WEBVTT 0:00:02.740000 --> 0:00:07.040000 Hi, welcome to this video on provisioning virtual networks. 0:00:07.040000 --> 0:00:10.440000 What we're going to do in this video is we're going to start out by talking 0:00:10.440000 --> 0:00:14.860000 about what an Azure Virtual Network is, what are the components of an 0:00:14.860000 --> 0:00:16.140000 Azure Virtual Network. 0:00:16.140000 --> 0:00:19.660000 Then, we'll look at the different ways that you can provision an Azure 0:00:19.660000 --> 0:00:23.780000 Virtual Network, followed by configuration of the subnets. 0:00:23.780000 --> 0:00:27.720000 For me, the subnets are really a very key component of getting your Azure 0:00:27.720000 --> 0:00:31.060000 Virtual Networks right, and then finally we're going to take a look at 0:00:31.060000 --> 0:00:34.600000 actually demonstration of provision in a virtual network. 0:00:34.600000 --> 0:00:40.880000 Let's go ahead and let's jump right in to the components of an Azure Virtual 0:00:40.880000 --> 0:00:46.460000 Network. With an Azure Virtual Network, we have, of course, at the highest 0:00:46.460000 --> 0:00:48.840000 level, well, the virtual network. 0:00:48.840000 --> 0:00:55.740000 Within Azure, that's really kind of the central point of really everything 0:00:55.740000 --> 0:00:57.780000 that we're doing at the infrastructure level. 0:00:57.780000 --> 0:00:59.020000 I've got my virtual network. 0:00:59.020000 --> 0:01:03.120000 By the way, none of this is really very overly complex. 0:01:03.120000 --> 0:01:04.880000 I mean, of course, it's the first time you've seen it. 0:01:04.880000 --> 0:01:07.420000 If this is the first time you've seen it, it could be a little bit challenging, 0:01:07.420000 --> 0:01:10.480000 but if you're not, you'll be able to pick it up. 0:01:10.480000 --> 0:01:15.140000 At the virtual network level, there's really two key settings. 0:01:15.140000 --> 0:01:24.080000 One is the available IP address ranges. 0:01:24.080000 --> 0:01:30.580000 Now, those IP address ranges are going to be set in what is called CIDR 0:01:30.580000 --> 0:01:36.340000 notation. If you're not familiar with that, it's going to specify an IPv4 0:01:36.340000 --> 0:01:41.560000 octet notation, and it's really giving you the subnet mass, but giving 0:01:41.560000 --> 0:01:47.460000 it to you in a concise way. 0:01:47.460000 --> 0:01:52.860000 That's telling me that I'm starting out with 10.0.0.0, and I'm going to 0:01:52.860000 --> 0:01:58.100000 take the first 16 bits, the first two octets in this case, to make up 0:01:58.100000 --> 0:02:02.720000 my network ID. You can have multiples of those. 0:02:02.720000 --> 0:02:04.580000 You always have to have at least one. 0:02:04.580000 --> 0:02:09.620000 In addition to that, the other primary setting at the virtual network 0:02:09.620000 --> 0:02:12.400000 level is the DNS server. 0:02:12.400000 --> 0:02:15.880000 What are you using as DNS server? 0:02:15.880000 --> 0:02:18.940000 You actually have multiple DNS servers. 0:02:18.940000 --> 0:02:24.400000 There is a built-in automatic default DNS server that is going to resolve 0:02:24.400000 --> 0:02:28.620000 names within the virtual network, and it will also resolve names from 0:02:28.620000 --> 0:02:30.200000 the public internet. 0:02:30.200000 --> 0:02:35.120000 Other than that, you're going to go with a custom DNS solution, a wide 0:02:35.120000 --> 0:02:38.240000 variety of those that are available both in terms of within Azure, but 0:02:38.240000 --> 0:02:43.380000 also you can connect to a public DNS server or your own DNS server, maybe 0:02:43.380000 --> 0:02:46.500000 that's even on-prem, as long as you've got the networking setup to do 0:02:46.500000 --> 0:02:53.120000 that. Those are the primary configurations at the virtual network level. 