Whether you are using Microsoft Azure or using Amazon AWS, networking is fundamental aspect on how the cloud resources can communicate with each other. On this article, we want to show you the fundamental of virtual network management in the cloud. Although the sample will use Azure, it can be implemented in AWS. Let us get started!
VNET Peering
When you want to communicate between two different virtual networks can communicate each other. For example, you have two VM with separated virtual network. VNET Peering has some characteristics which are:
- VNET peering can be done in same subscription, different region, or cross tenant (by using CLI)
- VNET peering can't be overlapping IP Address
- VNET is not transparent
- VNET is limited to 100 VNET for one subscription
- VNET can be transitive when connecting to Gateway or NVA
Network Interface
Each cloud computing resource has one or more network interface. For example, a VM has one or more Network interface. Network interface can be defined as a main identity of the computing resources in cloud computing. Network interface characteristics are:
- Network interface consists of public and private IP address
- Network interface is part of subnet that created in VNET
- Route table will help the network interface to communicate efficiently
NSG (Network Security Group)
Network security group will help the cloud computing resource secure their communication. NSG contains rule inbound or outbound of security rules.
- Security rules are worked based on priority based. Lower mean higher priority.
- There are inbound and outbound rules that can be applied differently. For example, you can block the port 80 for outbound, but allow the port 80 for inbound.
- You can deploy a specific firewall to identify the port required and blocked for better NSG
VPN Gateway
VPN Gateway helps you to connect between cloud computing resources with the on-premise resources (private cloud).
- VPN gateway is cost-effective version for connecting on-premise to cloud.
- There is high performance connection such as Azure Express Route or AWS Direct Connect.
