Azurecloud~30 mins

Why network isolation matters in Azure - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why network isolation matters

📖 Scenario: You are setting up a simple cloud environment in Azure for a small company. The company wants to keep their sensitive data safe and separate from the public internet and other parts of their network.Think of it like having a private room in a house where only certain people can enter, keeping important things safe from strangers.

🎯 Goal: Build a basic Azure virtual network with network isolation by creating a virtual network and a subnet with network security group rules that block all inbound traffic except from a trusted IP address.

📋 What You'll Learn

Create an Azure virtual network named MyVNet with address space 10.0.0.0/16

Create a subnet named SecureSubnet within MyVNet with address prefix 10.0.1.0/24

Create a network security group named NSG-SecureSubnet with a rule to allow inbound traffic only from IP 203.0.113.5

Associate the network security group NSG-SecureSubnet with the subnet SecureSubnet

💡 Why This Matters

🌍 Real World

Network isolation is like having private rooms in a building where only authorized people can enter. It protects sensitive data and systems from unwanted access.

💼 Career

Understanding network isolation is essential for cloud engineers and security professionals to design secure cloud environments that protect company resources.

Progress0 / 4 steps

Create the Azure virtual network

Create an Azure virtual network named MyVNet with the address space 10.0.0.0/16 using the az network vnet create command.

Azure

# Use az network vnet create to make MyVNet with 10.0.0.0/16
# Your code here

Need a hint?

Use the Azure CLI command az network vnet create with the --name and --address-prefixes options.

Create the subnet inside the virtual network

Create a subnet named SecureSubnet inside the virtual network MyVNet with the address prefix 10.0.1.0/24 using the az network vnet subnet create command.

Azure

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefixes 10.0.0.0/16
# Create SecureSubnet with 10.0.1.0/24 inside MyVNet
# Your code here

Need a hint?

Use az network vnet subnet create with --name SecureSubnet and specify the virtual network name with --vnet-name MyVNet.

Create a network security group with a rule to allow trusted IP

Create a network security group named NSG-SecureSubnet using az network nsg create. Then add a security rule named AllowTrustedIP that allows inbound traffic from IP 203.0.113.5 on all ports using az network nsg rule create.

Azure

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefixes 10.0.0.0/16
az network vnet subnet create --name SecureSubnet --resource-group MyResourceGroup --vnet-name MyVNet --address-prefixes 10.0.1.0/24
# Create NSG-SecureSubnet and add AllowTrustedIP rule for 203.0.113.5
# Your code here

Need a hint?

Create the NSG first, then add a rule with az network nsg rule create specifying the source IP and allowing inbound traffic.

Associate the network security group with the subnet

Associate the network security group NSG-SecureSubnet with the subnet SecureSubnet in the virtual network MyVNet using az network vnet subnet update.

Azure

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefixes 10.0.0.0/16
az network vnet subnet create --name SecureSubnet --resource-group MyResourceGroup --vnet-name MyVNet --address-prefixes 10.0.1.0/24
az network nsg create --resource-group MyResourceGroup --name NSG-SecureSubnet
az network nsg rule create --resource-group MyResourceGroup --nsg-name NSG-SecureSubnet --name AllowTrustedIP --priority 100 --direction Inbound --access Allow --protocol '*' --source-address-prefixes 203.0.113.5 --source-port-ranges '*' --destination-address-prefixes '*' --destination-port-ranges '*'
# Associate NSG-SecureSubnet with SecureSubnet
# Your code here

Need a hint?

Use az network vnet subnet update with --network-security-group NSG-SecureSubnet to link the NSG to the subnet.