VMs with Multiple NICs and Virtual Network Appliances in Microsoft Azure

Configuring Multiple NICs in Azure VMs

Microsoft has updated Azure to support multiple network interface cards (NICs) for a subset of virtual machines (VMs). This long awaited feature allows users to set up scenarios in the Azure cloud that have long been deployed on premise. For example, you can now add multiple NICs in an Azure VM to connect it to different virtual networks, effectively isolating front-end, mid-tier, and back-end traffic flowing through a VM. Another example is using two or more NICs to separate the VM data and management network traffic flow. Or you might be interested in using a third-party virtual network appliance that requires multiple NICs in your Azure deployment.

The number of NICs that can be added to a VM depends on the Azure VM size. There are two tiers of virtual machines in Azure (basic and standard), and within each tier, VMs are grouped into series (A, D, DS, G) and sizes (extra-small, small, medium, large, extra-large) that offer different computing and resource configurations. You select the VM tier and series based on which one best suits your workload requirements. The basic tier includes only A series VMs. The standard tier includes A series, D series, DS series, and G series VMs. Basic tier VMs do not support features such as load-balancing, auto-scaling, or multiple NICs. Standard tier extra-small, small, and medium size VMs also do not support multiple NICs. Therefore, you must select a large (4 cores) or extra-large (8 cores or more) Azure VM to configure multiple NICs. Table 1 lists the maximum number of NICs that can be created for different standard tier VMs.

VM Size (Standard Tier)

Maximum NICs

A3, A6, D3, A8, G3, D12
  (4-core VMs except G3-8, A8-8)


A4, A7, A9, G4, D4, D13
  (8-core VMs except G4-16, A9-16)


G5 (32-core), DS14 (16-core)



All other sizes


Table 1: Maximum NICs by Azure VM Size

For a more complete rundown on Azure VM tiers, series, and sizes, you should review “Virtual Machine and Cloud Service Sizes for Azure” available on the Microsoft MSDN site.

While VMs with multiple NICs can be connected to the same subnet, there are some constraints to take under consideration:

  • VMs with multiple NICs must be configured when a VM is initially provisioned in Azure
  • VMs with multiple NICs must be connected to Azure Virtual Networks
  • VMs with multiple NICs are not able to perform Layer 3 routing of network traffic
  • VMs with multiple NICs can only apply network security groups (NSGs) and Forced Tunneling to the default NIC
  • VMs with multiple NICs only support an Internet-facing virtual IP (VIP) on the default NIC
  • VMs with multiple NICs can have the order of the NICs changed, but IP addresses and MAC addresses will stick to a particular NIC regardless of its assigned order
  • VMs with multiple NICs cannot be provisioned through the Azure Portal

In order to create an Azure VM with multiple NICs, you can only do so using the Azure PowerShell. Therefore, you need to first set up the latest Azure PowerShell tools on a system, and create a connection to your Azure subscription. You can find a procedure to guide you through this process in my article titled “Preparing and Uploading an On-Premise Virtual Machine Image to Microsoft Azure”, in the section that describes how to establish a secure connection to Microsoft Azure using PowerShell.

Creating a VNet

Once the Azure PowerShell tools are installed on your system, your next step is to create a new virtual network (VNet). You can use the following procedure to create a new VNet in Azure:

  1. Open your browser and log into the Azure Management Portal.
  2. Click New, found in the lower left-hand corner of the screen, as shown in Figure 1.

Figure 1:
Azure Management Portal

  1. In the new pane, click Network Services, and then select Virtual Network, and then the Custom Create option, as shown in Figure 2.

Figure 2: Creating a VNet with Advanced Options

  1. On the Virtual Networks Details page, enter a virtual network name and select a location from the dropdown, as shown in Figure 3. You should select the VNet location based on the region where you want to deploy your VMs.

Figure 3: Defining New Network Name and Location

  1. On the DNS Servers and VPN Connectivity page, skip through the options and click the right arrow, as shown in Figure 4.

Figure 4: Defining DNS Server Parameters and VPN Connectivity Type

  1. On the Virtual Network Address Spaces page, enter the specific subnet definitions and IP address ranges for your Azure VNet, as shown in Figure 5. Address spaces are entered in CIDR notation from the,, or address spaces depending on your required configuration.

Figure 5: Defining Azure VNet Address Spaces

  1. Once you click on the checkmark in the lower right-hand corner of the page, Azure creates the new VNet. The VNet then appears in the Management Portal, as shown in Figure 6.

Figure 6: New VNet in Azure Management Portal

Creating a Storage Account

After you create a new VNet, you need to create an Azure storage account. You can use the following procedure to configure a storage account in your Azure environment:

  1. From the Azure Portal main page, click New, and then select Data Services, then select Storage, and then the Quick Create option, as shown in Figure 7.

