Azure Virtual Network provides an isolated and secure environment to run your virtual machines and applications. You can use your private IP addresses and define subnets, access control policies, and more. With Virtual Networks, you can treat Azure just as you would your own datacenter.
Traffic between Azure resources, whether in a single region, or in multiple regions, stays in the Azure network. Intra-Azure traffic does not flow over the Internet. For example, within Azure, traffic for VM-to-VM, storage, and SQL communication traverses only the Azure network, regardless of the source and destination Azure region. Inter-region VNet-to-VNet traffic also flows entirely across the Azure network.
Within a virtual network, you can choose to run a variety of network virtual appliances—WAN optimizers, load balancers, and application firewalls—and define traffic flows, allowing you to design the network with a greater degree of control.
With Virtual Network, you can easily extend your on-premises IT environment into the cloud, much the way that you can set up and connect to a remote branch office. You have multiple options to securely connect to a Virtual Network—you can choose an IPSec VPN or a private connection using the Azure ExpressRoute service.
With Virtual Network, you can build hybrid cloud applications that securely connect to your on-premises datacenter—so an Azure web application can access an on-premises SQL Server database or authenticate users against an on-premises Active Directory service.
With Virtual Network, you can build services that rely on Azure Cloud Services and Azure Virtual Machines. Use Azure web roles for your front end and virtual machines for backend databases. Combining platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) within a virtual network gives you more flexibility and scalability in building apps.