1. Create Your First Azure Virtual Network

Reviewing Azure Virtual Network Configuration

Lab Steps

lock
Logging in to the Microsoft Azure Portal
lock
Creating an Azure Virtual Network
lock
Reviewing Azure Virtual Network Configuration
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

The Virtual network resource is now ready to use. You will walk through all the settings and configuration options available for the virtual network in this lab step. 

 

Instructions

1. Review the details provided in the Overview blade: Vnet-Overview
There are a few things to be aware of in this section:

  • The Address space of the shared virtual network is 10.0.0.0/16. It is important to plan the address space when creating a VNet resource. If you are using multiple VNets architectures, it'd be recommended that the address spaces must not overlap should you decide to connect two VNets later.
  • You see no resources in the Connected devices table since the network is empty right now. As you deploy other resources and connect with this VNet, they will show up in this section.
  • The network also has a Location, which is the geographical region that holds the servers your network is hosted on.
  • Like other resources in Azure, the virtual network has a Resource group name and a Subscription ID.

 

2. The Settings blade contains all the core configuration options and allows you to modify those resource settings:
alt

  • Address space: The address space allows you to define the range of IPs you can use for Azure resources. When you deploy a VM in a VNet, Azure assigns an available private IP address from the address space.
  • Connected devices: Azure resources that are connected to the VNet with an assigned private IP address will be visible in this section.
  • Subnets: Virtual networks can be divided into multiple subnets that are allocated sections of the address space to help logically organize resources in the network. Use this section to view or create a new subnet for your resource organization.
  • Bastion: Azure Bastion protects your virtual machines by providing lightweight, browser-based connectivity without the need to expose them through public IP addresses.
  • DDoS protection: Distributed denial of service (DDoS) prevents malicious attempts to exhaust an application's resource within the network.
  • Firewall: Azure Firewall is a managed cloud-based network security service that protects the resources in the VNet. This is a separate service that integrates natively with VNet to deliver seamless onboarding and management experience. You can learn more about Azure Firewall using this Learning Path or Hands-On Lab.
  • Microsoft Defender for Cloud: Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities.
  • Network Manager: Significantly reduce your operational overhead with Azure Virtual Network Manager, a central management service for your virtual network resources.
  • DNS servers: You can configure your DNS addresses if you are using any custom DNS Servers for your Azure infrastructure. The default option is set to use Azure-provided DNS servers.
  • Peerings: VNet peering is established between pairs of virtual networks. Once a peering connection is established they appear as one network for connectivity purposes. Devices in each network can communicate with devices in the other network using private IP addresses. See Connect Azure Virtual Networks with VNet Peering if you would like to learn more about this service.
  • Service endpoints: Service endpoints provide secure and direct connectivity to Azure services without exposing the public IP of the Azure resource on the internet. The service offers an enhanced security feature to allow communication from selected critical Azure resources only.
  • Private endpoints: Private endpoints offer security access between Azure PaaS Services such as Storage, CosmosDB, SQL Database, and Azure-hosted services such as Virtual Machine on Azure backbone network.
  • Properties: General information about the VNet resources is available under the Properties section.
  • Locks: You can optionally put a lock on Azure resource groups to avoid accidental deletion or prevent others from making any changes by applying a read-only attribute. Individual resources inherit the locks from the resource group that they are part of.

 

3. The Monitoring blade enables the logging and monitoring of the VNet resource. Diagnostics settings allow you to capture all the network activities for your VNet that can be leveraged to provide alerts or performing queries against the data for troubleshooting.

Vnet-Monitoring

Summary

In this lab step, you reviewed the Azure Virtual Network resource and discovered the various features and capabilities that VNet resource offers.