This page covers key concepts related to network setup and security for Azure Linux Virtual Machines (VMs).
12. Configure Virtual Network (VNet)
What is a VNet? An Azure VNet is an isolated network space that you define within the Azure cloud. When a VM is created, it is deployed into a subnet within a specific VNet. This allows you to control communication between VMs and with the external internet.
Key Considerations:
- IP Address Space: Define the private IP address range (CIDR block) that your VNet will use.
- Subnets: VNets are divided into smaller logical units called subnets. Each subnet can have its own IP range and security rules.
- Connectivity: You can connect to on-premises networks via VPN Gateway or ExpressRoute.
How to Configure:
When creating a VM, on the 'Networking' tab, you can select an existing virtual network or create a new one. In most cases, default settings are sufficient, but for complex architectures, planning beforehand is essential.
13. Network Security Group (NSG)
What is an NSG? An NSG is a collection of security rules that filter network traffic going to and from Azure resources (e.g., VMs). It acts as the first firewall layer for your VM.
Key Rules:
- Inbound Security Rules: Rules for incoming traffic.
- SSH (Port 22): Must be allowed for remote access to your VM. It's generally recommended to restrict access to specific source IPs (e.g., your IP).
- HTTP (Port 80) / HTTPS (Port 443): If running a web server, these ports must be open to 'Any' source or a specific IP range to allow web traffic.
- Outbound Security Rules: Rules for outgoing traffic. By default, all outbound traffic is allowed.
How to Configure:
When creating a VM, on the 'Networking' tab, you can create a new NSG or select an existing one. In 'Inbound port rules', choose whether to allow public inbound ports like 'SSH (22)', 'HTTP (80)', and 'HTTPS (443)'.
14. Public IP Address
What is a Public IP Address? A Public IP address is an externally accessible IP address assigned to an Azure VM, allowing it to communicate with the internet. This address enables SSH access and web service access.
Key Considerations:
- Dynamic vs. Static: By default, a dynamic IP is assigned, but it can change when the VM is stopped and started. Assigning a static IP ensures the IP address persists even after VM restarts, guaranteeing service continuity.
- SKU: Basic and Standard SKUs are available; Standard SKU offers Availability Zone support, stronger security features, etc.
How to Allocate:
You can configure a public IP to be automatically assigned during VM creation. After the VM is created, you can navigate to the public IP resource and change its 'Assignment' from 'Dynamic' to 'Static' under 'Configuration' to make it a static IP.
15. Connect Using an SSH Client
Once your Azure Linux VM is created and in a running state, you can connect to it using an SSH client with the SSH private key you configured earlier.
How to Connect (Linux/macOS Terminal):
- Change permissions for your downloaded private key file:
chmod 400 your_private_key.pem
- Connect using the SSH command. The username is the administrator username you set during VM creation (default: `azureuser`).
ssh -i "your_private_key.pem" your_admin_username@YOUR_VM_PUBLIC_IP
How to Connect (Windows - PuTTY):
- Use PuTTYgen to convert your `.pem` or other private key file to the `.ppk` format.
- In PuTTY, enter the Host Name (username@PublicIP) and load the converted `.ppk` private key file in the 'Connection' > 'SSH' > 'Auth' section.
- Click 'Open' to connect.