5.1.2.1. Configure Public and Private IP Addresses

💡 First Principle: IP addresses are the fundamental identifiers for network communication; configuring them correctly (public vs. private, static vs. dynamic) is essential for enabling controlled, secure, and reliable connectivity for all Azure resources.

Scenario: You are deploying a production web server on an Azure Virtual Machine. It needs a static public IP address for users to access it, and a static private IP address for communication with a backend database. The public IP address should be resilient to Availability Zone failures.

What It Is: IP addresses are numerical labels assigned to devices connected to a computer network.

Private IP Addresses:

• Used for internal communication within a VNet or with on-premises networks.
• Assignment: Dynamic (default) or Static (reserved).
• Use cases: Internal VMs, databases, and load balancers.

Public IP Addresses:

• Enable inbound/outbound communication with the internet.
• SKUs:
  • Basic: Legacy, limited features.
  • Standard: Zone-redundant by default, secure by default, recommended for production.
• Assignment: Dynamic or static.
• Use cases: Public-facing web servers, load balancers, VPN gateways.

Visual: Public vs. Private IP Addresses

Loading diagram...

⚠️ Common Pitfall: Using the Basic SKU for public IP addresses in production. Standard SKU offers critical features like Availability Zone redundancy and is secure by default (requiring explicit NSG rules for inbound traffic).

Key Trade-Offs:

• Static vs. Dynamic IP: Static IPs provide a consistent address but may incur a small cost even when unassigned. Dynamic IPs are free when the resource is deallocated but are not predictable.

Reflection Question: How does configuring public and private IP addresses (including dynamic vs. static, and Basic vs. Standard SKUs for public IPs) fundamentally provide controlled, secure connectivity for Azure resources, balancing accessibility and security for diverse communication needs?