In this comprehensive article, I’ll walk you through everything you need to know how to create VNet in Azure.
Table of Contents
How To Create VNet In Azure
Before discussing how to create a VNet in Azure, it is helpful to have a basic understanding of what a VNet is in Azure. Next, we will discuss the prerequisites needed, along with the necessary steps.
Prerequisites
You must have an Azure account or Azure Subscription if you haven’t created one yet; set up an Azure Free Account.
Approach 1: Using Azure Portal
To create VNet in Azure, follow the steps below
- Log in to the Azure Portal (https://portal.azure.com/).
- Search for ‘Virtual Network’ and click on the search result’ Virtual Networks’.
You can also click on the + Create a resource option at the top left corner of the Azure Portal to access the same steps.
Search for ‘Virtual Network’ and click on the search result.
3. Click on the Create button on the Virtual Network window.
4. On the Create virtual network window, select the Basics tab and then provide the details below
- Subscription: Select the desired subscription from the options below.
- Resource group: Select an existing resource group or create a new one using the Create new link.
- Name: Provide a name for the virtual network.
- Region: Select the Region.
Click the Next: IP Addresses > button to navigate the IP Addresses window.
5. Now, it will validate all the data you entered and display a message indicating that the validation has passed. Finally, click on the Create button to create the Virtual network.
6. it will show you “Your deployment is complete”. Click the “Go to Resource” button to navigate to the virtual network.
Approach 2: Using PowerShell
Let’s discuss how to create a virtual network in Azure using PowerShell. Before discussing the functionality, it is essential to understand the prerequisites for creating a virtual Azure network using PowerShell.
Prerequisites
Below are the prerequisites needed here.
- You must have an Azure account or an Azure Subscription if you haven’t created one yet; set up an Azure Free Account.
- You must install the latest version of Azure PowerShell on your machine. If you haven’t already installed it, install Azure PowerShell now.
The first step is to create a resource group. The resource group will be responsible for hosting the virtual network.
Creating a resource group using PowerShell
Execute the Azure Powershell cmdlet below to create a resource group in Azure.
$rsgrp = @{
Name = 'Demo980'
Location = 'EastUS'
}
New-AzResourceGroup @rsgrpOnce you execute the above Azure PowerShell cmdlet, you will get the output like the one below.
ResourceGroupName : Demo980
Location : eastus
ProvisioningState : Succeeded
Tags :
ResourceId : /subscriptions/1cdf4300-dee5-4518-9c9c-feaa72f6gbd1/resourceGroups
/Demo980
You can check it out below
Here, “Demo980” is the name of our resource group, and “EastUS” is the name of the location.
Now is the time to create the Virtual Network as the next step.
Creating Virtual Network PowerShell
Execute the below Azure PowerShell script. Where TSInfoVNet1 is the name of the virtual network. Demo980 is the resource group name that we have created above.
$myvnetw = @{
Name = 'TSInfoVNet1'
ResourceGroupName = 'Demo980'
Location = 'EastUS'
AddressPrefix = '10.0.0.0/16'
}
$virtualNetwork = New-AzVirtualNetwork @myvnetwOnce we run the above script, the TSInfoVNet1 virtual network will be created for us.
Now, to confirm, I have logged in to the Azure Portal and can see that the virtual network was created successfully.
Next, add a subnet.
Adding a subnet
You can use the Azure PowerShell script below to add a subnet.
$subnet = @{
Name = 'default'
VirtualNetwork = $virtualNetwork
AddressPrefix = '10.0.0.0/24'
}
$subnetConfig = Add-AzVirtualNetworkSubnetConfig @subnetNow, we have added a subnet, but it is not time to associate the subnet with the virtual network.
Associating the Subnet to the Virtual Network
Use the Azure PowerShell cmdlet below to associate the subnet with the Virtual Network.
$virtualNetwork | Set-AzVirtualNetworkOnce you execute the above PowerShell cmdlet, you will get the output below.
Name : TSInfoVNet1
ResourceGroupName : Demo980
Location : eastus
Id : /subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceG
roups/Demo980/providers/Microsoft.Network/virtualNetworks/TSI
nfoVNet1
Etag : W/"115d206e-1651-444c-b382-774b94adef37"
ResourceGuid : fb1b0c6a-646a-441c-a956-a256027d2045
ProvisioningState : Succeeded
Tags :
AddressSpace : {
"AddressPrefixes": [
"10.0.0.0/16"
]
}
DhcpOptions : {
"DnsServers": []
}
Subnets : [
{
"Delegations": [],
"Name": "default",
"Etag": "W/\"115d206e-1651-444c-b382-774b94adef37\"",
"Id": "/subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd
1/resourceGroups/Demo980/providers/Microsoft.Network/virtualN
etworks/TSInfoVNet1/subnets/default",
"AddressPrefix": [
"10.0.0.0/24"
],
"IpConfigurations": [],
"ServiceAssociationLinks": [],
"ResourceNavigationLinks": [],
"ServiceEndpoints": [],
"ServiceEndpointPolicies": [],
"PrivateEndpoints": [],
"ProvisioningState": "Succeeded",
"PrivateEndpointNetworkPolicies": "Enabled",
"PrivateLinkServiceNetworkPolicies": "Enabled",
"IpAllocations": []
}
]
VirtualNetworkPeerings : []
EnableDdosProtection : false
DdosProtectionPlan : null
Approach 3: Using Azure CLI
Now, let’s discuss how to create a VNet using Azure CLI. However, before that, we should be aware of the prerequisites required here.
