Contents
Course Introduction
Designing an Azure Virtual WAN
Implementing an Azure Virtual WAN Architecture
Course Conclusion
Organizations use site-to-site VPNs and ExpressRoute to connect on-premises networks to Azure. As an organization grows, so does the complexity of implementing and managing connectivity between the cloud and on-premises locations.
In this course, we review Azure Virtual Wide Area Network (WAN). Azure Virtual WAN creates a hub-and-spoke topology that provides a single interface for managing branch connectivity, user access, and connectivity between VNets. We also cover how Azure Virtual WAN hubs connect with other network resources to create a full mesh topology that serves as a backbone of a hybrid network.
Learning Objectives
- Design an Azure Virtual WAN architecture
- Understand the SKUs and related features of a Virtual WAN
- Create a Virtual WAN hub
- Create a network virtual appliance (NVA) in a virtual hub
- Configure virtual hub routing
- Understand connection units and scale units
Intended Audience
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
Prerequisites
- A basic understanding of networking, routing, and VPN concepts
- An Azure subscription (sign up for a free trial at https://azure.microsoft.com/free/ if you don’t have a subscription)
We can't talk about cloud services without including associated costs. Cost for Azure Virtual WAN are broken into three categories: scale units, connection units, and data transfer charges. This lecture will review scale units and connection units. A scale unit represents aggregated capacity for a site-to-site, point-to-site, or ExpressRoute connection. A scale unit is billed by the hour. The actual price will depend on the region and currency. Any pricing shown in this video is for example purposes only. A site-to-site VPN scale unit represents 500 megabits per second. So, if we had a one gigabit per second site-to-site VPN connection, that would require two scale units. A point-to-site VPN scale unit also represents 500 megabits per second per hour.
An ExpressRoute scale unit covers two gigabits per second per hour. Scale units relate to bandwidth. It represents how much data can pass over a given connection. A connection unit relates to an on-premises or non-Microsoft connection to an Azure Virtual WAN hub. That includes a site-to-site VPN gateway, a remote user over a point-to-site VPN, or ExpressRoute. Each connection terminating at a virtual hub is referred to as a connection unit. For example, if we have a virtual hub with two site-to-site connections from branch locations and five users connecting over a point-to-site VPN, there's a total of seven connections. However, the site-to-site and point-to-site connections are charged different rates.
Let's take a look at an example of cost for connection units and scale units. In this example, we have one standard virtual WAN hub with two site-to-site connections on that hub. There's one scale unit for 500 megabits per second of bandwidth and two connection units for the two remote sites. We have a single ExpressRoute connection with 10 gigabits per second of bandwidth. A scale unit for ExpressRoute includes two gigabits per second, so the connection requires five scale units. It also requires one connection unit. After that, we have a point-to-site scale unit. And on average, there are five users connected to the gateway for a total of five connection units. This is the cost of the scale units, connection units, and virtual WAN hub for a 30-day/month at Central US billing. This does not include data transfer costs. It illustrates how scale and connection units are billed in a hypothetical environment. Let's take a look at how to view and modify scale units on an NVA and a site-to-site VPN next.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.