Virtual Networks & VPN Gateway Overview

Updated: October 26, 2023 | By: Microsoft Docs

This article provides an overview of Azure Virtual Network Manager and how it can be used to centrally manage your virtual networks across Azure and hybrid environments. VPN Gateways are a crucial component for establishing secure, private connections.

What are Azure Virtual Networks?

An Azure Virtual Network (VNet) is the foundational building block for your private network in Azure. It represents your own network in the cloud, enabling Azure resources to securely communicate with each other, with the internet, and with on-premises networks. VNets offer:

  • Isolation: Your VNet is isolated from other Azure customers' VNets.
  • Segmentation: You can segment your VNet into subnets for better organization and security.
  • Connectivity: Enables communication between Azure resources and on-premises data centers.
  • Security: Allows you to control traffic flow using Network Security Groups (NSGs) and Azure Firewall.

Introducing Azure VPN Gateway

Azure VPN Gateway is a service that you use to send encrypted traffic between your Azure virtual network and your on-premises location, or between Azure virtual networks. VPN Gateway supports two types of VPN tunnels:

  • Site-to-Site (S2S) VPN: Connects your on-premises network to an Azure VNet. This is ideal for hybrid cloud scenarios where you need to extend your data center to Azure.
  • Network-to-Network (N2N) VPN: Connects two or more Azure VNets together. This is useful for multi-region deployments or when you need to isolate different environments within Azure.
Diagram showing Azure VPN Gateway connecting on-premises network to Azure VNet

Conceptual diagram of a Site-to-Site VPN connection.

Key Features and Benefits

  • Secure Connectivity: Provides encrypted tunnels for data privacy and integrity over public networks.
  • Hybrid Cloud Integration: Seamlessly integrates your on-premises infrastructure with Azure cloud services.
  • High Availability: VPN Gateways offer active-standby and active-active configurations for business continuity.
  • Scalability: Supports various gateway SKUs to meet different performance and throughput requirements.
  • Policy-Based vs. Route-Based VPNs: Offers flexibility in configuring tunnel routing based on your network topology.

Use Cases

  • Connecting your office or data center to Azure resources.
  • Establishing secure connections between multiple Azure virtual networks.
  • Providing remote users with secure access to corporate resources in Azure.
  • Disaster recovery and business continuity planning.

Configuring a VPN Gateway

Setting up a VPN Gateway involves several steps, including:

  1. Creating a Virtual Network and Gateway Subnet.
  2. Creating a Virtual Network Gateway.
  3. Creating a Local Network Gateway (for S2S VPN).
  4. Creating a Connection resource to link the gateways.

For detailed configuration steps, refer to the official Azure VPN Gateway documentation.

Performance Considerations

The performance of your VPN Gateway is influenced by the chosen SKU, the underlying network conditions, and the encryption algorithms used. Azure offers different SKUs (e.g., VpnGw1, VpnGw2, VpnGw2AZ) with varying performance characteristics. It's important to select a SKU that matches your throughput and latency requirements.

Example Configuration Snippet (PowerShell)

Here's a simplified example of how you might create a VPN gateway using Azure PowerShell:

# This is a conceptual example and requires specific parameters and resource existence.
$rgName = "MyResourceGroup"
$vnetName = "MyVNet"
$gwName = "MyVNetGateway"
$gwIpName = "MyVNetGatewayIP"
$location = "East US"

$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgName
$publicIp = New-AzPublicIpAddress -Name $gwIpName -ResourceGroupName $rgName -Location $location -AllocationMethod Dynamic
$gwIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name "gwipconfig1" -SubnetId $vnet.Subnets[1].Id -PublicIpAddressId $publicIp.Id

New-AzVirtualNetworkGateway -Name $gwName -ResourceGroupName $rgName -Location $location -IpConfigurations $gwIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1

Conclusion

Azure Virtual Networks and VPN Gateways provide a robust and secure foundation for building hybrid and multi-network cloud solutions. By understanding their capabilities, you can effectively connect your resources and extend your network securely into the cloud.

Further Reading