Microsoft Azure services and VMs operate in an isolated environment by default. For example, if you were to create two VMs in Azure infrastructure as a service, these VMs would not be able to communicate with each other, unless you connected them with an Azure virtual network.
You can deploy two types of networks in the Microsoft Azure cloud: a cloud-only network and a hybrid network. The cloud-only virtual network (VNet) allows Azure services and VMs to talk to one another by connecting them through the same Azure VNet. The hybrid network, on the other hand, allows Azure services and VMs to communicate with on-premises services. For example, you could create a VM in Azure infrastructure as a service (IaaS) that hosts an Active Directory domain controller and provides authentication and authorization services to the Azure services, but that VM is configured to sync its data -- users and security groups -- from the Active Directory domain controllers deployed on premises. This configuration requires you to extend your Azure VNet connectivity on premises by configuring a site-to-site virtual private network (VPN) or ExpressRoute back to your organization's data center.
The benefit of using a cloud-only VNet
The major benefit of creating a cloud-only VNet is connected Azure services and VMs don't hinder production workloads running on Azure. A cloud-only VNet provides isolation. Azure services and VMs connected to an Azure VNet don't cross the network boundary defined by the Azure VNet, which, in turn, helps you run a set of Azure services and VMs in an isolated mode. A cloud-only VNet also allows you to use private IP addresses.
Why create a cloud-only VNet?
There are several reasons why you would want to deploy a cloud-only VNet. I've listed a few below:
- Testing production workloads. While most organizations have already been using Azure to host their production workloads, some are still in the process of testing before they decide to move their production workloads to Azure. You can deploy your line-of-business servers in Azure IaaS VMs and connect these VMs to a cloud-only network, which, in turn, allows you to do testing of application performance in Azure before you decide to move production workloads from on premises to Azure IaaS.
- Ongoing development testing. If you're a developer and require a small network to test network applications, a cloud-only VNet is the best choice.
- Deploying a SharePoint farm. You might want to deploy SharePoint farms that allow your employees to access SharePoint services over the public internet. Such deployments don't require connectivity to on-premises resources; in other words, there's no need to configure a site-to-site VPN or ExpressRoute connection to your on-premises data center.
Ways to create a cloud-only VNet
There are several ways to create an Azure VNet. You can use Azure Portal, Azure Resource Manager in PowerShell, Azure Command-Line Interface or a network configuration file. The network configuration file deployment method is supported by Azure Classic mode. Since Azure Resource Manager in PowerShell Version 1.0 can reduce complexity in the code and save time when it comes to interacting with Azure resources, we're going to look at how to create a cloud-only VNet using this method.
Assuming you have signed up for an Azure subscription, you can execute the PowerShell commands listed in the steps below to create a cloud-only VNet.
First, since it's recommended to associate every Azure resource you deploy with a resource group, we will create a resource group by executing the command shown below:
New-AzureRmResourceGroup -Name CloudOnlyResGroup -Location "West US"
Next, use the New-AzureRMVirtualNetwork PowerShell cmdlet to create an Azure VNet in the CloudOnlyResGroup:
New-AzureRmVirtualNetwork -ResourceGroupName CloudOnlyResGroup -Name CloudOnlyNet -AddressPrefix 10.0.0.0/16 -Location "West US"
Note that the command shown above both creates the Azure VNet, as well as an address space that will be used by the resources and VMs connected to the VNet.
Finally, add a subnet to the Azure VNet by executing the following commands:
$CloudOnlyvNetVar = Get-AzureRmVirtualNetwork -ResourceGroupName CloudOnlyResGroup -Name ClouldOnlyNet
Add-AzureRMVirtualNetworkSubnetConfig –Name Subnet1 –VirtualNetwork $CloudOnlyvNetVar –AddressPrefix 10.0.2.0/24
Set-AzureRMVirtualNetwork –VirtualNetwork $CloudOnlyvNetVar
Once you have created your Azure VNet, you can start associating Azure VMs and services with it.
As you can see, creating a cloud-only VNet offers several benefits. You can deploy a cloud-only VNet for testing production workloads, for deploying SharePoint farms and for ongoing development testing. The Azure cloud-only VNet keeps Azure VMs and services running in an isolated environment, which, in turn, allows you to keep Azure production workloads untouched by Azure VMs and services connected to a cloud-only VNet.