Scribd
Upload
150 views30 pages

Implement and Manage Virtual Networks

This module discusses planning and implementing virtual networks in Azure, including creating VNets using the portal or configuration files, connecting VNets using VNet-to-VNet or site-to-site VPNs, and planning IP addressing and name resolution; hands-on labs demonstrate creating VNets, connecting them with a VNet-to-VNet VPN, and optionally setting up a point-to-site VPN to validate connectivity between networks.

Uploaded by

Alok Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
150 views30 pages

Implement and Manage Virtual Networks

This module discusses planning and implementing virtual networks in Azure, including creating VNets using the portal or configuration files, connecting VNets using VNet-to-VNet or site-to-site VPNs, and planning IP addressing and name resolution; hands-on labs demonstrate creating VNets, connecting them with a VNet-to-VNet VPN, and optionally setting up a point-to-site VPN to validate connectivity between networks.

Uploaded by

Alok Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

Module 2

Implement and Manage Virtual


Networks
Module Overview

Planning Virtual Networks


Implementing and Managing Virtual Networks
• Configuring Connections to Virtual Networks
Lesson 1: Planning Virtual Networks

Demonstration: Preparing the Environment


Virtual Networks as a Component of Azure
Overview of Virtual Networks
Virtual Network Features
Connecting to Virtual Networks
VNet-to-VNet Connections
Designing IP Address Space and Subnet Allocation
in Azure Virtual Networks
• Planning for Name Resolution in Azure Virtual
Networks
Demonstration: Preparing the Environment

To prepare the lab environment for this module,


you must:
• Sign Into Your Microsoft Azure subscription
• Prepare the Azure environment
Virtual Networks as a Component of Azure

Compute Data Services Network Services


Virtual Machines Storage Virtual Networks

PaaS Cloud Services SQL Database Traffic Manager

Websites Backup ExpressRoute

Mobile Services Site Recovery

App Services
Media Services Active Directory Automation

Service Bus MFA CDNs

Push Notifications
Overview of Virtual Networks

Azure
Local Network
VNet

VM
VPN
Virtual Network Features

• Cloud services and virtual machines


• IP addresses
• Dynamic internal IP addresses
• Virtual IP addresses
• Static IP addresses
• Reserved IP addresses
• Instance-level Public IP addresses

• DNS
• Azure Load Balancer and Internal Load Balancer
• Traffic Manager
• Regional VNets
Connecting to Virtual Networks

• Cloud-only virtual networks


• Use endpoints to connect to specific services

• Point-to-site VPNs
• Use a VPN to connect from a single computer
• Site-to-site VPNs
• Use a VPN to connect from an on-premise subnet

• ExpressRoute
• Connect directly without going over the Internet
VNet-to-VNet Connections

Site-to-Site VPN:

Remote Local

On-Premises
VNet
Subnet

VNet-to-VNet VPN:

Remote Local

West US North Europe


VNet VNet
Local Remote
Designing IP Address Space and Subnet
Allocation in Azure Virtual Networks

• Choose a private non-overlapping address space:


• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

• Choose subnets
• The first three IP addresses and the last IP address
within each subnet are not available for use
• The smallest subnets you can specify use 29-bit subnet
masks
• Optionally use static internal IP addresses
Planning for Name Resolution in Azure Virtual Networks

Scenario Location Name Resolution Provision


Between VMs Same cloud Use Azure provided name
service resolution.
Between role instances Same VNet but Use your own DNS
or VMs different cloud implementation. For FQDN
services resolution, you can use Azure name
resolution for the first 100 cloud
services.
Between VMs or role Azure VNets Use your own DNS server/DNS
instances and on- and on- implementation.
premises computers premises
Between VMs Different Use your own DNS server/DNS
VNets implementation.
Between on-premises On-premises Use Microsoft Azure external name
computers and public to Azure resolution.
endpoints
Lesson 2: Implementing and Managing Virtual Networks

Creating Virtual Networks using the Management


Portal
Network Configuration Files
Exporting and Importing Network Configuration
Files
Demonstration: Creating and Modifying a Network
Using a Configuration File
• Deploying a VM into a Virtual Network
Creating Virtual Networks using the Management Portal

1. From the Networks page, start the VNet


Custom Create wizard.
2. Set the VNet name and select a region.
3. Configure a DNS server if required.
4. Configure IP address name spaces and subnets
according to your plan.
Network Configuration Files

