Designing an Azure Virtual WAN
Implementing an Azure Virtual WAN Architecture
The course is part of these learning paths
Organizations use site-to-site VPNs and ExpressRoute to connect on-premises networks to Azure. As an organization grows, so does the complexity of implementing and managing connectivity between the cloud and on-premises locations.
In this course, we review Azure Virtual Wide Area Network (WAN). Azure Virtual WAN creates a hub-and-spoke topology that provides a single interface for managing branch connectivity, user access, and connectivity between VNets. We also cover how Azure Virtual WAN hubs connect with other network resources to create a full mesh topology that serves as a backbone of a hybrid network.
- Design an Azure Virtual WAN architecture
- Understand the SKUs and related features of a Virtual WAN
- Create a Virtual WAN hub
- Create a network virtual appliance (NVA) in a virtual hub
- Configure virtual hub routing
- Understand connection units and scale units
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
- A basic understanding of networking, routing, and VPN concepts
- An Azure subscription (sign up for a free trial at https://azure.microsoft.com/free/ if you don’t have a subscription)
Now that the virtual WAN hubs are in place and there's connectivity between them, we can connect the VNet to the hub in EastUS. The EastUSHub now shows the routing status as provisioned. Next up, we connect the EastUS VNet to the EastUSHub. Let's go back to the virtual WAN and select virtual network connections under connectivity. Add a connection, give it a name EastUSConnect for this example, select the EastUSHub. Notice that we can select the subscription, meaning we're not bound to the VNets only available in the current subscription. Select the resource group for the VNet we're adding. EastUSVNetRG for this example.
Next, we'll select the VNet, EastUSVNet. Leave the rest of the settings as is and click create. For this example, there is a virtual machine connected to the EastUSVNet and another in a West Europe VNet. Let's log into the VM on the EastUSVNet and see if we can ping the other VNet. Here we are logged into the VM connected to the EastUSVNet. We'll use ping to test connectivity and just as a reminder, by default, new Windows installations won't respond to ping. We need to go to the firewall, go to inbound rules and enable file and print sharing echo request on the VM that we'll ping. Let's open a command prompt. We'll view the private IP information. This machine has the private IP address of 10.100.1.4. We can try to ping the private IP of the VM in West Europe from the VM in EastUS. But that will fail because the West Europe computer is not connected to the virtual WAN. The next step will take care of that.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.