Azure Virtual WAN Concepts
Azure Virtual WAN is a networking service that brings together various networking capabilities, security, and routing functionalities into a single operational interface. It is designed to provide a simplified, scalable, and integrated solution for managing your wide area networks (WAN) and connecting your on-premises environments, remote offices, and branches to Azure.
What is Azure Virtual WAN?
Virtual WAN allows you to connect your on-premises datacenters and branch offices to Azure by leveraging Azure's global network backbone. It acts as a central hub for all your network connectivity, simplifying complex network topologies and reducing the management overhead.
Key Concepts
1. Virtual WAN Hub
The Virtual WAN hub is a managed instance of Azure Virtual WAN. It serves as the central point of connectivity for your network. You can deploy Virtual WAN hubs in various Azure regions. Each hub contains network services like:
- VPN Gateway: For site-to-site (S2S) VPN connections.
- Azure ExpressRoute Gateway: For private connections via ExpressRoute.
- Azure Firewall: For centralized security enforcement.
- Virtual Network Gateway: For connecting virtual networks.
- Router: For enabling advanced routing scenarios.
A Virtual WAN hub is effectively a scaled-out, highly available, managed Microsoft network peering service.
Conceptual diagram of a Virtual WAN hub.
2. Virtual Hub Connections
Connections link your resources to a Virtual WAN hub. There are several types of connections:
- Site-to-site (S2S) VPN: Connects your on-premises branch offices to the Virtual WAN hub.
- ExpressRoute: Connects your on-premises datacenters to the Virtual WAN hub via Azure ExpressRoute circuits.
- Virtual Network (VNet) Connection: Connects your Azure virtual networks to the Virtual WAN hub. This allows resources in your VNets to communicate with other connected sites and resources.
- Remote User VPN: Allows individual remote users to connect to the Virtual WAN hub using P2S VPN.
3. Global Transit Network
One of the primary benefits of Virtual WAN is its ability to enable a global transit network. This means that if you have multiple Virtual WAN hubs in different Azure regions, or multiple branch offices connected to a hub, Virtual WAN automatically handles the routing between these sites over the Azure backbone. You don't need to configure complex peering or transit routing configurations yourself.
4. Routing and Policy Enforcement
Virtual WAN provides a centralized routing and policy enforcement mechanism. You can define routing configurations within the hub to control traffic flow between connected sites and VNets. This includes:
- Route Tables: Each hub has route tables that govern how traffic is routed.
- Route Distribution: You can control which routes are propagated to different connections.
- Azure Firewall Integration: Deploy Azure Firewall within the hub for unified threat protection and network security policies across your entire WAN.
5. Scalability and High Availability
Virtual WAN is built on Azure's global network, offering inherent scalability and high availability. The managed gateways and infrastructure within the hub are designed to handle large-scale deployments and ensure continuous connectivity.
Important Note
Virtual WAN is not a replacement for Azure Virtual Network Gateway. It is a higher-level service that orchestrates connectivity for multiple VNets and on-premises sites through managed hubs.
Use Cases
- Connecting multiple branch offices to Azure.
- Establishing a global transit network for seamless connectivity between sites and cloud resources.
- Centralizing security policies using Azure Firewall.
- Simplifying complex hybrid cloud networking.
- Enabling secure remote user access.
Benefits
- Simplified Management: A single pane of glass for all your network connectivity.
- Global Connectivity: Leverages Azure's global network.
- Scalability: Designed for large-scale deployments.
- Enhanced Security: Seamless integration with Azure Firewall.
- Cost-Effectiveness: Optimized routing and management can lead to cost savings.
This section has provided a high-level overview of the core concepts behind Azure Virtual WAN. For detailed deployment and management instructions, please refer to the related documentation.