Networking Made Simple: VNets, Subnets, and NSGs Explained
In our last post, we talked about how to rent a computer in the cloud (Compute). But a computer is not very useful if it cannot talk to the outside world—or to your other computers.
This is where Networking comes in.
Networking can seem scary, full of IP addresses and routing tables. But for the AZ-900 exam, you just need to understand the basic concepts. To do that, we are going to build a Gated Community. 🏘️
1. Virtual Network (The Neighborhood Wall)
In Azure, a Virtual Network (VNet) is the fundamental building block for your private network. It is a logically isolated section of the Azure cloud dedicated to your resources.
- The Analogy: Think of the VNet as the big brick wall surrounding a private, gated community. Everything inside the wall is yours.
- The Rule: By default, any computer (Virtual Machine) you put inside the same VNet can talk to any other computer in that VNet, securely and automatically.
2. Subnets (The Streets)
A VNet can be huge. To keep things organized, you slice your VNet into smaller, manageable pieces called Subnets (Sub-Networks).
- The Analogy: If the VNet is the neighborhood wall, the Subnets are the specific Streets inside it (e.g., "Web Server Street" and "Database Street").
- Why do this? Organization and security. You want to group similar things together. It is much easier to apply security rules to a whole street than to individual houses.
3. Network Security Groups (The Security Guard)
Just because you have a wall around your neighborhood doesn't mean you want anyone walking into any house. You need to control the traffic.
A Network Security Group (NSG) acts as a firewall. It contains a list of rules that allow or deny network traffic.
- The Analogy: The NSG is the Security Guard standing at the entrance to a specific street (Subnet) or standing right at the front door of a house (Virtual Machine).
- How it works: The guard checks an ID list. "Are you port 80 (Web Traffic)? Yes? You can come in. Are you port 3389 (Remote Desktop)? No, you are not on the list. Go away."
Cheat Sheet: The Gated Community
| Azure Term | Analogy | What it does |
|---|---|---|
| VNet | The Community Wall | Isolates your resources from the rest of the cloud. |
| Subnet | The Streets | Organizes your network into smaller, manageable chunks. |
| NSG | The Security Guard | Filters traffic (Allows or Denies based on rules). |
Next Up: Now that our computers can securely talk to each other, where do they save their files? Stay tuned for our next guide on Azure Storage: Blobs, Files, and Disks!