A Practical Lab Guide from Beginner to Pro.
Behind every secure, reliable, and scalable Azure environment is a well-designed network foundation.
Azure Virtual Network enables secure communication between Azure resources, internet access, and hybrid connectivity to on-premises environments. Poor planning at this layer often leads to IP exhaustion, security gaps, and costly redesigns.
In this hands-on lab, you’ll learn how to design and deploy a clean Azure VNet, structure subnets correctly, and apply resource tagging for governance and cost management—the same way it’s done in real enterprise environments.
Lab Objectives
By the end of this lab, you will be able to:
-
Plan an Azure VNet IP address space correctly
-
Create a Virtual Network using the Azure Portal
-
Design logical subnets for different workloads
-
Apply consistent Azure resource tagging
-
Avoid common subnetting and governance mistakes
What Are Azure VNets and Subnets?
Azure Virtual Network (VNet)
A VNet is a private, isolated network in Azure that allows resources such as VMs, databases, and containers to communicate securely.
Azure Subnets
Subnets divide a VNet into logical network segments. Each subnet:
-
Has its own CIDR range
-
Hosts specific workloads
-
Enables isolation and security boundaries
Why Subnet Design Matters
A well-designed subnet strategy:
-
Keeps traffic organized
-
Improves security
-
Simplifies scaling and future expansion
Step-by-Step Lab: Deploying a Clean Azure Network
Step 1: Plan Your IP Address Space
Before creating anything, plan your address space carefully.
Example VNet CIDR
10.0.0.0/16 This provides 65,536 IP addresses, allowing room for growth.
Best Practices
- Use private, non-overlapping IP ranges
- Avoid conflicts with on-prem networks
- Leave space for future growth, peering, and hybrid connectivity
- Reserve smaller prefixes (e.g. /24) for your VNet address space; reserve those for subnets
- Plan for peering, VPN, or ExpressRoute early
Step 2: Create a virtual network (VNet) with subnets using the portal
- Sign in to the Azure portal: https://portal.azure.com
- Search for and select Virtual Networks
- Select Create on the Virtual networks page.
- Complete the Basics tab:
- Subscription, Resource Group, VNet Name, Region
Best Practice – Naming Convention (Recommended)
[environment]-[service]-vnet
Example: prod-infra-vnetStep 3: Configure Subnets
Navigate to the IP Addresses tab.
Select + Add a subnet or Edit Default Subnet. Complete the name and address information for each subnet.
Divide the VNet’s address space into subnets based on workload type or security requirements:
| Subnet Name | Address Prefix | Purpose |
|---|---|---|
| web-subnet | 10.0.1.0/24 | Web servers |
| app-subnet | 10.0.2.0/24 | Application layer |
| db-subnet | 10.0.3.0/24 | Databases |
Key Design Principles
-
One workload type per subnet
-
Leave room for expansion
-
Avoid mixing tiers in a single subnet
Click Review + Create, validate, and deploy.
Step 4: Apply Resource Tagging
Apply tags during creation or after deployment.
Common Enterprise Tags
| Key | Example Value |
|---|---|
| Environment | Production |
| Owner | IT |
| CostCenter | 1001 |
| Project | Network-Foundation |
Why Tagging Is Critical in Azure
Azure tags are key-value pairs applied to resources to improve:
-
Cost tracking
-
Resource ownership
-
Governance and compliance
-
Automation and reporting
Without consistent tagging, Azure environments quickly become hard to manage and expensive to operate.
Common Mistakes to Avoid
Poor subnetting can lead to:
-
Running out of IPs unexpectedly
-
Broken service communication
-
Hybrid connectivity failures
-
Security gaps
These issues slow projects, increase costs, and frustrate teams.
Key Takeaway
Smart Azure networking is not just a technical exercise; it’s foundational architecture.
Well-planned VNets, logical subnetting, and consistent tagging ensure:
-
Scalability
-
Security
-
Cost control
-
Long-term maintainability
Design it right from day one.
