I get a *lot* of questions on how to setup networking in Windows Azure Virtual Machines, so here's a quick braindump. You'll need to install the azure command line tool, instructions are available on the debian-cloud wiki
You don't need a virtual network
That's the most important thing you have to understand. A virtual network sounds very nice when you see it for the first time, but it's mainly designed for VPN connectivity. As long as you don't need to bridge your on-premise network with Azure VMs, forget about it.
Azure VMs only get private, non-routable IPs. The communication with the outside world goes through a load balancer. The load balancer owns public IPs, your machines don't.
If you create 2 standalone VMs, like :
azure vm create mydnsname [a bunch of options] --ssh
azure vm create myotherdnsname [a bunch of options] --ssh
You'll get 2 machines that only see each other through the load balancer. This is usually not what you want.
What you're looking for is a farm of machines, with a few visible from the outside world, and open connectivity between machines. Take for example this setup:
Web Frontend VM (let's call it web1)
Database VM (let's call it data1)
In this case you want web1 to see data1, and the other way around, but you only want web1 exposed to the outside world.
Here is how you do it:
azure vm create mydnsname [some options] -n web1
azure vm create mydnsname [some options] -n data1 -c mydnsname
That mydnsname is called the Service name. When you create a new VM, you can join it to an existing service, hence ensuring it will see every other machine deployed in the same service.
The load balancer
If you want to open a port to a given machine, the syntax is
azure vm endpoint create machinename lbport machineport
If you want to create a load-balanced endpoint to a set of machines, the syntax is
azure vm endpoint create -b endpointname machine1name lbport machine1port
azure vm endpoint create -b endpointname machine2name lbport machine2port
And so on.
How do my machines see each other ?
Standalone VM : use their public dns name and the port you set up in the load balancer if needed.
VM Farm : use the machine name from the inside network, every VM will resolve that correctly. Use the public DNS name from the outside world.
If you don't specify --ssh when creating a Linux VM, ssh won't be enabled on the machine.
If you specify --ssh but no port, this will work on standalone VMs. When creating a farm, make sure you specify --ssh portnumber with a different portnumber for every machine.
I know it's a bit dumb, we should enable ssh without exposing it to the outside world, delete the endpoint after creating the machine if that's what you want.