Mastering Azure Security by Mustafa Toroman and Tom Janetscheck

Mastering Azure Security by Mustafa Toroman and Tom Janetscheck

Author:Mustafa Toroman and Tom Janetscheck
Language: eng
Format: epub
Publisher: Packt Publishing Pvt. Ltd.
Published: 2020-07-05T00:00:00+00:00

Understanding Azure Virtual Network

The first step in the transition from an on-premises environment to the cloud is Infrastructure as a Service (IaaS). One of the key elements in IaaS is Virtual Networks (VNets). VNets are a virtual representation of our local network with IP address ranges, subnets, and all other network components that we would find in local infrastructure. Recently, we have seen a lot of cloud network components introduced to on-premises networks as well, with the introduction of Software Defined Networking (SDN) in OS Windows Server 2016.

Before we start looking at VNet security, let's remember that naming standards should be applied to all Azure resources, and networking is no exception. As environments grow, this will help you have better control over your environment, easier management, and more insight into your security posture.

Each VNet that we create is a completely isolated piece of network in Azure. We can create multiple VNets inside one subscription, or even multiple VNets inside one region. There is no direct communication between any VNets, even those created inside a single subscription or region, unless configured otherwise. The first thing that needs to be configured for a VNet is the IP address range. The next thing we need is a subnet with its own range. One VNet can have multiple subnets. Each subnet must have its own IP address range within the VNet's IP address range and cannot overlap with other subnets in the same VNet.

One thing we need to consider when defining the IP address range is that it should not overlap with other VNets we use. Even when there is no initial requirement to create a connection between different VNets, this may become a requirement in the future.

Important note

VNets that have overlapping IP ranges will not be compatible for connection.

VNets are used for communication between Azure resources over private IP addresses. Primarily, they're used for communication between Azure Virtual Machines (VMs), but other resources can be configured to use private IP addresses for communication as well.

Communication between Azure VMs occurs over a network interface card (NIC). Each VM can be assigned one or more NICs, depending on the VM size. A bigger size allows more NICs to be associated with a VM. Each NIC can be assigned a private and public IP address. A private IP address is required and a public IP address is optional. As a NIC must have a private IP address, it must be associated with VNet and subnet on the same VNet.

As a first line of defense, we can use a network security group (NSG) to control traffic for Azure VMs. NSGs can be used to control inbound and outbound traffic. Default inbound and outbound rules are created during the NSG's creation, but we can change (or remove) these rules and create additional rules based on our requirements. The default inbound rules are shown in the following figure:


Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.