Seems like a lot of attention being given to Virtual Networks. That's fine, but... if all you're trying to do is create a multi-tier app with a handful of VMs working in conjunction with each other, you can simply create multiple VMs within the same cloud service (that is, they all live in xyz.cloudapp.net
).
They'll all sit behind a single public IP address, but consider your case where you have a web server and a database server:
- Expose ports 80 and 443 specifically for the web server(s) (you can have multiple, and load-balance the ports across these VMs
- Don't expose any public ports for the database server
Once deployed to the same cloud service, each VM in the cloud service can talk directly to any other VM in the cloud service, using the host name you assigned to it.
You can also deploy your web and database tiers to different cloud services, and still communicate between them without a Virtual Network. If you open, say, port 1433 on your database server, now your web tier can simply open a connection to yourdb.cloudapp.net:1433
. Of course, this means the entire world can do the same, but... you can apply an endpoint ACL (access control list) on yourdb.cloudapp.net
port 1433, and allow only the public VIP of your web tier's cloud service.
You'd need a Virtual Network if your web and database tiers are in separate cloud services and you don't want any exposed ports on your data tier, and you don't want to go through the built-in load balancer.