Azure Virtual Network Step by Step

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi there this is Scott Duffy from Software Architect CA and in this video we're going to create a virtual network and I'll show you how to do that step-by-step to start off with we're going to go to the top left of the azure portal this is portal dot asher calm hopefully you've already have an account and you can sign up for a free account if you don't have one and the first thing we want to do is say create a resource we're going to go into the marketplace here it's organized by category we're looking for a virtual network so we're gonna choose the networking category and we're going to choose virtual network which is the first item I'm gonna minimize this menu to get that out of the way now the virtual network screen comes up and we have to give our virtual network a name and I'm gonna call it a Zed new or v-net now you can call this whatever you want it doesn't have to be unique to all of a sure you can coach as long as it's unique to your own Azure subscription give it a name that means something to you the most important decision we have to make when we're creating a virtual network to start is the size of the address space by default Microsoft is offering to me 10.000 slash 16 this is called CIDR notation and CIDR notation uses this slash with a number to represent a range of IP addresses so Microsoft helpfully shows you at the bottom that 10.0.0.0 slash sixteen means that it starts at 10.0.0.0 and goes all the way to ten dot zero dot 255 dot 255 so this encompasses 65,536 IP addresses now that is quite a lot and the chances are excellent that you're never going to use all of these addresses on a single virtual network so this might be a bit excessive if you do have plans of growing your Azure account creating lots of differ resources for lots of different projects you might want to start to think about protecting your private addresses so 26 is a bit excessive if I change this to 24 then you'll see here that I'm given 256 addresses from 10.0 to 0 0 to 10.0 to 0 255 now it's not actually 256 addresses because Microsoft does reserved 5 addresses for its own purposes actually I'm going to change this to 23 and I'll give myself a double the amount of addresses which is 512 in this case my subscription is a pay-as-you-go you may have the free plan or MSDN or any Visual Studio or any of the other plans that Microsoft has you have to create your resources in what's called a resource group a resource group is a logical grouping of related resources it's used for management security and billing things like that so I would create a resource group I'm gonna give it the same name as the virtual network because this is a demonstration but if you're going to create a virtual network and you're going to create public IP addresses and you're going to create virtual machines you might want to put them all into the same resource group and give that a logical name that you'll know on the billing reports etc what these resources stand for who's gonna pay for them etc Microsoft now has up to 50 regions around the world that are available for you to create resources in now some of these regions are government regions and so we can't create resources in government regions and some of them are in places like China where we can't create resources in there either without setting up agreement but the rest of the world everywhere from Europe Asia South America North America Canada all these other places we have lots of options available for most of the world in India even so I would choose a resource that is close to where you are close to where your users are likely to be the closer it is then the quicker it's going to be in terms of response times the only other consideration is if you've got a regions that don't have every service and you're gonna need a specific service then you may want to choose a different region so I'm going to click you east us to now the other important part of virtual networks is a concept called subnets subnets are a way of splitting up your virtual network into one at least one or more sub networks the default subnet is called default but you can call it whatever you want so this could be my front and subnet in this subnet I would place all my web servers and all my public facing services you have to specify an address range which is a sub subset of your total address space so in this case I created 512 addresses for the network and this first subnet called front-end is going to take half of them it's gonna take the 10.0 to 0.02 10.0.0.0 a half microsoft's also now offering what's called DDoS protection distributed denial-of-service protection and you get basic protection for free now basic protection basically it provides you what Microsoft can do in terms of protect protecting your network against distributed denial of service attacks and so it's basically does some basic level for ipv4 and ipv6 if a single attacker is throwing a lot of garbage traffic at your resources you can get basic DDoS protection standard DDoS protection gives you more options in terms of traffic monitoring there's machine learning algorithms that looking at the traffic it's going to apply policies to all of your public IP addresses associated with resources so if you have load balancers or gateways or service fabric running within this network then it's going to provide policies intelligent policies that will monitor the traffic and take appropriate action if it thinks that you're under attack I'm gonna leave it as basic for now service endpoints is also a cool new feature that allows this virtual network to be open directly to other azure services it's as basically establishing a private connection between this virtual network and Microsoft storage sequel database cosmos DB or sequel data warehouse so those are the options in terms of having private networking between your resources and these kind of storage accounts the wit but this will allow you to do then is basically block if you wanted to open this up to Microsoft storage for instance you can block external