Creating a Virtual WAN and Hub Demo
Start course

Organizations use site-to-site VPNs and ExpressRoute to connect on-premises networks to Azure. As an organization grows, so does the complexity of implementing and managing connectivity between the cloud and on-premises locations.

In this course, we review Azure Virtual Wide Area Network (WAN). Azure Virtual WAN creates a hub-and-spoke topology that provides a single interface for managing branch connectivity, user access, and connectivity between VNets. We also cover how Azure Virtual WAN hubs connect with other network resources to create a full mesh topology that serves as a backbone of a hybrid network.

Learning Objectives

  • Design an Azure Virtual WAN architecture
  • Understand the SKUs and related features of a Virtual WAN
  • Create a Virtual WAN hub
  • Create a network virtual appliance (NVA) in a virtual hub
  • Configure virtual hub routing
  • Understand connection units and scale units

Intended Audience

  • System or network administrators with responsibilities for connecting an on-premises network to Azure
  • Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam


  • A basic understanding of networking, routing, and VPN concepts
  • An Azure subscription (sign up for a free trial at if you don’t have a subscription)

This lecture will demonstrate how to create the virtual WAN and Virtual WAN Hubs in the example environment. Let's start in the Azure portal by creating the Virtual WAN. Go to create resource and search for Virtual WAN. Select Virtual WAN and create. Create a new resource group. This example, we'll use the name Virtual WAN RG. Set the location. This example uses East US. Give it a name. Virtual WAN for this example. This will be a standard Virtual WAN because we'll use it for more than just site to site VPNs. Go to review and create. Once validated, click create. Deployment won't take long to finish.

Once done, let's go to the resource. Here's our empty Virtual WAN. Next, the West Europe and East US hub need to be created. Go to hubs. And new hub. Notice that the Virtual WAN Resource Group is selected. Virtual WAN is a managed service. All the objects needed for the service are created in the resource group. Those objects could include virtual gateways for express route, site-to-site VPNs, and Azure Firewalls, for example. We don't need to manage these ourselves. Just be aware that they're in the resource group. Next, select the region and give it a name. West Europe and WEurope hub for this example. We need to give the hub a block of IP addresses. The recommended sub-net size is a /23, although a/24 to /1 will work.

Previously I stated that the Virtual WAN manages services and objects such as gateways, firewalls, and virtual routers. The Virtual WAN service needs a block of private IP addresses to assign to those resources. Defining the hub address space here will prevent an overlap with other IP addresses used in the Virtual WAN and your network. This example will use There are options to create other resources in the hub, such as site to site and point to site connections, and express route. We'll explore that later. For now, click review and create. Once verified, click create. The deployment will take a few minutes to finish. I'll pause here and start again once it's done.

For this example, the same steps were used to create a second hub in the East US region with names and IP addresses scoped to match the location. The virtual hub deployment won't take long to finish, but if we go to the virtual WAN, go to the hub we just deployed, WEurope hub shows succeeded. The routing status shows provisioning. We have to wait for the routing status to change to succeeded before we can move forward. This can take several minutes if not longer. We'll pause here and come back once the routing status for West Europe and East US shows provisioned.

About the Author

Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.