0:02:53.120000 --> 0:02:55.400000 Not the only ones, but certainly the primary ones. 0:02:55.400000 --> 0:03:01.040000 A lot of the work within a virtual network is going to be within the subnets. 0:03:01.040000 --> 0:03:05.780000 Each virtual network has at least one and can have many subnets. 0:03:05.780000 --> 0:03:09.900000 There is a limit, but you're probably not going to hit that limit in most 0:03:09.900000 --> 0:03:11.660000 practical circumstances. 0:03:11.660000 --> 0:03:14.820000 I've got my subnets, and subnets are going to be named. 0:03:14.820000 --> 0:03:19.140000 Let's say, for example, I could have subnet A in subnet B because I'm 0:03:19.140000 --> 0:03:20.760000 not terribly creative. 0:03:20.760000 --> 0:03:23.020000 We'll go to subnet A for right now. 0:03:23.020000 --> 0:03:29.580000 At a minimum, your subnets must have fully contained and non-overlapping 0:03:29.580000 --> 0:03:31.560000 IP address ranges. 0:03:31.560000 --> 0:03:37.500000 By fully contained, it means that your network idea of your subnet has 0:03:37.500000 --> 0:03:41.960000 to fall within the IP address range of the virtual network or IP address 0:03:41.960000 --> 0:03:48.120000 ranges. You cannot have two subnets that have overlapping IP address ranges. 0:03:48.120000 --> 0:03:54.320000 For example, this could be 10.0.0.0.24. 0:03:54.320000 --> 0:04:03.020000 And the other subnet, subnet B, which I didn't label, could be 10.0.1 0:04:03.020000 --> 0:04:09.620000 .0.24. And those would be valid IP address ranges. 0:04:09.620000 --> 0:04:12.960000 Now, at a minimum, that's what you need for virtual network. 0:04:12.960000 --> 0:04:15.820000 And that's not too cumbersome. 0:04:15.820000 --> 0:04:17.420000 I've got the virtual network. 0:04:17.420000 --> 0:04:19.740000 I'm going to give it a range of IP addresses. 0:04:19.740000 --> 0:04:25.540000 I'm going to set up DNS servers or at least use the default DNS server. 0:04:25.540000 --> 0:04:28.080000 And then I'm going to generate one or more subnets. 0:04:28.080000 --> 0:04:32.040000 And the rules for the subnets are that you can have IP addresses, but 0:04:32.040000 --> 0:04:36.980000 those IP addresses must be fully included within the IP address range 0:04:36.980000 --> 0:04:38.540000 of the virtual network. 0:04:38.540000 --> 0:04:43.660000 And the IP address range of your subnets must be non-overlapping. 0:04:43.660000 --> 0:04:48.360000 Now in addition to that, I have two other primary settings. 0:04:48.360000 --> 0:04:49.600000 A few other things as well. 0:04:49.600000 --> 0:04:52.740000 But two other what I would consider primary settings within the subnets. 0:04:52.740000 --> 0:04:59.160000 One is you can set up a custom route table. 0:04:59.160000 --> 0:05:05.820000 So if you have custom routing needs within your subnets, you can accomplish 0:05:05.820000 --> 0:05:09.180000 that custom routing by using a route table. 0:05:09.180000 --> 0:05:12.500000 If you have, for example, a network virtual appliance that you're using 0:05:12.500000 --> 0:05:15.100000 as a router or as a firewall and you want to make sure traffic goes through 0:05:15.100000 --> 0:05:19.540000 there, this is how you would set up that routing within a given subnet. 0:05:19.540000 --> 0:05:25.260000 Subnet also has, I'm going to abbreviate this as NSG, the ability to add 0:05:25.260000 --> 0:05:26.540000 network security groups. 0:05:26.540000 --> 0:05:31.180000 Network security groups are really basically simplified firewall rules 0:05:31.180000 --> 0:05:36.940000 where you can specify port ranges, you can specify TCP or UDP. 0:05:36.940000 --> 0:05:41.580000 IP address ranges from the source and destination, as well as port ranges 0:05:41.580000 --> 0:05:43.000000 for the source and destination. 