Get Started with Azure Virtual WAN

This guide will walk you through the fundamental steps to deploy and configure Azure Virtual WAN, enabling you to build a global transit network for your Azure and on-premises environments.

Introduction

Azure Virtual WAN is a networking service that brings together networking, security, and routing capabilities into a single operational interface. It provides an optimized and automated branch connectivity to Azure. Virtual WAN offers:

Global transit network architecture.
Site-to-site (VPN) and User VPN connectivity.
Branch connectivity through Azure Virtual WAN partners.
Simplified management and operations.

Prerequisites

Before you begin, ensure you have the following:

An active Azure subscription. If you don't have one, create a free account.
Permissions to create and manage networking resources within your Azure subscription.
Existing virtual networks (VNets) that you intend to connect to your Virtual WAN.
(Optional) An on-premises VPN device if you plan to establish site-to-site VPN connections.

Steps to Deploy

Follow these steps to set up your first Azure Virtual WAN:

1. Create a Virtual WAN Resource

The Virtual WAN resource is the top-level container for your Virtual WAN deployment.

Navigate to the Azure portal.
In the search bar, type "Virtual WAN" and select it from the results.
Click "+ Create".
Fill in the required details:
- Subscription: Select your Azure subscription.
- Resource group: Create a new one or select an existing one.
- Instance name: Provide a unique name for your Virtual WAN (e.g., my-vwan).
- Region: Choose the region where you want to deploy the Virtual WAN resource. This region doesn't dictate the location of your hubs but is important for management.
- Type: Select "Standard" for full functionality. "Basic" offers limited features.
Click "Review + create" and then "Create".

2. Create a Virtual Hub

A Virtual Hub is a managed virtual network that acts as a central point of connectivity for your Virtual WAN. You need at least one hub.

Once your Virtual WAN resource is deployed, go to its overview page.
Click "+ New Hub" under "Hubs".
Configure the hub details:
- Region: Select the Azure region where you want to deploy the hub. This should ideally be close to your connected VNets and on-premises locations.
- Name: Provide a name for your hub (e.g., eastus-hub).
- Hub private address space: Specify a non-overlapping CIDR block for the hub's address space (e.g., 10.1.0.0/24). This range is used internally by the hub.
- Virtual hub capacity: Choose the desired capacity based on your throughput needs.
- Hub routing preference: For a standard WAN, you can choose "ExpressRoute" or "VPN". Select "VPN" for this guide.
Click "Review + create" and then "Create". Hub deployment can take some time.

3. Connect to Virtual Hub

Now, connect your existing Azure Virtual Networks (VNets) to the Virtual Hub.

In your Virtual WAN resource, navigate to "Virtual network connections" and click "+ Add connection".
Configure the connection:
- Connection name: A descriptive name (e.g., vnet-to-hub-conn).
- Hubs: Select the hub you created.
- Resource group: Select the resource group containing the VNet.
- Virtual network: Choose the VNet you want to connect.
- Propagate to none: Leave unchecked if you want the hub's routes to be propagated to this VNet.
- Static VNet Local Group: Typically left blank unless using specific advanced routing scenarios.
Click "Create".

Repeat this step for all VNets you wish to connect.

4. Configure Routing

Virtual WAN automatically handles route propagation between connected VNets and the hub. You can manage routing tables within the hub for more advanced configurations.

Within your Virtual Hub, you can find "Routing" options to manage the Default, None, and custom route tables.
For basic connectivity, the default propagation is usually sufficient. The hub learns routes from connected VNets and propagates them to other connected VNets.

For on-premises connectivity, you would typically configure Site-to-Site VPN or ExpressRoute connections within the Virtual Hub. This guide focuses on the initial setup of Virtual WAN and VNet connectivity.

Next Steps

Congratulations on setting up your Azure Virtual WAN!

Here are some recommended next steps:

Configure Site-to-Site VPN connections to connect your on-premises networks.
Explore security features and integrate with Azure Firewall or Network Virtual Appliances (NVAs).
Learn about User VPN (P2S) connectivity for remote users.
Understand advanced routing scenarios and route tables.

Always plan your IP address spaces carefully to avoid overlaps between VNets, hubs, and on-premises networks.