To enable communication between virtual machines (VMs) located in different virtual networks (VNets) in Azure, the most efficient and recommended approach—according to Microsoft Azure Administrator documentation—is to use VNet peering.
1. Background and Scenario Analysis
From the case study:
VM1 and VM4 are located in different VNets (VNET1 and VNET3).
The requirement is to ensure that VM1 can communicate with VM4.
The solution must minimize administrative effort and cost.
2. Microsoft Documentation Insight: VNet Peering
According to Microsoft Learn: “Virtual network peering”:
“Virtual network peering seamlessly connects two Azure virtual networks. The virtual networks appear as one for connectivity purposes. Traffic between peered virtual networks uses private IP addresses, as if they were part of the same network, and the traffic stays entirely on the Microsoft backbone network.”
Key characteristics of VNet peering:
Enables private IP connectivity between resources across peered VNets.
No need to deploy or maintain gateways (unlike VPN gateways).
Provides low latency and high bandwidth.
Supports transitive routing through additional configurations.
Minimal administrative overhead — peering can be created with just a few clicks or PowerShell/CLI commands.
3. Why the Other Options Are Incorrect
A. Create a user-defined route (UDR) from VNET1 to VNET3.
❌ A UDR alone cannot enable connectivity between VNets unless a gateway or peering already exists. Without a connection path, a route has no effect.
B. Assign VM4 an IP address of 10.0.1.5/24.
❌ This would attempt to place VM4 in the same subnet as VM1, but cross-VNet subnet IP assignment is not possible in Azure. Each VNet has its own isolated address space.
D. Create an NSG and associate it with VM1 and VM4.
❌ Network Security Groups control traffic filtering within or between existing network connections. They do not create connectivity between isolated VNets.
4. Why Peering Is the Correct and Simplest Solution
Establishing VNet peering between VNET1 and VNET3 will:
Instantly enable bidirectional private IP communication between VM1 and VM4.
Minimize administrative effort (no gateways, routing tables, or IP reconfiguration).
Maintain security and performance through Microsoft’s internal backbone.
Avoid additional costs compared to deploying VPN gateways.
5. Implementation Summary
Steps to configure:
In the Azure Portal, go to VNET1 → Peerings → Add.
Choose VNET3 as the peer virtual network.
Enable Allow virtual network access in both directions.
Once completed, both VMs (VM1 and VM4) will communicate using their private IPs.
Final Verified Answer: ✅ C. Establish peering between VNET1 and VNET3
References (Microsoft Official Documentation):
Microsoft Learn — Virtual network peering overview
Microsoft Learn — Create, change, or delete a virtual network peering
Microsoft Learn — Azure virtual network connectivity options and recommendations
