Organizations use site-to-site VPNs and ExpressRoute to connect on-premises networks to Azure. As an organization grows, so does the complexity of implementing and managing connectivity between the cloud and on-premises locations.
In this course, we review Azure Virtual Wide Area Network (WAN). Azure Virtual WAN creates a hub-and-spoke topology that provides a single interface for managing branch connectivity, user access, and connectivity between VNets. We also cover how Azure Virtual WAN hubs connect with other network resources to create a full mesh topology that serves as a backbone of a hybrid network.
Learning Objectives
- Design an Azure Virtual WAN architecture
- Understand the SKUs and related features of a Virtual WAN
- Create a Virtual WAN hub
- Create a network virtual appliance (NVA) in a virtual hub
- Configure virtual hub routing
- Understand connection units and scale units
Intended Audience
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
Prerequisites
- A basic understanding of networking, routing, and VPN concepts
- An Azure subscription (sign up for a free trial at https://azure.microsoft.com/free/ if you don’t have a subscription)
Now that we understand what Azure virtual WAN is and the problems it solves, let's move on to some technical terms. I know vocabulary may not sound that exciting, but it's important to understand the components that make up Azure virtual WAN, as well as what services are included with the two available types of Azure virtual WAN. Let's start with services and the first service is virtual WAN.
A virtual WAN is a collection of resources that make up a virtual WAN service. Resources in a virtual WAN can communicate with each other. There can be multiple virtual WANs in a subscription, but resources located in different virtual WANs will not communicate with each other by default. A virtual WAN is also an administrative boundary. Hubs are created within a virtual WAN. A hub is a virtual network managed by Azure. Part of the advantage of a hosted service is that we don't have to manage all the services involved. For a virtual WAN and the hubs contained inside it, we don't have to be concerned with all the routing, redundant connections and interconnections between regions. That's all part of the hubs in a virtual WAN.
A hub connects endpoints from other networks. For example, a VPN gateway endpoint can host a connection from an on-premises VPN appliance. We can connect ExpressRoute circuits or client VPN connections to the hub as well. Hubs are at the core of a virtual WAN network in a region. We can use single or multiple hubs per region. All the hubs in a virtual WAN are connected with a hub-to-hub connection by default. A hub can connect to VNets with a hub virtual network connection or use gateways to connect different types of endpoints, site-to-site VPN for remote branches, point-to-site VPN for end users, and to ExpressRoute for connecting ExpressRoute circuits to Azure virtual WAN. There's another option called a network virtual appliance or NVA that directly integrates into a hub and provides connectivity for software-defined WAN or SD WAN.
Custom routing can be added to the hub route table, providing granular control of network routing in the environment with BGP and static routes. The different connections and services Azure virtual WAN offers provides flexible options for integrating with existing networks. The exact features in an Azure virtual WAN depend on the SKU or type of virtual WAN we deploy. There are two options when deploying a virtual WAN, basic and standard. A basic virtual WAN and hub only provides site-to-site connectivity. The other type is a standard virtual WAN hub. This hub type supports ExpressRoute, user VPN, site-to-site VPN, inter-hub and VNet to VNet connectivity through the virtual hub, Azure Firewall, and a network virtual appliance in the virtual WAN. If you deploy a basic hub, it can be upgraded to a standard hub. However, you cannot downgrade a standard hub to basic. Now that we have an overview of Azure virtual WAN and an understanding of the components and services that make up the product, let's move on to implementing Azure virtual WAN.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.