An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It provides isolation, segmentation, and other network features comparable to AWS VPC. Virtual Networks offer two types of gateway services:
- VPN Gateway
- ExpressRoute Gateway
VPN Gateway
Azure VPN Gateway connects your on-premises networks to Azure via site-to-site VPNs, similarly like setting up and connecting to a remote branch office. The connectivity is secured with encryption and also supports Transit Routing connection.
ExpressRoute Gateway
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud, such as Microsoft Azure, Microsoft 365, and Azure DevOps, over a private dedicated connection which is facilitated by a connectivity provider.
| VPN Gateway | ExpressRoute Gateway | |
|---|---|---|
| Speed | 1.25 Gbps | 10 Gbps |
| Setup | Quick | Professional Needed |
| Cost | Low | High |
How to Implement Azure Virtual Network
To implement an Azure VNet, simply navigate to the Azure portal, create a new resource, and select ‘Virtual network’. You will be required to input your desired name, address space, subscription, resource group, location, and subnet information.
Example:
JavaScript
az network vnet create \
--name MyVirtualNetwork \
--resource-group MyResourceGroup \
--location eastus \
--address-prefix 10.0.0.0/16 \
--subnet-name MySubnet \
--subnet-prefix 10.0.0.0/24
Connectivity Options for Azure Virtual Network
Within Azure, you have several options on how you want to setup connectivity for your Virtual Networks:
- VNet Peering: Connecting two Azure virtual networks. This connection allows resources in the two Vnets to communicate with each other.
- VPN Gateway Connection: You can create a secure connection between your on-premises site and Azure Virtual Network.
- ExpressRoute Connection: It is a private connection from your on-premises network to your Azure Virtual Network. ExpressRoute connections do not go over the public Internet, thus they offer more reliability, faster speeds, lower latitudes, and higher security.
Conclusion
Learning how to plan and implement Azure Virtual Network Connectivity is fundamental for the AZ-140 Configuring and Operating Microsoft Azure Virtual Desktop Exam. Understanding the concepts, as well as the practical aspects covered in this article, will provide you with the necessary skills and knowledge to succeed in your exam. Make sure to go through this guide carefully and sharpen your Azure network configuration skills. Your next great achievement awaits you!
Practice Test
True or False: It’s not possible to connect a Virtual Network in Azure with another Virtual Network.
- False
Answer: False
Explanation: With Azure, you can create a Virtual Network Peering, which allows you to connect one Virtual Network with another.
Multiple Select: What are the options to connect your on-premises network to Azure?
- a) Virtual Private Network (VPN)
- b) Azure ExpressRoute
- c) Azure DevOps
- d) Azure Logic Apps
Answer: a) Virtual Private Network (VPN) and b) Azure ExpressRoute
Explanation: The Virtual Private Network (VPN) and Azure ExpressRoute are two options to connect your on-premises network to Azure.
True or False: It’s impossible to configure hybrid networking with Azure Virtual Desktop.
- False
Answer: False
Explanation: Hybrid networking can be set up with Azure Virtual Desktop. It enables users to access resources from both the Azure network and the on-premise network.
Single Select: What does Azure VNet Peering allow?
- a) Connectivity between VNets
- b) Sharing storage between VNets
- c) Managing users between VNets
- d) None of the above
Answer: a) Connectivity between VNets
Explanation: Azure VNet Peering allows the direct connection between VNets, enabling resources in either VNet to communicate with each other.
True or False: Azure Virtual Networks are isolated from each other.
- True
Answer: True
Explanation: By default, Azure Virtual Networks are isolated from each other. However, communication between VNets can be set up through VNet peering.
Multiple Select: Which of the following connectivity options does Azure provide?
- a) Site-to-Site VPN
- b) Point-to-Site VPN
- c) ExpressRoute
- d) App Service
Answer: a) Site-to-Site VPN, b) Point-to-Site VPN, c) ExpressRoute
Explanation: Site-to-Site VPN, Point-to-Site VPN, and ExpressRoute are different connectivity options provided by Azure.
True or False: VNet peering within the same region incurs data transfer costs.
- False
Answer: False
Explanation: With VNet peering, data transfer between VNets in the same Azure region is free.