<VirtualNetworkSites>
<VirtualNetworkSite name="Main_Network" Location="East
Asia">
<AddressSpace>
<AddressPrefix>192.168.0.0/16</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Front-End Subnet">
<AddressPrefix>192.168.0.0/28</AddressPrefix>
</Subnet>
<Subnet name="Mid-Tier Subnet">
<AddressPrefix>192.168.0.16/29</AddressPrefix>
</Subnet>
<Subnet name="Back-End Subnet">
<AddressPrefix>192.168.0.24/29</AddressPrefix>
</Subnet>
</Subnets>
</VirtualNetworkSite>
</VirtualNetworkSites>
Exporting and Importing Network Configuration Files

1. Download or create NetworkConfig.XML file:

Get-AzureVNetConfig
-ConfigurationPath "C:\NetworkConfig.XML"

2. Edit the NetworkConfig.XML file


3. Use Set-AzureVNetConfig to update the VNet
configuration:

Set-AzureVNetConfig
-ConfigurationPath "C:\NetworkConfig.XML"
Demonstration: Creating and Modifying a
Network Using a Configuration File

In this demonstration, you will see how to:


• Open a previously created network configuration
file
• Import a network configuration file into Azure
• Update a network configuration file offline
• Import a new configuration file to apply your
changes
Deploying a VM into a Virtual Network

Creating a VM in a VNet:
1. Use the FROM GALLERY option.
2. Select an image.
3. Enter a VM name and set credentials.
4. Specify a IaaS cloud service name.
5. Select a VNet and Subnet.
Lab A: Creating Virtual Networks

Exercise 1: Creating the Virtual Network

Logon Information
Virtual Machine: 20533B-MIA-CL1
User Name: Student
Password: Pa$$w0rd

Estimated Time: 60 minutes


Lab Scenario

A. Datum has two large office buildings in


different regions—an HQ and a main branch
office. In order to serve these locations rapidly,
you plan to have separate Azure virtual networks
in the two regions that match the office locations.
Your Azure architects have provided a script that
creates a virtual machine in each virtual network.
You have been asked to create the planning
virtual networks and use the scripts to populate
them.
Lab Review

• What are the two methods you can use to create


Azure virtual networks?
Lesson 3: Configuring Connections to Virtual Networks

Inter-Site Connectivity Options


Configuring a Point-to-Site VPN
Configuring a Site-to-Site VPN
Configuring a VNet-to-VNet VPN
• Considerations for Inter-Site Connectivity
Inter-Site Connectivity Options

Azure

East US VNet West US VNet


VNet-to-VNet

Site
Point to
to Site
Site
On-Premises
Network
Configuring a Point-to-Site VPN

1. Configure an IP address space for clients.


2. Configure a virtual gateway.
3. Create root and client certificates.
4. Create and install the VPN client configuration
package.
5. Connect to the VPN.
Configuring a Site-to-Site VPN

1. Create a new custom Vnet.


2. Set local network values.
3. Set the VNet IP address spaces and subnets.
4. Create the virtual gateway.
5. Obtain VPN device configuration information.
6. Run the configuration script for the VPN
gateway device.
Configuring a VNet-to-VNet VPN

1. Create two VNets


• Do not enable point-to-site or site-to-site
communication
• Ensure IP addresses do not overlap.
2. Add each VNet as a local network to the
opposite VNet
• Use a dummy IP address for the gateway address.
3. Create dynamic routing virtual gateways for
each Vnet.
4. Substitute the real gateway IP addresses.
5. Connect the VPN gateways.
Considerations for Inter-Site Connectivity

• Maximum of 10 VPN tunnels for connecting to


other VNets or on-premises sites
• Address spaces must not overlap
• VNet-to-VNet VPNs can be in the same or
different subscriptions or Azure regions
• Redundant tunnels are not supported
• Cloud services cannot span VNets even when
those VNets are connected
• All VPN tunnels share the available bandwidth on
the Azure VPN gateway
• VPN devices must support certain requirements
Lab B: Connecting Virtual Networks

Exercise 1: Connecting the Virtual Networks


Exercise 2: Validating Virtual Network Connectivity
• Exercise 3: Optional: Configuring a Point-to-Site
VPN

Logon Information
Virtual Machine: 20533B-MIA-CL1
User Name: Student
Password: Pa$$w0rd

Estimated Time: 100 minutes


Lab Scenario

You have been asked to implement connectivity to


the two A. Datum virtual networks you created
earlier. You want to use a VNet-to-VNet VPN to
connect the VNets. You also want to implement a
point-to-site VPN so that you can connect from
your administrative computer.
Lab Review
 
• What are the key steps for connecting Azure
virtual networks using gateways?
• What are the Azure- and virtual machine-based
tools you can use to validate virtual network
connectivity?
• What are the key steps for configuring a point-to-
site VPN?
 
Module Review and Takeaways

• Review Question(s)

You might also like