Deploying Azure virtual machines isn’t restricted to a single region or resource group. You could have a web server in Australia, an application server in the US, and a code server somewhere in Europe.
When you have a dispersed deployment like this, you must ensure that these servers can communicate with each other over the network. These VMs are connected to separate virtual networks in different resource groups or regions.
How do you make these different networks talk to each other? You can set up the Azure virtual network peering.
In this tutorial, we’ll learn how to connect Azure virtual networks using Azure vNet peering. And we’ll do all of it using PowerShell.
Requirements
- Access to an Azure tenant with permission to create resources. Typically, an Owner role on the Azure subscription should cover the permissions needed.
- Install the Azure PowerShell module on your computer. Alternatively, you can also perform the commands using the Azure Cloud Shell. Either option should work the same.
Create the Azure Resources
In this post, we’ll create two virtual machines in different regions. These resources will enable us to demonstrate the Azure vNet peering hands-on.
Below are the details of the two virtual machines we’ll use:
| VM1 | VM2 | |
| VM Name | DC-VIRGINIA | DC-CALIFORNIA |
| Resource Group | RG_VIRGINIA | RG_CALIFORNIA |
| Location | East US | West US |
| Virtual Network and Name | 10.0.0.0/16 (RG_VIRGINIA_VNet) | 10.1.0.0/16 (RG_CALIFORNIA_VNet) |
| Subnet | 10.0.2.0/24 | 10.1.3.0/24 |
| IP Address | 10.0.2.4 (DHCP) | 10.1.3.4 (DHCP) |
| Username | vmadmin | vmadmin |
| Password | Busybody3-Caliber-Unexpired | Busybody3-Caliber-Unexpired |
| Operating System Image | win2019datacenter | win2019datacenter |
| VM Size | Standard_B2ms | Standard_B2ms |
Deploy the First Virtual Machine
Using the table in the previous section, let’s deploy the first virtual machine and all its associated resources.
Run the below command to create the RG_VIRGINIA resource group in the East US location.
## Create the resource group named RG_VIRGINIA in East US. New-AzResourceGroup -Name 'RG_VIRGINIA' -Location 'East US'
Next, create the subnet and virtual network resources.
## Create the Subnet $RG_VIRGINIA_Subnet = New-AzVirtualNetworkSubnetConfig ` -Name "RG_VIRGINIA_Subnet" ` -AddressPrefix '10.0.2.0/24' ## Create the Virtual Network New-AzVirtualNetwork ` -Name 'RG_VIRGINIA_VNet' ` -ResourceGroupName 'RG_VIRGINIA' ` -Location 'East US' ` -AddressPrefix '10.0.0.0/16' ` -Subnet $RG_VIRGINIA_Subnet
Finally, deploy the second virtual machine as another background job.
$vmCredential = [pscredential]::new('vmadmin', (ConvertTo-SecureString -String 'Busybody3-Caliber-Unexpired' -AsPlainText -Force))
New-AzVM -ResourceGroupName 'RG_CALIFORNIA' `
-Name 'DC-CALIFORNIA' `
-Location 'West US' `
-VirtualNetworkName 'RG_CALIFORNIA_VNet' `
-SubnetName 'RG_CALIFORNIA_Subnet' `
-AddressPrefix '10.1.3.0/24' `
-PublicIpAddressName 'DC-CALIFORNIA-IP' `
-OpenPorts 3389 `
-Image 'win2019datacenter' `
-Size 'Standard_B2ms' `
-Credential $vmCredential -AsJob
PowerShell creates a job for the VM creation.
Deploy the Second Virtual Machine
While waiting for the first VM deployment to finish, let’s deploy the second VM using the same procedure.
Create the RG_CALIFORNIA resource group in the West US location.
## Create the resource group named RG_CALIFORNIA in West US. New-AzResourceGroup -Name RG_CALIFORNIA -Location 'West US'
Next, create the subnet (10.1.3.0/24) and virtual network (10.0.0.0/16) resources.
## Create the Subnet $RG_CALIFORNIA_Subnet = New-AzVirtualNetworkSubnetConfig ` -Name "RG_CALIFORNIA_Subnet" ` -AddressPrefix '10.1.3.0/24' ## Create the Virtual Network New-AzVirtualNetwork ` -Name 'RG_CALIFORNIA_VNet' ` -ResourceGroupName 'RG_CALIFORNIA' ` -Location 'West US' ` -AddressPrefix '10.1.0.0/16' ` -Subnet $RG_CALIFORNIA_Subnet
Now, deploy the virtual machine as a background job.