Single Select: Which one of these is not a configuration option for Azure VNet Peering?
- a) Forwarded traffic
- b) Virtual network access
- c) Gateway transit
- d) SQL Server transit
Answer: d) SQL Server transit
Explanation: SQL Server transit is not a configuration option for Azure VNet Peering.
True or False: Azure ExpressRoute is an Azure service that allows you to set up private connections to Azure services.
- True
Answer: True
Explanation: Azure ExpressRoute is a Microsoft Azure service that allows you to set up private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.
Single Select: Which Azure service enables you to extend your on-premises networks into the Microsoft cloud?
- a) Azure DevOps
- b) Azure Pipelines
- c) Azure Active Directory
- d) Azure Virtual Network (VNet)
Answer: d) Azure Virtual Network (VNet)
Explanation: Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure by allowing many types of Azure resources to securely communicate with each other, the internet, and on-premises networks.
Interview Questions
What is the Azure virtual network (VNet)?
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables Azure resources, like Azure Virtual Desktops, to securely communicate with each other, the internet, and on-premises networks.
Is it possible to connect two Azure virtual networks?
Yes, two Azure virtual networks can be connected together using either VNet peering or a site-to-site VPN. This allows resources in different virtual networks to communicate with each other securely.
How can Azure virtual networks communicate with an on-premise network?
Azure virtual networks can communicate with on-premise networks via a VPN or Azure ExpressRoute. A VPN uses the public internet to establish a secure connection, while ExpressRoute employs a private connection facilitated by a connectivity provider.
What is the role of network security groups in Azure virtual networks?
Network Security Groups (NSGs) in Azure virtual networks are used to filter network traffic to and from Azure resources within a virtual network. They can be associated at the subnet level or the network interface level, allowing you to control access to your virtual machines.
What are the connectivity options for Azure Virtual Desktop (AVD)?
The connectivity options for AVD include site-to-site VPN, ExpressRoute and public internet. The choice among these options depends on the business requirements and the level of security needed.
How is a site-to-site VPN connection configured in Azure?
Site-to-site VPN connection in Azure is configured using the VNet gateway that sends encrypted traffic across a public connection. It involves creating a virtual network gateway in the Azure portal, creating a local network gateway that represents your on-premise VPN device and the IP address and then adding a connection.
Can you connect an Azure Virtual Desktop with a different Azure subscription’s virtual network?
Yes, it is possible with VNet peering. This feature allows two virtual networks to connect, even if they are in different subscriptions.
What are User Defined Routes (UDR) in Azure?
UDR or User Defined Routes are custom routes in a route table within an Azure Virtual Network, which controls where traffic is directed.
What is a VNet peering in Azure?
VNet peering in Azure is a mechanism that connects two virtual networks in the same region through the Azure backbone network. Once connected, the two virtual networks appear as one for connectivity purposes.
Which protocol does Azure use to provide encryption in a VPN connection?
Azure uses the IPsec (Internet Protocol Security) protocol to provide encryption in a VPN connection.
How to implement network connectivity for Azure Virtual Desktop?
Network connectivity for Azure Virtual Desktop can be implemented by setting up a virtual network and then configuring the network components like subnets, security groups, and network interfaces.
What is Azure ExpressRoute?
Azure ExpressRoute is a service that enables you to create private connections between Azure datacenters and your on-premise infrastructure or a colocation environment, bypassing the public internet.
Can a virtual machine in one Azure virtual network communicate with a virtual machine in another Azure virtual network by default?
No. By default, virtual machines in different Azure virtual networks cannot communicate with each other. You would need to establish a VNet peering or a site-to-site VPN for this to be possible.
How do you secure access to Azure Virtual Desktop?
Access to Azure Virtual Desktop can be secured using different mechanisms such as Azure Active Directory, Multi-Factor Authentication, Conditional Access policies and Role-Based Access Control.
What is a network interface in the context of Azure Virtual Network?
In Azure Virtual Network, a network interface is an interconnection between a virtual machine and the underlying virtual network. It enables a virtual machine to communicate with the internet, Azure, and on-premises resources.
extutorials.com