Microsoft Azure VNET , VM , Subnet and Security Tutorial |

Microsoft Azure VNET , VM , Subnet and Security Tutorial

The Goal of this lab is to create a VNET Network = ; then inside of it I will create three Subnets as follow

Public Subnet 1 =

Private Subnet 2=

Public Subnet 3 =


Then we will bootup a Windows 2019 server on Subnet1 and Subnet 3 and we call it VAWebserver1 and VAWebserver3 ; then we will install IIS ( Web server) and we will create a single home page called it index.html and we will make sure after all is finished we will be able to see the content of it from outside world.

Step 1) Login into Azure Portal ; then created a Resource group called “ResourcegroupWebserver”

Step 2) Go on Top and search for VNET ( this is similar to AWS called VPC) and create a VNET= in VA (us-east)

Step 3) VNET name =VAVnet10.0.0.0-16

Step 4) on Ip address tab ; lets delete what is there and the create a new VNET=

and delate Default Subnet and create these subnet


Public Subnet 1 =

Private Subnet 2=

Public Subnet 3 =


We will not be using Service (This is similar to Amazon AWS S3 Enpoint =


As you see when you create above subnet we will have 251 available since 5 Ip address are reserved for : – (251 + 5 Azure reserved addresses)


The reserved Ip address is    Network ID

                                     Router IP address

                                     DNS IP address

                                     Reserved for future use

                                   Broadcast IP address


Step 5) On Security tab leave as default

Step 6) On tag tab ; nothing ; click next and review and create it.

Step 7) When you go to top and click on VNET ; you will see it and also on left side you will see all your Subnet ( as you see on the right side we do not have any security group associate in here ; later on I will do Lab on Security group that can be associated for Subnet and Interface.

Step 8) Now I go on top and add Some VM ;


Name =VAWebserver1


Infrastructure =none

Image =windows 2019




Security = RDP (port 3389)

Disk =default

Network =

Subnet =

Network Secuity group=basic

Public inbound port=3389

Load balancing =None

Step 9) On Management tab (all default Value)

Step 10) Advanced Tab= All Default

Step 11) Tags =None

Step 12) Review and Create it.

Step 13) When you created VM ; it will create all these resources : ( Go to all Resources)

vawebserver1942        Microsoft.Network/networkInterfaces

VAWebserver1-nsg    Microsoft.Network/networkSecurityGroups

VAWebserver1-ip       Microsoft.Network/publicIpAddresses

Disk                              VAWebserver1_disk1_5c7892156b194f1fb2da2fc61d4c4a95

VAWebserver1            Virtual machine

Step 14) I will go to VM ; then I will try to RDP and I will install IIS (from Server manger ) then I will go c:\inetpub\wwwroot I will create a new file called index.html

Then put this content inside of it

This is VAwebserver1

Step 15) Since my file name extension is hidden; I need to go to search box and type Folder options ; then go to View then make sure(hidden file extension is not checked) then make sure rename file from index.html.txt to index.html

 Now I can go inside the VM machine and test my websites; by typing Localhost and I should be able to see my websites ; but when I go to my laptop and paste the Public IP address of VM I will not see content of my wesites ? Why not?

Step 16) I need to go and check the security group for my VM ; the best way go on top and search for “Security group”

Then you will see VAWebserver1-nsg go there then you will see inbound rules only allowing RDP ; so I need to allow the http access ; after allowing I will test it from my laptop and I will be able to see the content of Websites

Step 17) Click Add ; then allow port 80 (TCP) from any source to any destination and name it http; save it and then test it.

Step 18) Now when I go back to Security group ; I will see on top this Security group is associated to interface , not subnets ; now I go to Public Subnet and associate it ; so any VM bootup in this subnets will have RDP and Http.

Step 19) I will do another lab ; which shows what is difference when security group is associated to interface or Subnets

Step 20) Now I will do same concept as before ; that is I will bootup another VM on PublicSubnet10.0.3.0 and I will give the name =VAWebserver3 ; I will install IIS and created an inde.html as follow

This is VA Webserver3

Step 21) after all is finished I make sure when I go to Public IP address of VA Webserver3 ; I will be able to see content of above page.


On Portal We will see this :


Inbound port rules

Select which virtual machine network ports are accessible from the public internet. You can specify more limited or granular network access on the Networking tab.


Disk=Default Value

On networking tab we will do as follow

Pick VNET =

Subent =

Network Security group= None

Then you will see :

The selected subnet ‘PublicSubne10.0.3.0-24 (’ is already associated to a network security group ‘VAWebserver1-nsg’. We recommend managing connectivity to this virtual machine via the existing network security group instead of creating a new one here.

Since I have a security associate with ( which has RDP and Http) I do not need to do anything in here.

Step 22 ) on management tab ;advanced tab and  Tag tab just pick default ;  then click review and create it.

Step 23) Now it will create these resources and we will see that VM will be using the security group that we had associated with it.


VAWebserver3-ip          Public IP address

vawebserver3425            Network interface

Disk                                 VAWebserver3_disk1_4c7400e691734ebaa67e04250af1e551

VAWebserver3                Virtual machine


Step 24) If you go to VAWebserver3 >Networking then on right side you will see it is allowing RDP and Http to this VM

Step 25) Now I will RDP to VM and install IIS and then create index.html and test it and make sure it is working good

This is VA Webserver3

Step 26) Seated at VAWebserver1 when I try to ping (Ip address of VAWebserver3) as we see it does not work? Why since my security group is not allowing ICMP ; so lets modify security group to allow ICMP

Step 27) When I go back and check the ping; I will see it does not work ? Since Microsoft has its own Firewall ; so go to VM VAserver3 and go to control panel and disable the firewall .

Our Azure Certification Training is for beginners and professionals who run enterprise architecture programs, as well as solutions architects. It covers deployment of Azure systems, Azure’s best practices, and many other topics.