0:05:43.000000 --> 0:05:46.620000 And whether or not you allow it, the traffic and what the priority of 0:05:46.620000 --> 0:05:48.240000 that particular rule is. 0:05:48.240000 --> 0:05:52.200000 And those are the components of your virtual network. 0:05:52.200000 --> 0:05:58.000000 Now the way that ties into infrastructure in general is via a network 0:05:58.000000 --> 0:06:03.760000 interface card. So if I've got a virtual machine, which will label this 0:06:03.760000 --> 0:06:15.200000 VM, a virtual machine always has a network interface card. 0:06:15.200000 --> 0:06:19.960000 Virtual NIC, as obviously you're not dealing with the physical, that virtual 0:06:19.960000 --> 0:06:25.620000 NIC is going to be connected to a subnet, simple as that. 0:06:25.620000 --> 0:06:32.180000 Now the virtual NIC may also be associated with a public IP address. 0:06:32.180000 --> 0:06:41.600000 But by and large, that public IP address is really separate from the network. 0:06:41.600000 --> 0:06:46.380000 The only thing that impacts the public IP address from the virtual network 0:06:46.380000 --> 0:06:49.520000 directly is at NSG. 0:06:49.520000 --> 0:06:53.720000 Because the NSG for a virtual network is applied to all traffic that comes 0:06:53.720000 --> 0:06:57.480000 through the virtual machines on the virtual network or on that subnet, 0:06:57.480000 --> 0:07:00.960000 including anything that's coming in through a public IP address. 0:07:00.960000 --> 0:07:04.420000 So that is the set of virtual network components. 0:07:04.420000 --> 0:07:09.100000 Now let's take a look at how you can provision virtual networks. 0:07:09.100000 --> 0:07:12.020000 There are a number of ways to provision virtual networks. 0:07:12.020000 --> 0:07:13.180000 I'm going to go through three of them here. 0:07:13.180000 --> 0:07:16.500000 I'm actually going to demonstrate a fourth one in the demonstration. 0:07:16.500000 --> 0:07:20.680000 One way is the portal, nice visual approach to creating a virtual network. 0:07:20.680000 --> 0:07:25.780000 And you can see that you're setting up really some pretty basic elements. 0:07:25.780000 --> 0:07:30.860000 You've got the name, of course, the address space, subscription resource 0:07:30.860000 --> 0:07:33.520000 group you would expect, location you would expect. 0:07:33.520000 --> 0:07:35.500000 And you're setting up the subnet. 0:07:35.500000 --> 0:07:41.280000 And you also have the ability to set up DDOS protection, the Azure firewall, 0:07:41.280000 --> 0:07:46.920000 which is just a managed appliance, and also service endpoints, which are 0:07:46.920000 --> 0:07:50.720000 discussed in other videos. 0:07:50.720000 --> 0:07:54.000000 But pretty straightforward, pretty simple provisioning of your virtual 0:07:54.000000 --> 0:07:59.440000 network. Next, if you're going to provision via PowerShell, with PowerShell, 0:07:59.440000 --> 0:08:02.940000 you're going to provision in two steps you could combine it, but it'd 0:08:02.940000 --> 0:08:05.420000 be a pretty complex statement. 0:08:05.420000 --> 0:08:09.120000 First, you create your subnet configuration, and you can see within this 0:08:09.120000 --> 0:08:15.760000 subnet configuration, I've got simply a name and the address prefix. 0:08:15.760000 --> 0:08:21.140000 Then you're going to take that and use that in your virtual network. 0:08:21.140000 --> 0:08:26.620000 So I've got a virtual network, and it's got name, resource group, location, 0:08:26.620000 --> 0:08:27.800000 and address prefix. 0:08:27.800000 --> 0:08:30.640000 So really, all of that is relatively simple. 