SlideShare a Scribd company logo

Azure Hub spoke v1.0

Download as PPTX, PDF
Sayed Ashraf Kazi, profile picture
Sayed Ashraf Kazi

The document discusses several Azure network architectures including: 1) An Azure landing zone with firewall/WAF that includes hub-spoke VNets with web, business, and data tiers separated across spokes connected to an on-premises network. 2) An Azure network architecture deployed to a primary region including production and non-production subscriptions, VNets, and resource groups separated by function and connected to an on-premises network via VPN. 3) A hub-spoke network topology with shared services and subnets in a central hub VNet and workloads separated across spoke VNets connected to the hub.

Education
1 of 7
Downloaded 55 times
1
2
Most read
3
4
5
6
Most read
7
Most read
Azure Landing Zone (Azure Firewall/WAF) Azure Firewall: On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier App Services Managed Database Jumpbox VNet Peering (Bidirectional) VNet Peering (Bidirectional) VNet (Spoke 1) VNet (Spoke 2) 1
Azure Landing Zone (NVA) On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier VNet (Spoke 2) App Services Managed Database VNet Peering (Bidirectional) Jumpbox Availability set Public DMZ in Public DMZ out Availability set Private DMZ in Private DMZ out VNet Peering (Bidirectional) VNet (Spoke 1) https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz 2
Azure Network Architecture: Deployment to Primary Azure Region On-premises Network HQ Internet VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group VNet Peering (Bidirectional) VNet Peering (Bidirectional) Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test Resource Group(s)* Additional Resource Groups will be used for Azure resources as required for better resource management and security control * P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 3
Azure Network Architecture: with animation VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group Test Resource Group(s)* VNet Peering (Bidirectional) VNet Peering (Bidirectional) Additional Resource Groups will be used for Azure resources as required for better resource management and security control * On-premises Network HQ Internet P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 4
Hub and Spoke Network Topology VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 5
Hub and Spoke Topology Benefits Drawbacks Hub & Spoke  Easier to manage shared services  Lower licensing costs  Improved segregation  Easy to scale  Single point of failure  Overhead of managing UDRs Simplified  No single point of failure  Duplication of shared services (Firewall, SIEM)  Higher licensing costs  Challenging to scale VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 6
Example Azure Network Plan: VNets & Subnets ID vNET Subnet Netmask CIDR # Of hosts Subscription Security zone Gateway unit Gateway address 1 HUB 10.151.98.0 26 10.151.98.0/26 62 Hub HUB_SZ_MSS Microsoft Azure 10.151.98.1 2 HUB 10.151.96.0 26 10.151.96.0/26 62 Hub HUB_SZ_PRIVATE_DMZ Firewall 1(Internal) 10.151.96.1 3 HUB 10.151.97.0 24 10.151.97.0/24 254 Hub HUB_SZ_PUBLIC_DMZ Firewall 0 (External) 10.151.97.1 4 HUB 10.151.98.64 26 10.151.98.64/26 62 Hub HUB_SZ_JUMP_BOX Microsoft Azure 10.151.98.65 5 PROD 10.151.0.0 19 10.151.0.0/19 8190 Prod PROD_SZ_WORKLOAD1 Microsoft Azure 10.151.0.1 6 DEV 10.151.32.0 19 10.151.32.0/19 8190 Non-Prod DEV_SZ_NON_PROD Microsoft Azure 10.151.32.1 7 STAGING 10.151.64.0 19 10.151.64.0/19 8190 Non-Prod STAGING_SZ_NON_PROD Microsoft Azure 10.151.64.1 7

More Related Content

PPTX
Azure Networking (1).pptx
Razith2
 
PPTX
Overview of Enterprise-scale landing zones using Cloud Adoption Framework Rea...
MarceloMiranda38200
 
PDF
Azure landing zones - Terraform module design considerations - Azure Architec...
DubemJavapi
 
PDF
AWS Community Day 2022 Joe Daly FinOps
AWS Chicago
 
PDF
DataOps for the Modern Data Warehouse on Microsoft Azure @ NDCOslo 2020 - Lac...
Lace Lofranco
 
PDF
CAF intro Hosters modern
ssuserdb85d71
 
PPTX
Microsoft Azure Networking Basics
Sai Kishore Naidu
 
PPTX
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
Azure Networking (1).pptx
Razith2
 
Overview of Enterprise-scale landing zones using Cloud Adoption Framework Rea...
MarceloMiranda38200
 
Azure landing zones - Terraform module design considerations - Azure Architec...
DubemJavapi
 
AWS Community Day 2022 Joe Daly FinOps
AWS Chicago
 
DataOps for the Modern Data Warehouse on Microsoft Azure @ NDCOslo 2020 - Lac...
Lace Lofranco
 
CAF intro Hosters modern
ssuserdb85d71
 
Microsoft Azure Networking Basics
Sai Kishore Naidu
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 

What's hot (20)

