Skip to main content

Overview

Azure Virtual Networks (VNets) provide isolated network environments for your Azure resources. Multi-Cloud Manager enables you to create, list, and manage VNets across all your Azure subscriptions.

Listing Virtual Networks

API Endpoint

GET /api/azure/vnets

Implementation Details

The list operation discovers VNets across all accessible subscriptions and resource groups: Source: /workspace/source/project/backend/azure_modules/vnet.py:8 
def list_vnets():
    credential = FlaskCredential()
    sub_client = SubscriptionClient(credential)
    
    for sub in sub_client.subscriptions.list():
        subscription_id = sub.subscription_id
        rg_client = ResourceManagementClient(credential, subscription_id)
        nt_client = NetworkManagementClient(credential, subscription_id)
        
        for rg in rg_client.resource_groups.list():
            for vnet in nt_client.virtual_networks.list(rg.name):
                # Process VNet information

Response Format

{
  "value": [
    {
      "subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "resourceGroup": "my-resource-group",
      "network": "my-vnet",
      "subnets": ["subnet-1", "subnet-2"]
    }
  ]
}

Response Fields

value
array
Array of VNet objects

Creating a Virtual Network

API Endpoint

POST /api/azure/vnet/create
Content-Type: application/json

Request Body

{
  "subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "vnetName": "my-new-vnet",
  "rgName": "my-resource-group",
  "location": "eastus"
}

Request Parameters

subscriptionId
string
required
Azure subscription ID where the VNet will be created
vnetName
string
required
Name for the new Virtual Network
rgName
string
required
Existing resource group name
location
string
required
Azure region (e.g., “eastus”, “westeurope”, “southeastasia”)

Implementation Details

Source: /workspace/source/project/backend/azure_modules/vnet.py:38 The VNet creation uses the Azure Network Management Client with the following configuration: 
network_client = NetworkManagementClient(credential, subscription_id)

nt_result = network_client.virtual_networks.begin_create_or_update(
    rg,
    vnet,
    {
        "location": location,
        "address_space": {"address_prefixes": ["10.0.0.0/16"]},
    },
)

Default Configuration

VNets are created with a default address space of 10.0.0.0/16, which provides 65,536 IP addresses for your resources.

Address Space Details

CIDR BlockIP RangeAvailable IPsUse Case
10.0.0.0/1610.0.0.0 - 10.0.255.25565,536Default (small to medium deployments)
10.0.0.0/810.0.0.0 - 10.255.255.25516,777,216Large enterprise deployments
172.16.0.0/12172.16.0.0 - 172.31.255.2551,048,576Medium to large deployments
192.168.0.0/16192.168.0.0 - 192.168.255.25565,536Small deployments

Response

Success (200): 
{
  "message": "Utworzono vnet: my-new-vnet w eastus"
}
Error (400): 
{
  "error": "Brak wymaganych danych"
}
Error (401): 
{
  "error": "Unauthorized"
}
Error (500): 
{
  "error": "Detailed error message from Azure SDK"
}

Authentication

All VNet operations require authentication via Azure OAuth:
1

Session Token

The access_token must be present in the user session
2

FlaskCredential

Custom credential provider retrieves token from Flask session
3

SDK Authentication

Token is used to authenticate Azure SDK clients
Source: /workspace/source/project/backend/azure_modules/vnet.py:9-10 
if "access_token" not in session:
    return jsonify({"error": "Unauthorized"}), 401

Resource Hierarchy

Understanding Azure’s resource organization: 
Azure Active Directory Tenant
└── Subscription
    └── Resource Group
        └── Virtual Network (VNet)
            ├── Address Space (10.0.0.0/16)
            ├── DNS Servers (optional)
            ├── DDoS Protection (optional)
            └── Subnets
                ├── Subnet 1 (10.0.1.0/24)
                └── Subnet 2 (10.0.2.0/24)

Network Management Client

SDK Reference

Source: /workspace/source/project/backend/azure_modules/vnet.py:3 
from azure.mgmt.network import NetworkManagementClient

Key Operations

OperationMethodDescription
List VNetsvirtual_networks.list(resource_group)Lists all VNets in a resource group
Create VNetvirtual_networks.begin_create_or_update()Creates or updates a VNet
Get VNetvirtual_networks.get()Gets details of a specific VNet
Delete VNetvirtual_networks.begin_delete()Deletes a VNet

Network Isolation

VNet-Level Isolation

Virtual Networks provide complete isolation by default:
  • Resources in different VNets cannot communicate without explicit connectivity (peering or gateway)
  • Each VNet has its own address space
  • Network Security Groups (NSGs) control inbound/outbound traffic

Subnet Segmentation

Within a VNet, subnets provide micro-segmentation:
  • Different subnets can host different resource types
  • NSGs can be applied at subnet level
  • Service endpoints can be enabled per subnet

Connectivity Scenarios

VNet Peering

Connect VNets within the same region or across regions:
  • Low-latency, high-bandwidth connections
  • Traffic stays on Microsoft backbone network
  • No gateway required

VPN Gateway

Secure connections for:
  • VNet-to-VNet across subscriptions
  • Site-to-Site VPN to on-premises
  • Point-to-Site for individual clients

ExpressRoute

Dedicated private connections:
  • Does not traverse public internet
  • Predictable latency and bandwidth
  • Supports up to 100 Gbps

Best Practices

Plan Your Address Space: Choose non-overlapping address spaces if you plan to connect VNets via peering or VPN.
Use Resource Groups: Organize related network resources in the same resource group for easier management.
Address Space Cannot Be Changed: Once created, you cannot modify the address space. Plan carefully before creation.

Common Use Cases

Development Environment

VNet: dev-vnet (10.0.0.0/16)
├── web-subnet (10.0.1.0/24) - Web tier
├── app-subnet (10.0.2.0/24) - Application tier
└── db-subnet (10.0.3.0/24) - Database tier

Multi-Region Deployment

East US VNet (10.0.0.0/16)
├── Connected via VNet Peering
West Europe VNet (10.1.0.0/16)

Hybrid Cloud

On-Premises Network (192.168.0.0/16)
    |
    | VPN Gateway
    |
Azure VNet (10.0.0.0/16)

Troubleshooting

Error: “Brak wymaganych danych”

Ensure all required fields are provided in the request:
  • subscriptionId
  • vnetName
  • rgName
  • location

Error: “Unauthorized”

Verify that:
  • User is authenticated with Azure
  • Access token is present in session
  • Token has not expired

VNet Creation Fails

Common causes:
  • Resource group does not exist
  • Invalid location name
  • Insufficient permissions in subscription
  • Quota limits reached

Next Steps

Subnet Management

Learn how to create and manage subnets within your VNet

GCP VPCs

Compare with GCP VPC networking

Build docs developers (and LLMs) love

Get started for freeTalk to us