Microsoft Docs

Virtual WAN Concepts

Azure Virtual WAN is a networking service that brings together many networking, security, and routing functionalities to provide a single operational interface. It's designed to help you manage your cloud and on-premises network connectivity.

Key Components of Virtual WAN

Virtual WAN consists of several key components that work together to provide a scalable and secure networking solution:

1. Virtual WAN Hub

The Virtual WAN hub is a Microsoft-managed network transit center in an Azure region. It acts as a central point of connectivity for your Azure virtual networks, your on-premises sites, and your remote users.

• Hubs are deployed in an Azure region.
• They support connectivity to multiple VNets.
• They provide transit routing between connected VNets and on-premises sites.
• Security features like Azure Firewall and Network Security Groups (NSGs) can be integrated.

2. Virtual Network Connections

To connect your Azure virtual networks to a Virtual WAN hub, you establish a virtual network connection. This connection allows your VNet resources to communicate through the hub.

• Each VNet can be connected to one Virtual WAN hub.
• Connectivity is transitive through the hub.

3. Site-to-Site VPN Connections

Virtual WAN supports connecting your on-premises network locations to your Virtual WAN hub using site-to-site VPNs. This allows your branch offices and data centers to securely connect to your Azure resources.

• You configure connections from your on-premises VPN devices to the Virtual WAN hub.
• Virtual WAN simplifies the management of multiple site-to-site connections.

4. Remote User VPN (Point-to-Site)

Virtual WAN enables remote users to connect to your Azure network securely through a point-to-site VPN. This is ideal for employees working remotely who need access to corporate resources.

• Supports both OpenVPN and IKEv2 VPN protocols.
• Users can connect from various devices using VPN client software.

5. Router (ExpressRoute)

While not a direct component of Virtual WAN itself, ExpressRoute circuits can be connected to a Virtual WAN hub. This allows for high-bandwidth, low-latency private connections between your on-premises network and Azure.

• Integrates with existing ExpressRoute deployments.
• Provides redundant and reliable connectivity.

6. Routing

Virtual WAN includes a sophisticated routing service that automatically learns and propagates routes between connected networks. This simplifies route management and ensures proper traffic flow.

• Automatic route propagation.
• Support for custom route tables and propagation policies.
• Integration with Azure Router Service for advanced routing scenarios.

Benefits of Azure Virtual WAN

• Centralized Management: A single interface to manage your global network.
• Scalability: Designed to scale to support large numbers of sites and users.
• Security: Integrates with Azure Firewall and other security services.
• Simplified Connectivity: Streamlines the process of connecting VNets, on-premises sites, and remote users.
• Cost-Effectiveness: Can offer cost savings through optimized bandwidth usage and simplified infrastructure.

Architecture Overview

A typical Virtual WAN architecture involves one or more Virtual WAN hubs deployed in different Azure regions. Virtual networks and on-premises sites are then connected to these hubs. This creates a global transit network, allowing seamless communication between all connected endpoints.

For example:

• A Virtual WAN hub in Azure East US connects to VNet A (production) and VNet B (development).
• A VPN connection from an on-premises data center connects to the same hub.
• Remote users can also connect to this hub.

This setup ensures that resources in VNet A can communicate with resources in VNet B and the on-premises data center, all routed through the Virtual WAN hub.

For more detailed information on specific configurations and advanced features, please refer to the How-to guides.