Hello and welcome back. In this brief demonstration, I want to walk you through the process of using vNet peering to connect two different virtual networks in Microsoft Azure. On my screen here I'm logged in to my Azure portal as my administrator and I'm in the vNetDemos resource group where I've deployed a virtual network called MyVnet.

If I bounce out to Resource Groups here and go into my OnPrem resource group, we can see I have a second virtual network called OnPrem-vNet. So what we're going to do here is connect these two virtual networks through what is called vNet peering. The process for creating the peering is actually pretty straightforward. What we need to do here is select one of the virtual networks, and then from the Overview page for the virtual network, under the Settings section here we have an option here for peerings.

We'll select Peerings here and we can see we have no peerings currently configured. To create a peering we simply click Add and then we need to give the peering a name. Now before I give my peering a name here, I just want to point out this note here that we see. And it's basically telling us that for peering to work we need to create a peering link from the OnPrem-vNet out to the remote virtual network that we're going to peer with, but then we also have to create a peer that comes back from that remote virtual network to this OnPrem-vNet virtual network. So what I'll do here is I'll call this peering OnPremtoRemote, just keep it simple.

Now under Peer details here we need to specify a virtual network deployment model. We have two options, resource manager or classic. Since both of my virtual networks are resource manager, I'll leave Resource manager selected. Now this option here for the resource ID, if we hover over this icon here we can see that we can, instead of browsing for our virtual network, what we can do is enter the resource ID of the network directly. I have access to everything I need to have access to, so what we're going to do I choose the Lab Subscription, which is where we're doing our work, so we'll go ahead and select the virtual network we want to peer with.

Now you'll notice under this "Cannot be peered with this virtual network" heading is the OnPrem-vNet. That's because you can't peer with yourself. So we're going to peer with MyVnet here. So we'll select it, and what we need to do in this box is provide a name of the peering from MyVnet back to OnPrem. So what I'll do for this, I'll just call this MyVnettoRemote.

Now under configuration here we have a couple different things that we can optionally configure. If we hover over the icon here for "Allow virtual network access from OnPrem-vNet to MyVnet", what this does is allow communications between the two virtual networks. If you're going to peer your networks it stands to reason that you'd want those networks to communicate with one another. So this option is enabled by default. And the same for this second option, which is allowing virtual network access from MyVnet to OnPrem-vNet. This, again, is enabled by default.

Now you could turn these off and block traffic in between them, but then what would be the sense of peering them? And in a similar fashion, we have the option to configure forwarded traffic. If we hover over the icon here for traffic forwarding from MyVnet to OnPrem, we can see that this setting allows us to forward traffic from MyVnet, which is traffic that isn't originating from MyVnet, and then forward that into the OnPrem-vNet. These are turned off by default, which is a typical configuration.

And then lastly we have the gateway transit settings. If we hover over the icon here for "Allow gateway transit", we can see that what gateway transit does is it allows one virtual network to use the VPN gateway in the peered virtual network for cross prem, or even VNet-to-VNet connectivity. We have no need for gateway transit in this configuration, so we can leave this unchecked. And at this point, once I click OK here, what's gonna happen is this peering is going to be created going both ways. That's why we needed to provide the name for the peering from OnPrem to MyVnet, and then from from MyVnet to OnPrem.

So we'll go ahead and click OK here, and we can see the peering is actually being added twice. And we see it's connected. Now if we go back out to our resource groups and we go into vNetDemos and we look MyVnet, if we select Peerings here we can see we now have the peering from MyVnettoRemote and it is showing a status of "Connected".

So that's pretty much it. If you're going to connect different Azure virtual networks to one another, you don't have to go through the whole process of doing a site-to-site VPN. You could and it'll still work, but why? I mean, at this point, if you're gonna connect those two Azure virtual networks, then you would do it via peering. It's a much cleaner process and involves a lot less work. So with that let's call it a wrap and I'll see you in the next lesson.