0:08:30.640000 --> 0:08:34.260000 Now, there are other options that you can set up. 0:08:34.260000 --> 0:08:38.740000 You can set up DDOS protection, and what level DDOS protection you want. 0:08:38.740000 --> 0:08:42.220000 You can specify the DDOS server that's at the network security level, 0:08:42.220000 --> 0:08:45.780000 or the network option, network level, excuse me. 0:08:45.780000 --> 0:08:47.360000 Then you've got subnets. 0:08:47.360000 --> 0:08:50.040000 So I can set up the network security group, the route table, talked about 0:08:50.040000 --> 0:08:53.300000 that, and also service endpoints. 0:08:53.300000 --> 0:08:56.320000 So that is PowerShell. 0:08:56.320000 --> 0:08:59.060000 And then the CLI, CLI is actually a single statement. 0:08:59.060000 --> 0:09:02.160000 This is usually the case. 0:09:02.160000 --> 0:09:06.260000 It's just got a different syntax, but it's very similar. 0:09:06.260000 --> 0:09:07.120000 You're doing the same things. 0:09:07.120000 --> 0:09:08.680000 You're creating a virtual network. 0:09:08.680000 --> 0:09:09.600000 You're giving it a name. 0:09:09.600000 --> 0:09:12.840000 You're putting it in a resource group, giving it a location, specifying 0:09:12.840000 --> 0:09:15.660000 the address prefixes, and then the subnet. 0:09:15.660000 --> 0:09:19.460000 Basic subnet information, the default name, or the name of the subnet, 0:09:19.460000 --> 0:09:20.660000 and also the prefixes. 0:09:20.660000 --> 0:09:22.960000 In this case, we're looking at 10.1. 0:09:22.960000 --> 0:09:28.120000 There are other options that you can set up, DDOS protection, DNS servers, 0:09:28.120000 --> 0:09:31.800000 and additional virtual machine protection. 0:09:31.800000 --> 0:09:36.220000 Now, in general, a lot of the configuration, if you are configuring virtual 0:09:36.220000 --> 0:09:39.480000 networking, is done at the subnet level. 0:09:39.480000 --> 0:09:43.880000 Key things that you can set up within the subnet level, you can set up, 0:09:43.880000 --> 0:09:45.640000 of course, the network security groups. 0:09:45.640000 --> 0:09:48.240000 That's going to control traffic. 0:09:48.240000 --> 0:09:50.000000 That's your basic firewalling. 0:09:50.000000 --> 0:09:52.620000 You've got route tables, so custom routing capabilities. 0:09:52.620000 --> 0:09:55.560000 All of that is done at the subnet level. 0:09:55.560000 --> 0:09:59.980000 You also have service endpoints, and you can set up multiple subnets. 0:09:59.980000 --> 0:10:04.200000 One thing about multiple subnets and about virtual networks in general, 0:10:04.200000 --> 0:10:10.540000 unless you add custom routing via routing tables, or custom NSGs that 0:10:10.540000 --> 0:10:16.020000 would prohibit traffic within a virtual network is always going to route 0:10:16.020000 --> 0:10:19.720000 properly. So in other words, if I have three different subnets in the 0:10:19.720000 --> 0:10:24.000000 same virtual network, those subnets, all the virtual machines on those 0:10:24.000000 --> 0:10:27.500000 subnets, are going to be able to communicate with each other by definition. 0:10:27.500000 --> 0:10:30.500000 Again, I could add routing rules that would circumvent that. 0:10:30.500000 --> 0:10:33.360000 I could add network security groups. 0:10:33.360000 --> 0:10:34.660000 That would circumvent that. 0:10:34.660000 --> 0:10:41.100000 But by default, within a single virtual network, all the subnets can communicate. 0:10:41.100000 --> 0:10:45.760000 And by default, there is no communication, no private communication between 0:10:45.760000 --> 0:10:47.620000 virtual networks. 