Deploying Azure Virtual WAN

This document guides you through the process of deploying and configuring Azure Virtual WAN, a networking service that brings many networking, security, and routing functionalities together. Virtual WAN simplifies management of your global network by acting as a hub for your cloud and on-premises connectivity.

Prerequisites

Before you begin, ensure you have the following:

An active Azure subscription.
Necessary permissions to create and manage Azure resources.
Understanding of Azure networking concepts like VNets, VPN gateways, and ExpressRoute circuits.

Deployment Steps

Follow these steps to deploy a Virtual WAN hub and connect your networks:

Create a Virtual WAN resource:

Navigate to the Azure portal, search for "Virtual WAN", and click "Create". Select your subscription, resource group, and provide a region and name for your Virtual WAN. Choose the "Standard" SKU for full functionality.
```
az network vwan create --name MyVirtualWAN --resource-group MyResourceGroup --location eastus --sku Standard
```
Create a Virtual Hub:

Within your Virtual WAN resource, navigate to "Hubs" and click "+ Create hub". Specify a region, resource group, and hub name. Choose a hub address space (e.g., 10.0.0.0/24). You can configure a virtual hub gateway (VPN, ExpressRoute, or both) and Azure Firewall at this stage or later.

Note: The hub address space should not overlap with any of your connected VNet address spaces.
```
az network virtual-hub create --resource-group MyResourceGroup --name MyHub --location eastus --address-prefix 10.0.0.0/24 --virtual-wan MyVirtualWAN
```
Connect to the Hub:

To connect an existing VNet to your Virtual Hub, go to the Virtual Hub, select "Virtual network connections", and click "+ Add connection". Provide a connection name, select the VNet you want to connect, and specify its address space. You can also enable routing propagation.
```
az network virtual-hub connection create --resource-group MyResourceGroup --hub-name MyHub --name MyVNetConnection --remote-vnet MyVNet --address-prefix 10.1.0.0/16
```
Configure Gateway:

If you didn't configure a gateway during hub creation, you can add it now. Navigate to your hub, go to "Virtual hub gateway", and click "+ Create gateway". Choose the gateway type (VPN, ExpressRoute, or both) and configure the scale units.

For VPN Gateway:
```
az network virtual-hub vpn-gateway create --resource-group MyResourceGroup --hub-name MyHub --name MyVpnGateway --location eastus --sku VpnGw1 --virtual-wan MyVirtualWAN
```
Establish Site-to-Site VPN Connections (Optional):

If you need to connect your on-premises networks, create a "Site" resource within your Virtual WAN. This site represents your on-premises VPN device. You will then create a "Connection" between your Virtual Hub's VPN Gateway and this site, providing the pre-shared key and public IP address of your on-premises device.

Key Concepts

Virtual WAN Hub: A managed instance of Virtual WAN in a specific Azure region. It acts as a connectivity point for your global network.
Virtual Hub Gateway: Provides connectivity to your Virtual WAN hub for VPN, ExpressRoute, or both.
Virtual Network Connection: Establishes a connection between an Azure Virtual Network and a Virtual WAN hub.
Site: Represents an on-premises network location connected via VPN or ExpressRoute.

Important Considerations:

Ensure your hub and VNet address spaces do not overlap. Plan your address space allocation carefully. For production environments, consider deploying multiple hubs in different regions for high availability and disaster recovery.

Azure Documentation