$vmCredential = [pscredential]::new('vmadmin', (ConvertTo-SecureString -String 'Busybody3-Caliber-Unexpired' -AsPlainText -Force))
New-AzVM -ResourceGroupName 'RG_VIRGINIA' `
-Name 'DC-VIRGINIA' `
-Location 'East US' `
-VirtualNetworkName 'RG_VIRGINIA_VNet' `
-SubnetName 'RG_VIRGINIA_Subnet' `
-AddressPrefix '10.0.2.0/24' `
-PublicIpAddressName 'DC-VIRGINIA-IP' `
-OpenPorts 3389 `
-Image 'win2019datacenter' `
-Size 'Standard_B2ms' `
-Credential $vmCredential -AsJob
Verify the VM Deployment
Check the status of the PowerShell jobs. The state for both jobs will say Completed if the deployment is successful.
Now, retrieve the Azure VMs to confirm that they exist.
Log In to the New Azure Virtual Machines
Now that the servers are deployed, let’s log in to the VMs.
First, get each VM’s public IP address.
(Get-AzPublicIpAddress -Name DC-VIRGINIA-IP).IpAddress (Get-AzPublicIpAddress -Name DC-CALIFORNIA-IP).IpAddress
Once you have each VM’s public IP address, open your RDP client and log in to the VMs.
Reminder. Use vmadmin and Busybody3-Caliber-Unexpired as the username and password.
Confirm the hostname and IP addresses of both virtual machines.
$env:COMPUTERNAME Get-NetIPAddress -InterfaceAlias Ethernet -AddressFamily IPv4
Allow ICMP (PING) on the Windows Firewall
This next step ensures the Windows firewall allows ICMP requests (PING) on both computers. Doing so will enable you to test the network communication between the two.
Run these commands in PowerShell on both VMs:
## Enable ICMP on Windows Firewall New-NetFirewallRule -DisplayName "Allow inbound ICMPv4" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -Action Allow New-NetFirewallRule -DisplayName "Allow inbound ICMPv6" -Direction Inbound -Protocol ICMPv6 -IcmpType 8 -Action Allow
At this point, ICMP requests between the two VMs will fail even after adding the firewall rule. The reason is that we haven’t configured the Azure vNet peering yet.
Configure Azure vNet Peering
At last, we’re ready to create the Azure vNet peering between the two VMs. Since there are two virtual networks, we’ll create the Azure vNet peering configuration for both.
First, let’s store each virtual network into a variable. To do so, run the following commands in your Azure PowerShell session.
$vnet1 = Get-AzVirtualNetwork -Name 'RG_VIRGINIA_VNet' $vnet2 = Get-AzVirtualNetwork -Name 'RG_CALIFORNIA_VNet'
Now, create the Azure virtual network peering configuration (RG_VIRGINIA_VNet-to-RG_CALIFORNIA_VNet) on RG_VIRGINIA_VNet. The remote virtual network is RG_CALIFORNIA_VNet.
## VIRGINIA to CALIFORNIA Add-AzVirtualNetworkPeering ` -Name 'RG_VIRGINIA_VNet-to-RG_CALIFORNIA_VNet' ` -VirtualNetwork $vnet1 ` -RemoteVirtualNetworkId $vnet2.Id
Next, create the RG_CALIFORNIA_VNet-to-RG_VIRGINIA_VNet virtual network peering.
## CALIFORNIA to VIRGINIA Add-AzVirtualNetworkPeering ` -Name 'RG_CALIFORNIA_VNet-to-RG_VIRGINIA_VNet' ` -VirtualNetwork $vnet2 ` -RemoteVirtualNetworkId $vnet1.Id
Confirm whether both Azure virtual network peering are in sync and connected.
Get-AzVirtualNetworkPeering ` -VirtualNetworkName RG_VIRGINIA_VNet ` -ResourceGroupName RG_VIRGINIA | ` Select-Object ` Name, PeeringSyncLevel, PeeringState Get-AzVirtualNetworkPeering ` -VirtualNetworkName RG_CALIFORNIA_VNet ` -ResourceGroupName RG_CALIFORNIA | ` Select-Object ` Name, PeeringSyncLevel, PeeringState
As you can see, both Azure vNet peering are connected, which indicates success.
Go back to each VM and test the network connectivity again with PING. As you can see, the examples below show that the two virtual networks are now connected.
Conclusion
The Azure virtual network peering feature makes connecting different virtual networks in separate regions or resource groups as easy as can be. Being able to do the configuration from PowerShell is a big plus, especially when part of a larger deployment scenario where automation is a must.
