Wednesday, December 11, 2019

Create Virtual Network Subnet Azure Portal & PowerShell

Create Virtual Network Subnet Azure Portal & PowerShell

 

Network IP Range and Class :

IANA: public vs private
    Class     A:    10.X.X.X
                 B :    172.16.X.X - 172.31.X.X
                 C :    192.168.X.X - 192.168.X.X
                 D :    224.X.X.X - 239.X.X.X
                 E :    EXPERIMENTAL USE


Virtual Network : 

An Azure Virtual Network (VNet) is a representation of your own network in the cloud. VNet is a logical
isolation of the Azure cloud dedicated to your subscription. VNets used for provision and manage virtual private networks (VPNs) in Azure and optionally link the VNets with other VNets in Azure, or with your on-premises IT infrastructure to create hybrid or cross-premises solutions. Each VNet you create has its own CIDR block and can be linked to other VNets and on-premises networks if the CIDR blocks do not overlap. You also have control of DNS server settings for VNets, and segmentation of the VNet into subnets. 


Usage of Virtual Network & Benefits :




Create a dedicated private cloud-only VNet. Sometimes you don't require a cross-premises configuration for your solution. When you create a VNet, your services and VMs within your VNet can communicate directly and securely with each other in the cloud. You can still configure endpoint connections for the VMs and services that require internet communication, as part of your solution.
 Securely extend your data center With VNets. You can build traditional site-to-site (S2S) VPNs to
securely scale your datacenter capacity. S2S VPNs use IPSEC to provide a secure connection between
your corporate VPN gateway and Azure.



● Enable hybrid cloud scenarios. VNets give you the flexibility to support a range of hybrid cloud
scenarios. You can securely connect cloud-based applications to any type of on-premises system such
as mainframes and Unix systems. 


Subnets
 
A virtual network can be segmented into one or more subnets. Subnets provide logical divisions within
your network. Subnets can help improve security, increase performance, and make it easier to manage
the network.


Each subnet contains a range of IP addresses that fall within the virtual network address space. Each
subnet must have a unique address range, specified in CIDR format. The address range cannot overlap
with other subnets in the virtual network in the same subscription.


It is important to carefully plan your subnets. Here are some things to think about.

Service requirements. Each service directly deployed into virtual network has specific requirements for routing and the types of traffic that must be allowed into and out of subnets. A service may require, or create, their own subnet, so there must be enough unallocated space for them to do so. For example, if you connect a virtual network to an on-premises network using an Azure VPN Gateway,
the virtual network must have a dedicated subnet for the gateway.


Virtual appliances. Azure routes network traffic between all subnets in a virtual network, by default. You can override Azure's default routing to prevent Azure routing between subnets, or to route traffic between subnets through a network virtual appliance. So, if you require that traffic between resources in the same virtual network flow through a network virtual appliance (NVA), deploy the resources to different subnets.
 

Service endpoints. You can limit access to Azure resources such as an Azure storage account or Azure SQL database, to specific subnets with a virtual network service endpoint. Further, you can deny access to the resources from the internet. You may create multiple subnets, and enable a service endpoint for some subnets, but not others.

Network security groups. You can associate zero or one network security group to each subnet in a virtual network. You can associate the same, or a  different, network security group to each subnet.
Each network security group contains rules, which allow or deny traffic to and from sources and destinations.


Azure reserves the first three IP addresses and the last IP address in each subnet address range. 

LAB Exercise for Setup Virtual Network

Create Virtual Network :-

To Create/Implement virtual Network follow below steps- 

Step 1- Search for Virtual Network
Step 2- Click Add as below screen
Step 3- Enter Name i.e - VNetEast



Step 4- Address Space (IP range)  i.e - 192.168.0.0/16
You could see in this IP Range 65536 VMs can be deployed.
Step 5- Select Subscription
Step 6- Select Resource Group i.e. RG1
Step 7- Select Location where you wanted to deploy your IT Infrastructure  i.e - East US
 




Step 8- Enter Subnet Name i.e "MySubnet"
Step 9- Enter Address Range  i.e "192.168.0.0/24"
Step 10- Click Create

Once you refresh you could see Virtual Network has already implemented. 
 




LAB Exercise for Setup Subnet

Create Subnet :-

To Setup Subnet follow below steps- 

Step 1- Search for Virtual Network
Step 2- Click on Virtual Network i.e. "VNetEAst" open its property.
Step 3- Click Subnet
Step 4- Add Subnet
Step 5- Enter Subnet Name i.e. "SubNet2"
Step 6- Select IP Range



No comments:

Post a Comment