Introduction:
Imagine you have a critical application that requires isolation from the public internet and secure communication with other internal resources. Azure virtual networks and subnets provide the perfect solution to achieve this. We'll guide you through creating virtual networks with peered subnets, enabling private and secure communication between your applications.
Creating the Virtual Networks:
-
Search and Create: Start by searching for "Virtual Networks" in the Azure portal search bar. Click "Create" to initiate the virtual network creation process.
-
Resource Group and Naming: Create a resource group in the East US region to organize your resources. Provide a descriptive name for your virtual network, such as "app-vnet". (The image uses Canada Central, but select East US).
-
Address Space: Under the "IP Addresses" tab, define the IPv4 address space for your virtual network. A common private address range is 10.1.0.0/16, which provides a good amount of usable IP addresses.
-
Subnet Configuration: Click the "Edit" icon for the default subnet. Assign a meaningful name like "frontendSubnet" and configure the address range. Use a subnet mask of /24 (255.255.255.0) to create a subnet with 254 usable IP addresses. For example, you can use the starting IP address 10.1.0.0 for the frontend subnet. This allocates IP addresses from 10.1.0.0 to 10.1.0.255 for your frontend resources.
-
Creating the Backend Subnet: Click "Add a subnet" and configure another subnet named "backendSubnet". Assign a non-overlapping address range within the virtual network's space. For instance, you can use 10.1.1.0/24.
Review and Create: Once you've defined both subnets, click "Review + create" to validate and deploy the virtual network.
Creating the Second Virtual Network:
Follow steps 1-6 above to create a second virtual network for additional resources or functionalities. Here's an example configuration:
- Resource Group: Use the same resource group
- Name: Descriptive name, such as "hub-vnet" (for a hub virtual network)
- Address Space: Choose a non-overlapping address space from the available private ranges. For example, you can use 10.0.0.0/16.
- Subnet Configuration: Define subnets specific to the resources you plan to deploy in this virtual network.
Peering the Virtual Networks:
-
Navigate and Select: Go to the first virtual network you created and navigate to the "Peerings" section. Click on "Add" to initiate the peering configuration.
Peering Details: Provide a descriptive name for the peering connection, such as "app-vnet-to-hub-vnet" (assuming the second network is for a hub).
Virtual Network Selection: Choose the virtual network you want to peer with from the "Virtual network" dropdown menu. In this case, select the second virtual network you just created.
Remote Peering: Define a name for the remote peering connection from the target virtual network's perspective. For example, "hub-vnet-to-app-vnet".
Verification: Once configured, click "Save" to establish the peering connection. You can then verify the successful peering status in the Azure portal.
Conclusion
By following these steps, you'll have created isolated virtual networks with subnets for your applications. The peered connection allows secure communication between your frontend and backend resources.
In the next post we'll take a look at using network security groups and application security groups to enhance the security of the web application.
Top comments (0)