🌐 Networking in Azure: VNets, NSGs, and Peering

Posted on by

As I progressed in my Azure journey—from creating virtual machines to managing identities—I realized that networking is the glue that connects and secures all cloud resources. Without proper networking, even the best applications and services can fail to communicate or remain exposed to threats.

In this blog, I’ll share how I’ve worked with core Azure networking components like Virtual Networks (VNets), Network Security Groups (NSGs), and VNet Peering—explained in a simple, step-by-step style.

✅ What You’ll Learn:

  • What is an Azure Virtual Network (VNet)?
  • How Network Security Groups (NSGs) protect traffic
  • How I use VNet Peering to connect networks
  • Real-world setup examples
  • Best practices I follow for secure Azure networking

🕸️ What is a Virtual Network (VNet)?

A Virtual Network (VNet) in Azure is like your private network in the cloud. It allows me to:

  • Connect VMs, databases, and app services privately
  • Define IP address ranges and subnets
  • Connect to on-premises networks using VPNs or ExpressRoute

Example:

When I deployed a web app and a database in Azure, I placed them in the same VNet but different subnets:

  • Subnet-Web for the front-end VM
  • Subnet-DB for the database VM

This let me isolate traffic and apply different security rules.

🔐 What is a Network Security Group (NSG)?

NSGs are like virtual firewalls that control inbound and outbound traffic at the subnet or NIC level. I use NSGs to:

  • Allow only RDP or SSH from specific IPs
  • Block all internet access to backend services
  • Log dropped connections for auditing

Example:

For a production VM, I created an NSG with these rules:

PriorityDirectionPortSourceAction
100Inbound22My Office IPAllow
200Inbound*InternetDeny

🔁 What is VNet Peering?

VNet Peering lets me connect two VNets privately so that resources in both networks can communicate securely—without going over the public internet.

This is especially helpful when:

  • I have separate VNets for Dev and Prod
  • I want to isolate environments but still allow internal communication

How I Set Up Peering:

  1. Go to Virtual Network > Peerings
  2. Add a peering connection between VNet-Dev and VNet-Prod
  3. Enable “Allow traffic to remote virtual network”

After that, the VMs in each VNet could ping and communicate using private IPs.

🧠 Networking Tips I Follow

  • Use NSGs on both subnets and NICs for layered security
  • Keep production, staging, and dev in separate VNets or subnets
  • Always block unused ports, especially 3389 (RDP) and 22 (SSH)
  • Use VNet Peering instead of VPN when both VNets are in the same region—it’s faster and cheaper
  • Don’t forget to enable NSG flow logs for monitoring and alerts

📌 Real-World Scenario

In one of my Azure projects, I had to set up:

  • A front-end app in VNet-App
  • A backend database in VNet-DB
  • An on-prem site-to-site VPN connected to VNet-Core

I used VNet Peering to link all three, applied NSGs to restrict access, and ensured that only necessary ports were open. The performance improved, and security was much tighter.

🔚 Conclusion

Azure networking may seem complex at first, but once I understood VNets, NSGs, and Peering, it became a powerful tool to design secure, scalable, and high-performance architectures.

If you’re starting out, focus on setting up VNets with subnets, controlling access using NSGs, and connecting environments using Peering. These basics will set the stage for more advanced networking like VPNs, Azure Firewall, and Application Gateway.