Which subnet should be added to enable network communication interoperability

Huang, Winston-HR 280 Reputation points
2024-02-23T08:28:32.6666667+00:00

I want to use azcopy to transfer files from storage account A to storage account B. Where storage account A is in subnet a, and storage account B in subnet b, Azcopy is deployed in VM, which is in subnet c. What confuses me is when adding a network through Azure portal:

  1. Is it enough to add subnet c of VM to storage account B?
  2. Do need to add both subnet a and subnet c to storage account B ? Should I choose 1 or 2?
Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,348 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,157 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,158 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dronec 166 Reputation points
    2024-02-23T08:32:30.94+00:00

    By default Azure creates routes between all the subnets in VNet. See https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal

    so as long as all those objects are within the same Vnet, you don't need to add anything.

    0 comments
  2. Jackson Martins 9,646 Reputation points MVP
    2024-02-23T09:04:58.59+00:00

    Hi @Huang, Winston-HR You should add subnet C (where your VM is deployed) to the network rules of storage account B. This ensures that the VM can communicate with storage account B. You will also need to ensure that the VM has appropriate access to storage account A, but this does not require adding subnet A to the network rules of storage account B. Instead, you should verify that your VM's subnet (subnet C) has the necessary permissions and routes to access storage account A, which can be configured via network security groups (NSGs), service endpoints, or private links for enhanced security. In summary, focus on configuring network access for the VM in subnet C to both storage accounts individually, rather than trying to link subnet A and subnet B directly for the purpose of using AzCopy.

    Get in touch if you need more help with this issue. --please don't forget to "[Accept the answer]" if the reply is helpful--

    0 comments
  3. Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
    2024-03-02T02:29:34.7466667+00:00

    @Huang, Winston-HR Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    The simple, across the board rule, is that AzCopy must be able to talk to both the source and the destination, and the destination must be able to talk to the source.

    • AzCopy talks to the source to find out what files to copy.
    • AzCopy then talks to the destination, and instructs it to copy the files.
    • The destination then talks to the source, and attempts to get the files in question.

    Please let us know if you have any further queries. I’m happy to assist you further.    

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members

    0 comments