateway or ExpressRoute.
  4. C – It allows better traffic isolation, security, and resource organization
    • Why others are incorrect?
      • A, B, D, E – Subnets improve security and performance rather than causing security issues or increasing latency.
  5. B – Virtual Network Peering
    • Why others are incorrect?
      • A, C, D, E – These services do not enable direct VNet communication.
Post Views: 84
On By Luxmi Narayan

© 2025 | Go Cloud Easily.

Facebook Youtube Telegram Envelope