0:10:47.620000 --> 0:10:51.600000 So I can partition out my networking at the virtual network level and 0:10:51.600000 --> 0:10:54.860000 then by default, there is no communication, although I can open that up. 0:10:54.860000 --> 0:11:00.220000 And then within the virtual network, I can further segment into my subnets. 0:11:00.220000 --> 0:11:04.640000 Now, if the subnets can communicate to each other, why would I separate 0:11:04.640000 --> 0:11:06.780000 those out? Why would I segment them? 0:11:06.780000 --> 0:11:10.720000 Well, for things like custom routing, custom NSGs, maybe I have a subnet 0:11:10.720000 --> 0:11:15.440000 that is a DMZ subnet, and then another subnet is private with very different 0:11:15.440000 --> 0:11:16.620000 communication rules. 0:11:16.620000 --> 0:11:20.180000 And so that's where the configuration of the subnets when you're building 0:11:20.180000 --> 0:11:23.940000 your virtual networking, when you're building your infrastructure topology 0:11:23.940000 --> 0:11:26.600000 are really an absolute key part of that. 0:11:26.600000 --> 0:11:30.100000 With that being said, now we're going to switch gears, and let's go ahead 0:11:30.100000 --> 0:11:35.100000 and take a look at a quick demonstration of provisioning virtual networks. 0:11:35.100000 --> 0:11:37.140000 I'm going to provision virtual networks in two ways. 0:11:37.140000 --> 0:11:42.660000 The first is going to be just through the portal. 0:11:42.660000 --> 0:11:44.060000 It's kind of standard, what I showed you before. 0:11:44.060000 --> 0:11:48.760000 But then I'm also going to show you how you can easily deploy a virtual 0:11:48.760000 --> 0:11:51.180000 network via a template. 0:11:51.180000 --> 0:11:54.440000 And my personal preference anytime I'm deploying anything is to deploy 0:11:54.440000 --> 0:11:59.360000 via a template. And those are actually covered in other videos, but I 0:11:59.360000 --> 0:12:01.180000 think it's worthwhile taking a quick look at them here. 0:12:01.180000 --> 0:12:06.980000 So let's go ahead and let's jump into that. 0:12:06.980000 --> 0:12:16.120000 All right, here I've got my Azure portal, and I'm logged into my own account. 0:12:16.120000 --> 0:12:19.420000 And this is going to be kind of fun because literally this morning, as 0:12:19.420000 --> 0:12:23.200000 is often the case with Azure, I came in and the portal was a bit different. 0:12:23.200000 --> 0:12:27.420000 What used to be a static menu on the left is now a little pop-out menu 0:12:27.420000 --> 0:12:29.380000 there. That's okay. 0:12:29.380000 --> 0:12:38.720000 And I'm going to go ahead and create a virtual network. 0:12:38.720000 --> 0:12:42.920000 And we'll go in here, I'm going to give this a name, and this is going 0:12:42.920000 --> 0:12:50.120000 to be demo portal vnet. 0:12:50.120000 --> 0:12:51.860000 And we'll leave that address space. 0:12:51.860000 --> 0:12:55.760000 Interesting thing, I've got some virtual networks that are already generated. 0:12:55.760000 --> 0:13:00.000000 And with this looked and it's by default giving me non-overlapping IP 0:13:00.000000 --> 0:13:02.920000 addresses between my virtual network. 0:13:02.920000 --> 0:13:08.200000 So if I want to connect them, I can create a new resource group. 0:13:08.200000 --> 0:13:17.380000 Demo provision vnet. 0:13:17.380000 --> 0:13:20.540000 And I'm going to leave the subnet alone and leave all these settings the 0:13:20.540000 --> 0:13:27.960000 same. And go ahead and create this. 0:13:27.960000 --> 0:13:31.240000 And that'll take just a moment and when that's done, we're going to take 0:13:31.240000 --> 0:13:34.800000 a look at it and then go ahead and create one via a template. 0:13:34.800000 --> 0:13:45.020000 All right, let's go ahead and let's take a look at that virtual network. 