access to your storage account now normally storage is provided like platform-as-a-service the URL is publicly addressable the only way you can get access to a storage account is if you have the proper security keys so it is authenticated it is protected but the URL and the endpoint is still open if you were to connect your virtual network into a Microsoft storage account then you can protect traffic coming in to that storage account and actually block it so it's more of a firewall protection than just relying on authentication okay I'm gonna leave this off for now there's not gonna be we're not going to enable service endpoints but it's a really cool new feature I'm gonna pin this to my dashboard when I click the create button it's going to fire off and create me a virtual network now it does this pretty quickly but I'm gonna pause this video for just a second until it's completed all right so that took under 60 seconds and I have a new virtual network now there are no devices there's no nodes or anything on this network it is a completely untouched network but it's available to me if I go into the subnets I can see the front and subnet that I created it used to be called default it takes up one half of the address space and remember I said that Microsoft takes five IP addresses for its own uses so out of 256 addresses you're only left with 251 that you can do anything with I'm going to create a second subnet and we're gonna call it backend and this is where I'm going to put my application servers and I'm going to actually only use so instead of using all 255 I only use half of the remainder so instead of having a hundred and twenty eight addresses of 123 net addresses available for me to use okay so I'm creating a second subnet and I still have unused IP addresses in my virtual network so you'll see here that subnets really are a way of breaking out your network into sub networks okay now you might see there's this gateway subnet option at the top let me tell you a little bit about that if you're going to be creating a virtual private network the virtual private network uses what's called a network gateway to connect your own network if you're on your own corporation or in your own home into Microsoft Azure but the Gateway needs its own subnet so if I was to add a want to add a virtual private network to my virtual network then I would have to start by adding a gateway subnet okay so there's no really no options here other than choosing this range of address it doesn't need that much but 28 is fine I could say okay I'll do that and it will add a gateway subnet to my network and that way I can connect a private network to it now you one thing we didn't talk about is the security aspect of this virtual networks and subnets are where you attach your security to your firewalls so let's go into the front-end subnet here and we'll see that there's a number of options but one of the options says network security group now I don't have any network security groups to find in east us two so why don't we go I'm gonna say create now we're security group I'll show you how this works next network security group let's create a network security group in East us - let's call this front and network security group and I'm going to use the the virtual network resource group that we created our virtual network on that way it keeps the resources together so we're gonna create the front end now we're security group and while I'm here I'm also going to create a back-end or a security group we'll deal with both so I would go back here and I say network security group so now our security groups are really the firewall setting back-end for networks okay use existing new virtual network east us - so what we're going to go into our resource groups here go into our new virtual network resource group and we can see here that besides our virtual network we have a front end network security group that's also been created now network security groups are basically firewalls and they have inbound and outbound rules the rules are process in order from lowest priority to the highest and there it does come with a number of preset rules I'm going to switch over to the inbound security rules settings so that we can see them clearer so there are three rules that come built into it the first rule basically allows any other traffic on the virtual network to travel from are the other virtual network into our virtual network this also allows the load balancer traffic to travel into our virtual network and then denies all other traffic so if I was to apply this front-end network security group rule to our front-end subnet it would deny all public Internet traffic by default let's say then I do want to add HTTP traffic over port 80 so let's go into the basic set up because it has that for me I can choose HTTP service it knows that it's port 80 it will define that in a low priority number so number 100 is lot much below the 65,000 and if I add it this will then allow port 80 traffic to travel from anywhere into this virtual network okay so let's let that do that I'm also going to have port 443 which is the secure HTTP Channel so let's add that oh it has to 443 ok so I now I've added to network security group rules one for port 80 and one for port 443 since I didn't change this name it's a little bit confusing let's I can't change the name okay so I've allowed two types of ports to travel travel from anywhere into this network now if I was to go back to my network security group so let's go into the virtual network let's go into the subnet let's go into the front-end and let's choose the front-end a network security group to attach it to the front-end subnet and if I save this now I am allowing port 80 in port 443 traffic to travel from the public internet into the any devices that are attached to the front-end subnet right now we don't have any devices attached to the front end subnet okay we can see the security group if I was to attach the back end security group to the back end Network remember it denies all inbound traffic it denies only allows traffic from other virtual networks