Figure 7: Creating a Storage Account with the Quick Create Option

  1. Enter a URL, Location/Affinity Group, and Replication option, based on your specific requirements, and then click Create Storage Account.
  2. Azure creates the new storage account which then appears in the Management Portal, as shown in Figure 8.

Figure 8: New Storage Account in Azure Management Portal

Creating a Cloud Service

In Azure, VMs are associated with a cloud service. You can place multiple VMs in the same cloud service and they will be able to communicate over their common network, but isolated from all other VMs in Azure. The cloud service also provides load balancing and an Internet facing IP address. Use the following procedure to configure a cloud service in your Azure environment:

  1. From the Azure Portal main page, click New, and then select Compute, then select Cloud Service, and then the Quick Create option, as shown in Figure 9.

Figure 9: Creating a Cloud Service in Azure

  1. Enter a URL, and Region or Affinity Group, based on your specific requirements, and then click Create Cloud Service.
  2. Azure creates the new cloud service which then appears in the Management Portal, as shown in Figure 10.

Figure 10: New Cloud Service in Azure Portal

Creating a VM with Multiple NICs using Azure PowerShell

Now that you have created a VNet, storage account, and cloud service, you can use Azure PowerShell to create the new VM with multiple NICs. Use the following procedure (substituting your values for those in bold) as a guide to create a new VM and configure it with multiple NICs:

  1. From your local system, launch the Azure PowerShell.
  2. In the Azure PowerShell window, select the Azure subscription to use to create the VM.

    Select-AzureSubscription –SubscriptionName “Pay-As-You-Go

  3. After the Azure subscription is selected, you need to find and select the VM image from the Azure VM gallery that you will use to create the new VM.

    Get-AzureVMImage | Select ImageName

    $imagename = @( Get-AzureVMImage | where-object { $_.ImageName -like “a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-Datacenter-201502.01-en.us-127GB.vhd” } ).ImageName

    $image = Get-AzureVMImage -ImageName $imagename

  4. After selecting the VM image, configure the VM name, instance size, VM image name, and availability set name.

    $vm = New-AzureVMConfig -Name “MultiNicVM” -InstanceSize “Large” -Image $image.ImageName –AvailabilitySetName “IGllcAVSet

  5. Next, you must configure the account and password to use for the VM creation.

    Add-AzureProvisioningConfig –VM $vm -Windows -AdminUserName “MyAdmin” -Password “Passw0rd

  6. The next step is to configure the subnet and IP address for the default NIC.

    Set-AzureSubnet -SubnetNames “Internal” -VM $vm

    Set-AzureStaticVNetIP -IPAddress “” -VM $vm

  7. After setting the configuration of the default NIC, you can add an additional NIC to the new VM.

    Add-AzureNetworkInterfaceConfig -Name “Ethernet2” -SubnetName “DMZ” -StaticVNetIPAddress “” -VM $vm

  8. Finally, you need to provision the VM.

    New-AzureVM -ServiceName “MultiNicVMs” –VNetName “SouthCentralVNetSTS” –VM $vm

  9. After Azure provisions the VM, you can view it in the Azure Portal, as shown in Figure 11.

Figure 11: New VM in Azure Portal

  1. If you connect to the VM through the Azure Portal, and look at the Network properties, you will see that the VM is configured with multiple NICs, as shown in Figure 12.

Figure 12: Network Properties of New VM

Virtual Network Appliance Support in Azure

While Microsoft responded to long-standing user requests when providing the ability to create Azure VMs with multiple NICs, it also was pursuing the ability for 3rd party vendors to make available virtual network appliances in Azure. At the last TechEd Europe event held in October 2014, Microsoft announced that they were working with Citrix and Riverbed, as well as with other vendors, to onboard their network appliances into Azure. In fact, at the TechEd event, Citrix NetScaler and Riverbed SteelHead prototype demos were shown running as virtual network appliances in Azure.

In Azure today, you can create new virtual network appliances based on images of the Barracuda NG Firewall 5.4 and Barracuda Web Application Firewall 7.8, as well as Riverbed SteelHead CX 8.6 and Riverbed SteelHead CX 9.0. You can find these in the Azure VM image repository, as shown in Figures 13 and 14, respectively.

Figure 13: Barracuda Virtual Network Appliance Images in Azure

Figure 14: Riverbed Virtual Network Appliance Images in Azure

The pricing for the virtual network appliances is based on the type of subscription that you select to provision a new virtual machine in Azure.


With the ability to add multiple network interface cards in new VMs, Microsoft has enabled the deployment in Azure of multi-tier applications with multiple subnet connections to different NICs. This long-awaited feature may be a boost for the accelerated migration or extension to the public Azure cloud of the more complex application deployment scenarios that had to be maintained on premise before its release. In addition, this new feature allows Microsoft Azure to now provide in its virtual machine image repository, 3rd party firewall and network optimization virtual network appliances that you can purchase and deploy in your Azure environment. Microsoft is continuing to work with other vendors, like Citrix, to make available more virtual network appliances in Azure.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top