Implement Virtual Networking

Create and configure a virtual network

To create a virtual network with multiple subnets, follow the steps below.

1. Sign in to the Azure Portal.

2. In the Azure portal, search for and select Virtual networks, and, on the Virtual networks blade, click + Create.

3. Create a virtual network with the settings you need. 

4. Click Next: IP Addresses. Enter the Starting address. In our example it is 10.40.0.0. The Address space size is /20.

5. Click + Add subnet, enter the values according to your reality, and then click Add. Accept the defaults and click Review and Create.

6. Let validation occur and hit Create again to submit your deployment.

Note: Wait for the virtual network to be provisioned.

7. Click on Go to resource.

8. On the virtual network blade, click Subnets and then click + Subnet.

9. Create a subnet with your settings and click Save.

Deploy virtual machines into the virtual network

You will deploy Azure virtual machines into different subnets of the virtual network by using an ARM template. To do this, follow the steps.

1. In the Azure portal, open the Azure Cloud Shell by clicking on the icon in the top right of the Azure Portal.

2. If prompted to select either Bash or PowerShell, select PowerShell.

3. In the toolbar of the Cloud Shell pane, click the Upload/Download files icon, in the drop-down menu, click Upload. Upload your template and parameters json into the Cloud Shell home directory.

Note: You must upload each file separately. After uploading, use dir to ensure both files were successfully uploaded.

4. From the Cloud Shell pane, run the following to deploy two virtual machines by using the template and parameter files:

$rgName = 'az104-04-rg1'

New-AzResourceGroupDeployment `
   -ResourceGroupName $rgName `
   -TemplateFile $HOME/az104-04-vms-loop-template.json `
   -TemplateParameterFile $HOME/az104-04-vms-loop-parameters.json        

Note: This method of deploying ARM templates uses Azure PowerShell. You can perform the same task by running the equivalent Azure CLI command az deployment create (for more information, refer to Deploy resources with Resource Manager templates and Azure CLI.

Note: Wait for the deployment to complete before proceeding to the next task. This should take about 2 minutes.

5. Close the Cloud Shell pane.

Configure private and public IP addresses of Azure VMs

Here you will configure static assignment of public and private IP addresses assigned to network interfaces of Azure virtual machines.

Note: Private and public IP addresses are actually assigned to the network interfaces, which, in turn are attached to Azure virtual machines, however, it is fairly common to refer to IP addresses assigned to Azure VMs instead.

1. In the Azure portal, search for and select Resource groups, and, on the Resource groups blade, click the Resource Group where you have the vnet you want to modify. In our example, it is az104-04-rg1.

2. On the az104-04-rg1 resource group blade, in the list of its resources, click on the vnet you want to modify. In our case, az104-04-vnet1.

3. On the az104-04-vnet1 virtual network blade, review the Connected devices section and verify that there are two network interfaces az104-04-nic0 and az104-04-nic1 attached to the virtual network.

4. Click az104-04-nic0 and, on the az104-04-nic0 blade, click IP configurations.

Note: Verify that ipconfig1 is currently set up with a dynamic private IP address.

5. In the list IP configurations, click ipconfig1.

6. On the ipconfig1 blade, in the Public IP address settings section, select Associate, click + Create new, specify the settings you need it, and click OK.

7. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP address set to 10.40.0.4. Click Save.

8. Back on the ipconfig1 blade, save the changes. Make sure to wait for the save operation to be completed before you proceed to the next step.

9. Navigate back to the az104-04-vnet1 blade.

10. Click az104-04-nic1 and, on the az104-04-nic1 blade, click IP configurations.

Note: Verify that ipconfig1 is currently set up with a dynamic private IP address.

11. In the list IP configurations, click ipconfig1.

12. On the ipconfig1 blade, in the Public IP address settings section, select Associate, click + Create new, specify your settings, and click OK.

13. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP address set to 10.40.1.4.

14. Back on the ipconfig1 blade, save the changes.

15. Navigate back to the az104-04-rg1 resource group blade, in the list of its resources, click az104-04-vm0.

16. From the az104-04-vm0 virtual machine blade, note the public IP address entry.

17. Navigate back to the az104-04-rg1 resource group blade, in the list of its resources, click az104-04-vm1, and from the az104-04-vm1 virtual machine blade, note the public IP address entry.

Configure network security groups

Here you will configure network security groups in order to allow for restricted connectivity to Azure virtual machines.