Prerequisites
Below are the prerequisites needed to create the virtual network using Azure CLI.
- You must have an Azure account or an Azure Subscription if you haven’t created one yet; set up an Azure Free Account.
- You need to install the latest version of Azure CLI. If you have not yet installed Azure CLI on your machine, install Azure CLI now.
- Don’t forget to install Azure CLI extensions if you use them for the first time.
First, you must create the resource group using Azure CLI.
Creating the Resource Group using Azure CLI
You can use the below cmdlet to create a resource group using Azure CLI. That will create a resource group named Demo906, located in the East region.
az group create --name Demo906 --location eastusOnce you execute the above cmdlet, you will get the output below
bijay@Azure:~$ az group create --name Demo906 --location eastus
{
"id": "/subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceGroups/Demo906",
"location": "eastus",
"managedBy": null,
"name": "Demo906",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}Create VNet In Azure CLI
Now, we need to create the virtual network using Azure CLI. Execute the below script to create the virtual network using Azure CLI.
az network vnet create
--name TSInfoVNet3 --resource-group Demo906 --subnet-name defaultOnce you execute the above script, the virtual network named TSInfoVNet3 will be created, with the resource group name Demo906 and the subnet name as the default.
You will get the output below.
{
"newVNet": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"bgpCommunities": null,
"ddosProtectionPlan": null,
"dhcpOptions": {
"dnsServers": []
},
"enableDdosProtection": false,
"enableVmProtection": null,
"etag": "W/\"f1b27aa3-4ff6-484d-b109-a64306bdff6b\"",
"extendedLocation": null,
"flowTimeoutInMinutes": null,
"id": "/subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceGroups/Demo906/providers/Microsoft.Network/virtualNetworks/TSInfoVNet3",
"ipAllocations": null,
"location": "eastus",
"name": "TSInfoVNet3",
"provisioningState": "Succeeded",
"resourceGroup": "Demo906",
"resourceGuid": "39b01a17-124b-4b6e-a0ab-f2a45ac8ff2b",
"subnets": [
{
"addressPrefix": "10.0.0.0/24",
"addressPrefixes": null,
"applicationGatewayIpConfigurations": null,
"delegations": [],
"etag": "W/\"f1b27aa3-4ff6-484d-b109-a64306bdff6b\"",
"id": "/subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceGroups/Demo906/providers/Microsoft.Network/virtualNetworks/TSInfoVNet3/subnets/default",
"ipAllocations": null,
"ipConfigurationProfiles": null,
"ipConfigurations": null,
"name": "default",
"natGateway": null,
"networkSecurityGroup": null,
"privateEndpointNetworkPolicies": "Enabled",
"privateEndpoints": null,
"privateLinkServiceNetworkPolicies": "Enabled",
"provisioningState": "Succeeded",
"purpose": null,
"resourceGroup": "Demo906",
"resourceNavigationLinks": null,
"routeTable": null,
"serviceAssociationLinks": null,
"serviceEndpointPolicies": null,
"serviceEndpoints": null,
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"tags": {},
"type": "Microsoft.Network/virtualNetworks",
"virtualNetworkPeerings": []
}
}If you don’t want the VNet anymore, you can delete the Virtual Network.
Best Practices
Having created hundreds of VNets for clients across various industries, I’ve compiled these essential best practices to ensure your network architecture is robust and scalable:
Address Space Planning
| Consideration | Recommendation |
|---|---|
| Address Space Size | Plan for growth; use larger CIDR blocks than immediately needed |
| Address Space Overlap | Ensure no overlap with on-premises or other cloud networks |
| Subnet Sizing | Create appropriately sized subnets based on workload requirements |
| Reserved Addresses | Remember, Azure reserves the first four and last IP addresses of each subnet |
Security Considerations
- Network Security Groups (NSGs): Implement at both the subnet and NIC levels for defense in depth
- Service Endpoints: Use them to secure Azure service resources to your virtual network
- Private Link: Consider the highest level of private connectivity to Azure services
- Azure Bastion: Deploy for secure RDP and SSH access to your VMs
Connectivity Options
- VNet Peering: For connecting to other Azure VNets
- VPN Gateway: For site-to-site connections to on-premises networks
- ExpressRoute: For dedicated private connections to Azure
FAQs
What is VNet in Azure
Azure Virtual Network (VNet) is your private network in Azure. It represents your Private network on the cloud. Your Azure virtual machines (VMs) can communicate securely with each other using the virtual network you create.
For higher security, you can divide a VNet into multiple subnets.
This is a small introduction to the VNet in Azure. Now, assuming you have a bit of an idea of what a VNet in Azure is, let’s discuss the prerequisites needed to create one.
What is Azure subnet?
- A subnet is a crucial concept to understand when working with virtual networks.
- Dividing a network into smaller networks is known as subnetting.
- An Azure subnet is a range of IP addresses in the Azure virtual network.
- It’s better to divide a virtual network into multiple subnets for enhanced security.
- It’s all about dividing the IP range of a Virtual network into multiple subnet IP ranges.
- The Azure resources within the Azure subnet can communicate with each other. Additionally, with the help of Network Security Groups (NSGs), Azure resources across different Azure subnets within the same Azure virtual network can also communicate with each other.
- The role of Network Security Groups (NSGs) is crucial, as they help control traffic from or to the subnets.
Wrapping Up
Well, in this article, we have discussed how to create a VNet in Azure. I hope you enjoyed this article !!!
You may also like the following articles below
I am Rajkishore, and I am a Microsoft Certified IT Consultant. I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machines, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more.
