Azure Hybrid Cloud Networking

Overview

Hybrid cloud networking enables seamless connectivity between on‑premises environments and Azure. It provides flexible, secure, and scalable solutions for extending your data center to the cloud.

Architecture

The core components include:

  • Virtual Network (VNet)
  • Azure ExpressRoute
  • VPN Gateway
  • Azure Firewall & Network Security Groups
  • Azure Private Link

VNet Integration

Integrate on‑premises workloads with Azure VNet using peering, service endpoints, or private link.

az network vnet create \
  --resource-group MyResourceGroup \
  --name MyVNet \
  --address-prefix 10.0.0.0/16 \
  --subnet-name Default \
  --subnet-prefix 10.0.1.0/24

ExpressRoute

Dedicated private connection with predictable performance.

az network express-route create \
  --name MyExpressRoute \
  --resource-group MyResourceGroup \
  --location eastus \
  --bandwidth 200

VPN Gateway

Site‑to‑site VPN for encrypted traffic over the public internet.

az network vnet-gateway create \
  --name MyVpnGateway \
  --resource-group MyResourceGroup \
  --vnet MyVNet \
  --public-ip-address MyVpnGwPIP \
  --gateway-type Vpn \
  --vpn-type RouteBased \
  --sku VpnGw1

Security & Compliance

Leverage Azure Firewall, Network Security Groups, and Azure Policy to enforce security posture.

Code Samples

Below is a sample ARM template snippet for deploying a Virtual Network with a subnet and a network security group.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2022-07-01",
      "name": "myVNet",
      "location": "[resourceGroup().location]",
      "properties": {
        "addressSpace": { "addressPrefixes": [ "10.2.0.0/16" ] },
        "subnets": [
          {
            "name": "frontend",
            "properties": {
              "addressPrefix": "10.2.1.0/24",
              "networkSecurityGroup": {
                "id": "[resourceId('Microsoft.Network/networkSecurityGroups','frontend-nsg')]"
              }
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2022-07-01",
      "name": "frontend-nsg",
      "location": "[resourceGroup().location]",
      "properties": {
        "securityRules": [
          {
            "name": "AllowHTTP",
            "properties": {
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "80",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 100,
              "direction": "Inbound"
            }
          }
        ]
      }
    }
  ]
}