Azure supports multiple cidr ranges in the Address for VNet
- Lets create a azure virtual network
- address space: 192.168.0.0/22
- subnets:
- web: 192.168.0.0/24
- app: 192.168.1.0/24
- db: 192.168.2.0/24
- mgmt: 192.168.3.0/24
- Now according to change in architecture we need to add two more subnets
- DMZ-Public
- DMZ-Private
- In Azure address space of VNET is a list of cidr ranges, so we can add more cidr ranges even after creating network to extend the network
- we can also give other cidr ranges
- After the address space is saved lets add two more subnets
- DMZ-Public: 10.100.0.0/24
- DMZ-Private: 10.100.1.0/24
Network Security
- When we create a vm in azure vnet with public it looks as shown below
- Any one from internet can access the vm once they have public ip
- This can be both useful and trouble causing scenario.
- So how can we control access to this vm only to specific users or allowing all the users only on a specific port
- Azure offers network security which can be applied at the network interface (VM) or at subnet level which is referred as network security group (NSG)
- We can use Azure NSG to filter network traffic to or from azure resources in a Azure virtual network
- Just to understand lets quickly create a linux vm in azure
- Once the vm is created i would like to login into the vm
ssh username@publicip
- I’m able to login by providing right credentials
- Now let me install apache server
sudo apt update
sudo apt install apache2 -y
- Now lets install tomcat which works on port 8080
sudo apt install tomcat8 -y
sudo service tomcat8 status
- Now try to access http://publicip:8080
- This is not working
- Lets try to ping
- So lets try to understand what NSG does and how is it allowing only some ports and protocols
