Connectivity and Network Services on Azure
In this article, we will talk about the different network services offered by Azure to manage our resources and connect to them from a remote site (On-Promise) or via the Internet.
Azure VNet (Virtual Network)
VNet is the fundamental block of our virtual private network on Azure. It will allow us to securely communicate our Azure resources (VM..etc) with each other, reach them from the internet but also from our On-Premise sites.
In our example, the creation of the virtual network is done by the Azure administration console during creation, you must specify a custom private IP address space using public and private addresses. Your resources automatically retrieve a private IP on the network you chose when it was created. For example, if you deploy a VM in a VNet with an address space, 10.0.0.0/16, the VM will be assigned a private IP like 10.0.0.4.
We will see together the different steps for creating a VNet:
A VNet has a number of limitations, such as the number of Private IP addresses available. Indeed, it is not possible to have “only” 65535 addresses, that is to say a /16 in CIDR notation, in a VNet. Azure offers the 10.0.0.0/16 network by default, which can go up to 65535 IPs with the 10.0.0.0/24 subnet. Pay attention to the subnet in Azure which consumes not 2 (Network address & broadcast address) but 5 IPs.
You have the option to change your virtual network and your subnets as well, be careful not to overlap the networks with each other.
In the security part, you will have to choose if you want to have a Windows server called Bastion. This server will allow you to strengthen the security on your Azure infrastructure because it is the only one to have a public IP and from the latter you will be able to reach your resources in SSH / RDP. DDos protection against denial of service attacks and enabling the Azure firewall option for your network.
In this article, we explored the creation of a VNet and the options/limitations of this Azure service which is fundamental before creating a resource on Azure.