1. In the Azure portal, search for and select Network Security Groups, and, on the Network Security Groups blade, click + Create.

2. Create a network security group with the settings you need.

3. Click Review and Create. Let validation occur and hit Create to submit your deployment.

Note: Wait for the deployment to complete. This should take about 2 minutes.

4. On the deployment blade, click Go to resource to open the az104-04-nsg01 network security group blade.

5. On the az104-04-nsg01 network security group blade, in the Settings section, click Inbound security rules.

6. Add an inbound rule informing the necessary settings in the Add inbound security rule blade and click Add.

7. On the az104-04-nsg01 network security group blade, in the Settings section, click Network interfaces and then click + Associate.

8. Associate the az104-04-nsg01 network security group with the az104-04-nic0 and az104-04-nic1 network interfaces.

Note: It may take up to 5 minutes for the rules from the newly created Network Security Group to be applied to the Network Interface Card.

9. Start the az104-04-vm0 and az104-04-vm1 virtual machines.

10. Navigate back to the az104-04-vm0 virtual machine blade.

11. On the az104-04-vm0 blade, click Connect.

12. Click RDP. Click Download RDP File using the Public IP address and follow the prompts to start the Remote Desktop session.

Note: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.

13. When prompted, sign in with the user and password.

Configure Azure DNS for internal name resolution

To configure DNS name resolution within a virtual network by using Azure private DNS zones, follow the steps below.

1. In the Azure portal, search for and select Private DNS zones and, on the Private DNS zones blade, click + Create.

2. Create a private DNS zone. Enter the settings you need.

3. Click Review and Create. Let validation occur and hit Create again to submit your deployment.

Note: Wait for the private DNS zone to be created. This should take about 2 minutes.

4. Click Go to resource to open the contoso.org DNS private zone blade.

5. On the contoso.org private DNS zone blade, in the Settings section, click Virtual network links, and then  + Add.

6. Create a virtual network link with the settings you need.

7. Click OK.

Note: Wait for the virtual network link to be created. This should take less than 1 minute.

8. On the contoso.org private DNS zone blade, in the sidebar, click Overview.

9. Verify that the DNS records for az104-04-vm0 and az104-04-vm1 appear in the list of record sets as Auto registered.

Note: You might need to wait a few minutes and refresh the page if the record sets are not listed.

10. Switch to the Remote Desktop session to az104-04-vm0, right-click the Start button and, in the right-click menu, click Windows PowerShell (Admin).

11. In the Windows PowerShell console window, run the following to test internal name resolution in the newly created private DNS zone:

nslookup az104-04-vm0.contoso.org
nslookup az104-04-vm1.contoso.org        

12. Verify that the output of the command includes the private IP address of az104-04-vm1 (10.40.1.4).

Configure Azure DNS for external name resolution

Configure external DNS name resolution by using Azure public DNS zones.

1. In the Azure portal, search for and select DNS zones and, on the DNS zones blade, click + Create.

2. Create a DNS zone with the settings you need.

3. Click Review and Create. Let validation occur and hit Create again to submit your deployment.

Note: Wait for the DNS zone to be created. This should take about 2 minutes.

4. Click Go to resource to open the blade of the newly created DNS zone.

5. On the DNS zone blade, click + Record set.

6. Add a record set with your necessary settings.

7. Click OK.

8. On the DNS zone blade, click + Record set.

9. Add a record set set with your necessary settings.

10. Click OK.

11. On the DNS zone blade, note the name of the Name server 1 entry.

12. In the Azure portal, open the PowerShell session in Cloud Shell by clicking on the icon in the top right of the Azure Portal.

13. From the Cloud Shell pane, run the following to test external name resolution of the az104-04-vm0 DNS record set in the newly created DNS zone (replace the placeholder [Name server 1] with the name of Name server 1 you noted earlier in this task and the [domain name] placeholder with the name of the DNS domain you created earlier in this task):

nslookup az104-04-vm0.[domain name] [Name server 1]        

14. Verify that the output of the command includes the public IP address of az104-04-vm0.

15. From the Cloud Shell pane, run the following to test external name resolution of the az104-04-vm1 DNS record set in the the newly created DNS zone (replace the placeholder [Name server 1] with the name of Name server 1 you noted earlier in this task and the [domain name] placeholder with the name of the DNS domain you created earlier in this task):

nslookup az104-04-vm1.[domain name] [Name server 1]        

16. Verify that the output of the command includes the public IP address of az104-04-vm1.