Azure virtual networks are like digital city roads, facilitating communication, isolation, and segmentation for resources.
They enable internet access with public IP addresses and provide security through network security groups.
Custom paths with route tables and network peering optimises data flow between resources and networks.
Azure virtual networks let Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and even with your on-premises client computers.
Here are the key words to know:
Within a city, suburbs are connected by roads and streets, but they are also separated by boundaries to maintain order and grouping. In the same way, virtual networks in Azure help connect your digital resources while creating isolated areas to keep things organised and secure.
When you set up a virtual network, you define a range of private IP addresses (called an IP address space). The IP range only exists within the virtual network and isn't accessible with the internet. You divide that range of IP addresses into subnets to create those boundaries.
To enable Azure resources to get information from the outside world (the internet), they are assigned public IP addresses. Resources can also receive information from the internet if you put them behind a public load balancer*.
A public load balancer is used to distribute internet traffic to resources accessible from the internet. In comparison, private load balancers are used within a network to distribute traffic among internal resources that aren't directly accessible from the internet.
You'll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways:
Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments.
There are three ways to make this connection:
*VPN = virtual private network. We'll talk more about them very soon! For now, think of VPNs as a way to communicate securely over the public internet by encrypting data.
Think of Azure as a traffic controller directing the flow of data, like a GPS! By default, Azure routes traffic between subnets on any connected virtual networks, on-premises networks, and the internet.
You can customise these paths using special route tables, which let you define rules about how traffic should be directed between subnets. Border Gateway Protocol (BGP), which is THE traffic director of the internet, collaborates with Azure services to share the best data routes from your on-premises network to your Azure virtual networks. This helps your data find the fastest paths to move between your office and the Azure cloud, making sure things run smoothly.
Azure virtual networks let you set up security checkpoints to control who gets access to different neighbourhoods of your city. These checkpoints, known as network security groups, decide who's allowed in and who gets turned away.
Network virtual appliances are like special workers in your digital city, focusing on specific tasks like guarding the entrances (firewall) and boosting traffic flow (WAN optimisation*) in your city's roads. They ensure safety and efficiency within the city.
*Wide Area Network (WAN) optimisation is like a set of techniques for making your data travel faster and more efficiently across long distances, especially when it needs to cross the internet or connect remote locations.
With virtual network peering, two virtual networks can form direct connections (like secret tunnels!), exchanging precious information without entering the public internet. This enables resources in each virtual network to communicate, even if they're in separate regions.
User-Defined Routes (UDR) are like personalised routes you give to data traffic for specific subnets or even different virtual networks. While routing tables are more general and apply to the entire network (e.g. city-wide maps), UDR offers a way to have more precise control over movement in specific parts of the network. It's like having city-wide directions (routing tables) versus custom directions you give to a delivery person for a particular neighbourhood (UDR).