The purpose of a subnet within a virtual network is to segment the larger network into smaller, more manageable sections for better organization, security, and control. Subnets allow you to allocate a portion of the virtual network's IP address space to a specific group of resources, enabling you to apply granular security policies and manage traffic flow more efficiently.
A public IP address enables internet connectivity by providing a unique, routable address for Azure resources to send and receive traffic from the internet. It allows external services to initiate connections to Azure services, such as a virtual machine or load balancer. When a resource is not assigned a dedicated public IP, Azure still enables outbound internet connectivity by automatically using Source Network Address Translation (SNAT) to a predictable public IP, which can change over time.
Assigning a public IP address to a virtual machine (VM) inside a subnet makes it directly accessible from the internet for both inbound and outbound traffic, eliminating the need for network address translation (NAT) for its primary IP. This allows for direct internet communication and enables services hosted on the VM to be reached from outside the private network, though it also introduces security considerations that must be managed with firewalls and security groups.
Network Security Groups (NSGs) act as a virtual firewall for a subnet, applying a set of rules to allow or deny traffic to all resources within that subnet. An NSG can also be associated directly with a specific network interface (NIC) for more granular control, but when linked to a subnet, its rules apply universally to all virtual machines (VMs) and resources within that subnet
Yes, a virtual machine (VM) can have multiple IP addresses within a VNet by using multiple network interfaces (NICs) attached to the VM, with each NIC capable of having its own set of private and/or public IP addresses. You can add more than one NIC to a single VM, and then assign multiple IP addresses to the VM through those different network interfaces.