Azure Classroom Notes – 29/Feb/2020

Application Security Groups

  • It is logical grouping Network Interfaces
  • While creating NSG , we can use ASG as Source or Destination, Which gives us control over traffic to allow or deny it
  • Lets assume we have 10 vms in a VNET scattered across different subnets, out of which
    • 3 are web
    • 2 are app
    • 3 are db
    • 2 are cache servers
  • To solve restricted communication between applications, we create 4 asgs and bind them to network interfaces
  • Now change the NSGs to control the vms communication with asg’s in the place of IP address ranges.

Network Appliance

  • Any special Network behavior like proxy, internet security, scans etc can be added to azure vnet by adding network appliances. (Check in the Azure Marketplace)
  • Now so far we never had a situation to control the routes because we were used system defined routing
    • It allows communication within subnets
    • It allows the traffic to be forwarded to internet or recieved from internet
  • We need to look at azure routing or Route Tables.
  • Some of the cases where network appliances are used are
    • Firewall (External Firewalls)
    • Proxy Servers
    • Traffic Filtering

Create a Network as shown below


  • Using Portal
  • Using CLI
  • Using Powershell

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner