An Azure Virtual Network (VNet) provides logical isolation within Azure to securely communicate resources. A VNet can connect to other VNets or on-premises networks. It contains components like network security groups, load balancers, and virtual appliances to filter and optimize traffic flow. Connections to a VNet can be made through point-to-site VPNs, site-to-site VPNs, or Azure ExpressRoute for private, high-bandwidth connections.

1. Microsoft Azure
Virtual Networks

2. Azure Virtual Network (VNet)

3. What is Microsoft Azure Virtual Network (VNet) ?
• The VNet service enables Azure resources to securely communicate with each other in a virtual network.
• A virtual network is a logical isolation of the Azure cloud dedicated to your subscription.
• You can connect virtual networks to other virtual networks, or to your on-premises network.

4. Components of VNet
Network
security
group
ExpressRoute
Route table
DNS zone
Traffic Manager profile
Local network gateway
Virtual
network
gateway
Application
Gateway
Load Balancer

5. More components in a VNet

6. Layered Architecture and Subnets

7. Connections to VNet
Point-to-site virtual private network (VPN): Established between a virtual network and a single PC in your
network.
Site-to-site VPN: Established between your VPN device and an Azure VPN Gateway deployed in a virtual
network. The connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between
your on-premises device and the Azure VPN gateway. The latency for a site-to-site connection is unpredictable,
since the traffic traverses the Internet.
Azure ExpressRoute:Established between your network and Azure, through an ExpressRoute partner. This
connection is private. Traffic does not traverse the Internet.

8. Azure VPN gateway:
The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance.
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for
routing traffic from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud
application to the on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the
on-premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements.

9. Network virtual appliances:
• A network virtual appliance is a virtual machine running software that performs a network function, such as a
firewall.
• Network virtual appliances are also available that provide WAN optimization and other network traffic
functions.
• Network virtual appliances are typically used with user-defined or BGP routes.
• You can also use a network virtual appliance to filter traffic between virtual networks.

10. Network security groups
• A network security group can contain multiple inbound and outbound security rules
• This enables you to filter traffic by source and destination IP address, port, and protocol.
• You can apply a network security group to each network interface in a virtual machine.
• You can also apply a network security group to the subnet a network interface, or other Azure resource, is in.

11. Components outside VNet
On-premises network. A private local-area network running within an organization.
VPN appliance. A device or service that provides external connectivity to the on-premises network. The VPN
appliance may be a hardware device, or it can be a software solution such as the Routing and Remote Access
Service (RRAS) in Windows Server 2012.

12. Visit : www.zekeLabs.com for more details
THANK YOU
Let us know how can we help your organization to Upskill the
employees to stay updated in the ever-evolving IT Industry.
Get in touch:
www.zekeLabs.com | +91-8095465880 | info@zekeLabs.com