This course explores Azure Virtual Networks, how to create them, and how to connect them. It begins with a vNet overview, where you'll learn about basic Azure Virtual Network concepts and about some key best practices. We'll cover communications topics, filtering, routing, and integration, before working through a demo that shows you how to deploy a virtual network in Microsoft Azure.
After covering the basics of Azure Virtual Networks in the first half of this course, we'll use the second half to dive into VPNs, where you'll learn about site-to-site VPNs, point-to-site VPNs, ExpressRoute, and vNet peering. You'll also watch a demonstration from the Azure platform that shows you how to peer two vNets in Azure.
If you have any feedback relating to this course, feel free to contact us at support@cloudacademy.com.
Learning Objectives
- Obtain a foundational understanding of Azure Virtual Networks including key concepts, best practices, communications, filtering, routing, and integration
- Provision a virtual network
- Understand what the Azure VPN Gateway is and what it does
- Build a site-to-site VPN
- Learn how to connect a single client computer to a virtual network using a point-to-site VPN gateway
- Learn how to connect your on-premises network to Azure using ExpressRoute
- Learn how to peer two Azure Virtual Networks
Intended Audience
This course is intended for anyone who wants to learn about Azure Virtual Networks, how to create them, and how to connect them.
Prerequisites
To get the most out of this course, you should have a basic understanding of the Azure platform and networking in general.
Hello and welcome back. In this brief demonstration, I want to walk you through the process of using vNet peering to connect two different virtual networks in Microsoft Azure. On my screen here I'm logged in to my Azure portal as my administrator and I'm in the vNetDemos resource group where I've deployed a virtual network called MyVnet.
If I bounce out to Resource Groups here and go into my OnPrem resource group, we can see I have a second virtual network called OnPrem-vNet. So what we're going to do here is connect these two virtual networks through what is called vNet peering. The process for creating the peering is actually pretty straightforward. What we need to do here is select one of the virtual networks, and then from the Overview page for the virtual network, under the Settings section here we have an option here for peerings.
We'll select Peerings here and we can see we have no peerings currently configured. To create a peering we simply click Add and then we need to give the peering a name. Now before I give my peering a name here, I just want to point out this note here that we see. And it's basically telling us that for peering to work we need to create a peering link from the OnPrem-vNet out to the remote virtual network that we're going to peer with, but then we also have to create a peer that comes back from that remote virtual network to this OnPrem-vNet virtual network. So what I'll do here is I'll call this peering OnPremtoRemote, just keep it simple.
Now under Peer details here we need to specify a virtual network deployment model. We have two options, resource manager or classic. Since both of my virtual networks are resource manager, I'll leave Resource manager selected. Now this option here for the resource ID, if we hover over this icon here we can see that we can, instead of browsing for our virtual network, what we can do is enter the resource ID of the network directly. I have access to everything I need to have access to, so what we're going to do I choose the Lab Subscription, which is where we're doing our work, so we'll go ahead and select the virtual network we want to peer with.
Now you'll notice under this "Cannot be peered with this virtual network" heading is the OnPrem-vNet. That's because you can't peer with yourself. So we're going to peer with MyVnet here. So we'll select it, and what we need to do in this box is provide a name of the peering from MyVnet back to OnPrem. So what I'll do for this, I'll just call this MyVnettoRemote.
Now under configuration here we have a couple different things that we can optionally configure. If we hover over the icon here for "Allow virtual network access from OnPrem-vNet to MyVnet", what this does is allow communications between the two virtual networks. If you're going to peer your networks it stands to reason that you'd want those networks to communicate with one another. So this option is enabled by default. And the same for this second option, which is allowing virtual network access from MyVnet to OnPrem-vNet. This, again, is enabled by default.
Now you could turn these off and block traffic in between them, but then what would be the sense of peering them? And in a similar fashion, we have the option to configure forwarded traffic. If we hover over the icon here for traffic forwarding from MyVnet to OnPrem, we can see that this setting allows us to forward traffic from MyVnet, which is traffic that isn't originating from MyVnet, and then forward that into the OnPrem-vNet. These are turned off by default, which is a typical configuration.
And then lastly we have the gateway transit settings. If we hover over the icon here for "Allow gateway transit", we can see that what gateway transit does is it allows one virtual network to use the VPN gateway in the peered virtual network for cross prem, or even VNet-to-VNet connectivity. We have no need for gateway transit in this configuration, so we can leave this unchecked. And at this point, once I click OK here, what's gonna happen is this peering is going to be created going both ways. That's why we needed to provide the name for the peering from OnPrem to MyVnet, and then from from MyVnet to OnPrem.
So we'll go ahead and click OK here, and we can see the peering is actually being added twice. And we see it's connected. Now if we go back out to our resource groups and we go into vNetDemos and we look MyVnet, if we select Peerings here we can see we now have the peering from MyVnettoRemote and it is showing a status of "Connected".
So that's pretty much it. If you're going to connect different Azure virtual networks to one another, you don't have to go through the whole process of doing a site-to-site VPN. You could and it'll still work, but why? I mean, at this point, if you're gonna connect those two Azure virtual networks, then you would do it via peering. It's a much cleaner process and involves a lot less work. So with that let's call it a wrap and I'll see you in the next lesson.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.