How to Configure Azure Virtual Networks and Subnets for Virtual Machine Deployment

Introduction

Virtual networks are the foundation of communication in Microsoft Azure. They enable Azure resources to securely communicate with each other, the internet, and on-premises environments.

When deploying virtual machines and other cloud resources, proper network segmentation is important for security, performance, and future scalability.

In this guide, we'll configure Azure Virtual Networks and subnets to support the deployment of a new Linux Virtual Machine while maintaining room for future infrastructure growth.

By the end of this tutorial, you'll know how to:

• Create and manage Azure Virtual Networks
• Create and configure subnets
• Understand network segmentation concepts

Let's build a well-structured Azure network environment.

What are Azure Virtual Networks?

Azure Virtual Networks (VNets) provide private networking for Azure resources.

A VNet allows resources such as virtual machines, applications, and services to communicate securely with each other while maintaining network isolation from other Azure customers.

Subnets allow administrators to divide a virtual network into smaller network segments, making it easier to organize resources, improve security, and support future expansion.

Think of a VNet as an office building and subnets as individual departments within that building.

Scenario

ou’re helping an Azure Administrator maintain existing cloud resources. While you won’t be responsible for managing the entire infrastructure, you’ve been asked to assist with a networking and virtual machine deployment task.

Currently, there is an underutilized Linux Virtual Machine and a requirement for a new Linux VM that will function as an FTP server.

To support monitoring, network flow analysis, and resource utilization tracking, the Azure Administrator has requested that a new subnet be provisioned for the FTP server deployment. The existing subnet should remain unchanged because there are future plans to deploy additional virtual machines within that network segment.

In this lab, we will create and configure a new subnet within an Azure Virtual Network and prepare the environment for future VM deployment and monitoring.

Prerequisites

Before we begin, ensure you have:

• A Microsoft Azure account
• An active Azure subscription
• Access to the Azure Portal
• A stable internet connection

Now come with me, let's build and organize our Azure network infrastructure.

Create a new subnet on an existing virtual network (vNet)

1. Login to Microsoft Azure at
   portal.azure.com
2. From the Azure portal home page, in the search box, enter virtual networks.
3. Select virtual networks under services.
4. Select the guided-project-vnet virtual network.
5. From the guided-project-vnet blade, under settings, select Subnets.
6. To add a subnet, select + Subnet.
7. For Subnet purpose leave it as Default.
8. For Name enter: ftpSubnet.
9. Leave the rest of the settings alone and select Add.
10. Select Home to return to the Azure portal home page.

Congratulations, you’ve completed the creation of a subnet. This subnet is only going to be used for SFTP traffic. To increase security, you need to configure a Network security group to restrict which ports are allowed on the subnet.

Create a network security group

1. From the Azure portal home page, in the search box, enter virtual networks.
2. Select virtual networks under services.
3. Select Network security groups.
4. Select + Create.
5. Verify the subscription is correct.
6. Select the guided-project-rg resource group.
7. Enter ftpNSG for the network security group name.
8. Select Review + create.
9. Once the validation is complete, select Create.
10. Wait for the screen to refresh and display Your deployment is complete.
11. Select Go to resource.

Create an inbound security rule

1. Under settings, select Inbound security rules.
2. Select + Add.
3. Change the Destination port ranges from 8080 to 22.
4. Select TCP for the protocol.
5. Set the name to ftpInbound.
6. Select Add.
7. Select Home to return to the Azure portal home page.

Congratulations, you’ve created a new Network security group and configured rules to allow inbound FTP traffic. Now, you’ll need to associate the new network security group with the ftpSubnet.

Associate a network security group to a subnet

1. From the Azure portal home page, in the search box, enter virtual networks.
2. Select virtual networks under services.
3. Select the guided-project-vnet virtual network.
4. Under settings, select Subnets.
5. Select the ftpSubnet you created.
6. On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.
7. Select Save.

Nicely done. It looks like you’ve completed the work needed to prepare the network for shifting the current Linux VM to a new subnet that’s designed to handle incoming FTP traffic.

Conclusion

Congratulations on successfully configuring an Azure Virtual Network and creating a new subnet for future resource deployment.

In this lab, we explored how Azure Virtual Networks and subnets help organize cloud resources, improve network management, and support scalable infrastructure designs.

By creating a dedicated subnet for the new Linux FTP server, we prepared the environment for future monitoring, network flow analysis, and resource utilization tracking while preserving the existing subnet for future expansion.

Some key takeaways from this lab include:

• Azure Virtual Networks provide secure communication between cloud resources
• Subnets help organize and segment network resources
• Proper network planning improves scalability and manageability
• Dedicated subnets can support monitoring and workload isolation
• Network design is a foundational cloud engineering skill

By completing this exercise, you have taken another important step in building practical Azure networking and cloud administration skills.

See you in the next article.