it allows the load balancer traffic so by setting up these security group settings I am severely restricting traffic to the back end and I am allowing traffic over to ports into the front end so that's how you deal with security in and at the subject level hopefully you're getting a better understanding of how microsoft azure deals with virtual networks and specifically with subnets it is the subnet level that a lot that we basically attach devices okay so right now there are no devices but if we had one it would tell us what subnet it's part of another another thing we should talk about is this concept of peering it's a primitive Lea new concept as well within Microsoft Azure but let's say that we have some resources in another virtual network or in another subscription or another region of the world and we want to allow traffic to travel between that virtual network and this virtual network so peering is the ability to connect to virtual networks no matter where they are within Microsoft Azure okay so we have this Asher Nuvi net if I was to create another virtual network then I could choose it and I would allow the traffic to travel between two different virtual networks or if I again had a specific virtual network in a different account or somewhere else then I could put the full resource ID in there and that will allow virtual network traffic to travel between those networks okay so that's a new merging important concept the last thing we probably talked about is how you would add devices here so let's go home and we're going to create a resource for our virtual network we're going to try to be very quick with this right so I'm going to create a new virtual machine give it a user ID put it into the existing v-net resource group it's important that the resources exist in the same region under the same subscription in order for us to connect it to our virtual network okay so I'm going to choose the simplest I have a basic being one subscription option here it's only seventeen dollars a month remember when we're getting resources that this is this is paid by the minute so even if it's $70 a month it's only fifty cents a day it's only two cents an hour so if I created this for an hour I would only be charged two cents I'm going to skip the other options you'll see here that's automatically filled in our easy new v-net virtual network it's chosen the first default subnet which is front end if I want this virtual machine to exist on this the front end I can just let it or I can choose to add it to the back end so right in this option here I get a chance of either assigning it to the front end or to the back end this is how we set this up now the machine itself can have a public IP address we can choose to have none or we can choose to create a new one and you'll notice that it's asking me to create an error security group we have the never security group assigned to the subnet we can also optionally have it assigned to the virtual machines Nick network card so I'm just going to reuse instead of creating a new network security group it's a good practice to allow to reuse security groups as a way of it being a good security practice so if I'm going to put this in the front end group then I'm going to I mean the other option is I can choose no security group because I know that the front-end subnet has one so remember there's basically two ends of this connection there's the subnet connection and then there's the virtual network interface connection and I don't have to have the security group on both so if I just say okay and I say create this is going to create me a new resource on to my virtual network now there's a few things that it creates including the network card that that are more than just the virtual machine but that's how you create a virtual network step-by-step and we even went so far as to create secure security network security groups and to add a brand-new Windows virtual machine to this existing network thanks a lot guys I I would offer it to you to subscribe to this channel please hit subscribe if you want more videos like this or hit thumbs up or share this with your friends
Info
Channel: Scott Duffy @ GetCloudSkills
Views: 109,698
Rating: undefined out of 5
Keywords: azure virtual network step by step, Azure Virtual Network, azure virtual network gateway, azure virtual network setup, azure virtual network subnets, azure virtual network tutorial, microsoft azure virtual network, microsoft azure virtual network tutorial, virtual network azure, azure networking, azure networking basics, azure networking best practices, azure networking concepts, azure networking deep dive, azure networking training, Azure VNet, azure vnet configuration
Id: ADdGZEfmNzQ
Channel Id: undefined
Length: 21min 58sec (1318 seconds)
Published: Tue May 15 2018
Related Videos
AzureTalk | Azure Networking | Session 1
AzureTalk
60K
Microsoft Azure Master Class Part 6 - Networking
John Savill's Technical Training
57K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Build a Company in Azure
Daniel Baker
112K
Azure Routing explained in plain English with a story in 10 mins-User Defined Routes, Route priority
azuremonk - cloud in plain english
25K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
The REAL story About the Crash that Killed Concorde! | Air France flight 4590
Mentour Pilot
4.3M
AZ-900 Episode 10 | Networking Services | Virtual Network, VPN Gateway, CDN, Load Balancer, App GW
Adam Marczak - Azure for Everyone
165K
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
Adam Marczak - Azure for Everyone
296K
Azure Virtual Network Tutorial - 1 | Azure Virtual Machine Tutorial | Azure Training | Edureka Live
edureka!
51K
Watch Elon Musk at 2021 Tesla Shareholder Meeting (full presentation)
CNET Highlights
602K
Azure | All About Virtual Machines, Virtual Networks, Subnets, NSGs | Azure Virtual Machine Tutorial
BestDotNetTraining
72K
Azure Service Endpoints | App Service Virtual Network Integration
Meet Kamal Today - Cloud Mastery
244
The Big Misconception About Electricity
Veritasium
10M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.