0:13:45.020000 --> 0:13:48.000000 I'm going to have my virtual networks and I have a few of them, but there's 0:13:48.000000 --> 0:13:54.300000 my, let's see here. 0:13:54.300000 --> 0:13:56.540000 Refresh that, there we go. 0:13:56.540000 --> 0:13:58.960000 A little scary for a moment. 0:13:58.960000 --> 0:14:00.960000 All right, and here's my virtual network. 0:14:00.960000 --> 0:14:06.460000 And at this point, I could go and do things like set firewall, other security, 0:14:06.460000 --> 0:14:11.220000 peerings, essentially, of course, any of the networking that I need to 0:14:11.220000 --> 0:14:17.100000 do. I'm going to go ahead though, and I am going to create another resource. 0:14:17.100000 --> 0:14:26.880000 And this time, we are going to go with a template deployment. 0:14:26.880000 --> 0:14:30.600000 And I'm going to build my own template. 0:14:30.600000 --> 0:14:33.360000 Now, I'm not going to go too deep into templates right now. 0:14:33.360000 --> 0:14:39.280000 This is a way to implement infrastructure as code built into the overall 0:14:39.280000 --> 0:14:41.800000 Azure environment. 0:14:41.800000 --> 0:14:48.920000 And it allows me to define a text document based on what's called a JSON 0:14:48.920000 --> 0:14:53.700000 format called VNet for now. 0:14:53.700000 --> 0:14:58.800000 And what that does is it generates out this definition of a resource. 0:14:58.800000 --> 0:15:01.360000 I'm going to zoom in just a little bit, hopefully make that a little bit 0:15:01.360000 --> 0:15:06.440000 easier to see. And without even going too deep into the details, I've 0:15:06.440000 --> 0:15:09.200000 got the ability to create a virtual network. 0:15:09.200000 --> 0:15:11.860000 You can see the type there is virtual networks. 0:15:11.860000 --> 0:15:16.220000 I've got a name which is VNet. 0:15:16.220000 --> 0:15:19.420000 And what's interesting is by default, when this generates, it actually 0:15:19.420000 --> 0:15:21.800000 generates with two subnets. 0:15:21.800000 --> 0:15:24.660000 I've got these two subnets right here. 0:15:24.660000 --> 0:15:29.360000 And they're all based on variables which are just defined down here. 0:15:29.360000 --> 0:15:33.180000 So they're cleverly named subnet one and subnet two. 0:15:33.180000 --> 0:15:36.440000 And I've got these variables down here where I could do something like, 0:15:36.440000 --> 0:15:38.540000 let's say, go 10.5. 0:15:38.540000 --> 0:15:41.560000 Makes it easy to manage all these settings. 0:15:41.560000 --> 0:15:46.520000 And if I wanted a third subnet, it would be pretty easy to do. 0:15:46.520000 --> 0:15:54.860000 I'll just say subnet three name here. 0:15:54.860000 --> 0:15:56.840000 And subnet three prefix. 0:15:56.840000 --> 0:16:08.020000 And so now I've got a more complex definition of a virtual network. 0:16:08.020000 --> 0:16:14.120000 And I just have to make these changes. 0:16:14.120000 --> 0:16:21.260000 There we go. And then, I'm sorry, that's good. 0:16:21.260000 --> 0:16:27.260000 I'm going to save it, put in a resource group, which was demo provision 0:16:27.260000 --> 0:16:32.960000 VNet through the terms. 0:16:32.960000 --> 0:16:37.020000 And that's it. So now, by building this, I realized I went through that 0:16:37.020000 --> 0:16:41.780000 fairly quickly. But I also pretty much just used tools that were there. 0:16:41.780000 --> 0:16:51.840000 I used a nice little widget to add the actual markup for a virtual network. 0:16:51.840000 --> 0:16:54.720000 And then I just modified it a little bit, tweaked it a little bit, and 0:16:54.720000 --> 0:16:56.960000 made it essentially do what I wanted to do. 0:16:56.960000 --> 0:17:02.580000 So that's really what virtual networks are, and that is the process of 0:17:02.580000 --> 0:17:04.500000 provisioning virtual networks.