In this article, we will look into Azure Virtual Network , Subnet and Network Security Group.
This article is useful for those who are beginners in Azure and those who are preparing AZ 900 exam.
Azure Virtual Network
It provides your own separate network in Azure cloud.
Azure Virtual Network isolate network traffic within a virtual network from other Azure virtual networks.
Each Virtual Network is associated with one region.
Network peering can be use to communicate with resources available in different Azure Virtual Network in different Azure regions.
What is Subnet?
Subnet is a way to separate public resources from private resource within a virtual network. Azure allows user to create multiple subnets for their resources whether it is public or private.
Resources which are associated to public subnet can be accessible from internet.
Subnets can communicate with each other whether it is private subnet or public subnet.
To create a resource in a specific subnet, go to Networking tab, then select Virtual Network Group and then select Subnet.
Each and every VM instance in a Virtual Network is assigned a private IP address, however it can be changed to public IP address.
If you are preparing for AZ 900 certification, then follow this link - Microsoft Azure Fundamentals (AZ-900) Certification Sample Questions
Network Security Group (NSG)
Network Security Group is an internal firewall which is available within Azure Virtual Network. NSG helps user to allow/ block traffic based on IP address or port. Network Security Group is attached with network interface and subnet.
Task to perform with Network Security Group
- Restrict communication between resources like VM or Databases.
- Block traffic to download software packages and system updates.
Azure Firewall is a network security service given by Azure to control the traffic (in and out) of a Azure Virtual Network.
It exists outside of Azure Virtual Network. One Azure Firewall can control more than one Azure Virtual Networks across multiple subscriptions.
Web Application Firewall (WAF)
It is linked with a Web Application or a load balancer. WAF helps to protect from cross side scripting, SQL injection etc.
VPN and Azure Express Route
VPN provides an encrypted connection from on-premise server to Azure over internet. It needs VPN device and gateway at both end i.e. at on-premise and Azure.
Azure Express route is a dedicated connection between on-premise data center to Azure. It provides high bandwidth, highly secure and dedicated connection.
Hope you like this article.