PPTX
Let's Talk About: Azure Networking
Pedro Sousa
 
PPTX
Azure: PaaS or IaaS
Shahed Chowdhuri
 
PPTX
Azure Introduction
brunoterkaly
 
PPTX
Azure App Service
BizTalk360
 
PPTX
Azure migration
Arnon Rotem-Gal-Oz
 
PPTX
Azure Migrate
Mustafa
 
PDF
Az 104 session 3 azure compute
AzureEzy1
 
PPTX
Introduction to Microsoft Azure
Kasun Kodagoda
 
PPTX
Microsoft Azure cloud services
Najeeb Khan
 
PPTX
Azure WAF
Cheah Eng Soon
 
PPTX
Windows Azure Virtual Machines
Clint Edmonson
 
PPTX
Microsoft azure
Charith Suriyakula
 
PDF
Microsoft Azure Active Directory
David J Rosenthal
 
PDF
Azure DDoS Protection Standard
arnaudlh
 
PPTX
Microsoft Azure Technical Overview
gjuljo
 
PPTX
Azure App Service Deep Dive
Azure Riyadh User Group
 
PDF
Azure Resource Manager (ARM) Templates
WinWire Technologies Inc
 
PPTX
Azure fundamentals
Raju Kumar
 
PDF
Azure Monitoring Overview
gjuljo
 
PDF
AWS Control Tower
CloudHesive
 
Let's Talk About: Azure Networking
Pedro Sousa
 
Azure: PaaS or IaaS
Shahed Chowdhuri
 
Azure Introduction
brunoterkaly
 
Azure App Service
BizTalk360
 
Azure migration
Arnon Rotem-Gal-Oz
 
Azure Migrate
Mustafa
 
Az 104 session 3 azure compute
AzureEzy1
 
Introduction to Microsoft Azure
Kasun Kodagoda
 
Microsoft Azure cloud services
Najeeb Khan
 
Azure WAF
Cheah Eng Soon
 
Windows Azure Virtual Machines
Clint Edmonson
 
Microsoft azure
Charith Suriyakula
 
Microsoft Azure Active Directory
David J Rosenthal
 
Azure DDoS Protection Standard
arnaudlh
 
Microsoft Azure Technical Overview
gjuljo
 
Azure App Service Deep Dive
Azure Riyadh User Group
 
Azure Resource Manager (ARM) Templates
WinWire Technologies Inc
 
Azure fundamentals
Raju Kumar
 
Azure Monitoring Overview
gjuljo
 
AWS Control Tower
CloudHesive
 
Ad

Similar to Azure Hub spoke v1.0 (20)

PPTX
Microsoft Azure Hub_Spoke_Ampliado.pptx
Alejandro Daricz
 
PPTX
CCI2019 - Architecting and Implementing Azure Networking
walk2talk srl
 
PPTX
Securing your cloud perimeter with azure network security brk3185
jtaylor707
 
PPTX
Azure Networking: Innovative Features and Multi-VNet Topologies
Marius Zaharia
 
PDF
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
PPTX
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Ammar Hasayen
 
PPTX
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 
PPTX
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
VipulKumar221864
 
PPTX
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
PDF
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld
 
PPTX
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
PDF
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
PPTX
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
PPTX
VMWARE Professionals - Security, Multitenancy and Flexibility
Paulo Freitas
 
PDF
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
PDF
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
PPTX
Aymeric weinbach ze cloud intro et nouveautés
Aymeric Weinbach
 
PDF
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
PPTX
Azure Network and Infrastructure
Phi Huynh
 
PPTX
Microsoft cloud stack
Michael Rüefli
 
Microsoft Azure Hub_Spoke_Ampliado.pptx
Alejandro Daricz
 
CCI2019 - Architecting and Implementing Azure Networking
walk2talk srl
 
Securing your cloud perimeter with azure network security brk3185
jtaylor707
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Marius Zaharia
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Ammar Hasayen
 
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
VipulKumar221864
 
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld
 
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
VMWARE Professionals - Security, Multitenancy and Flexibility
Paulo Freitas
 
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
Aymeric weinbach ze cloud intro et nouveautés
Aymeric Weinbach
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Azure Network and Infrastructure
Phi Huynh
 
Microsoft cloud stack
Michael Rüefli
 
Ad

Recently uploaded (20)

PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
master seminar digital applications in india
ananyaray35
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 

Azure Hub spoke v1.0

  • 1. Azure Landing Zone (Azure Firewall/WAF) Azure Firewall: On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier App Services Managed Database Jumpbox VNet Peering (Bidirectional) VNet Peering (Bidirectional) VNet (Spoke 1) VNet (Spoke 2) 1
  • 2. Azure Landing Zone (NVA) On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier VNet (Spoke 2) App Services Managed Database VNet Peering (Bidirectional) Jumpbox Availability set Public DMZ in Public DMZ out Availability set Private DMZ in Private DMZ out VNet Peering (Bidirectional) VNet (Spoke 1) https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz 2
  • 3. Azure Network Architecture: Deployment to Primary Azure Region On-premises Network HQ Internet VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group VNet Peering (Bidirectional) VNet Peering (Bidirectional) Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test Resource Group(s)* Additional Resource Groups will be used for Azure resources as required for better resource management and security control * P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 3
  • 4. Azure Network Architecture: with animation VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group Test Resource Group(s)* VNet Peering (Bidirectional) VNet Peering (Bidirectional) Additional Resource Groups will be used for Azure resources as required for better resource management and security control * On-premises Network HQ Internet P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 4
  • 5. Hub and Spoke Network Topology VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 5
  • 6. Hub and Spoke Topology Benefits Drawbacks Hub & Spoke  Easier to manage shared services  Lower licensing costs  Improved segregation  Easy to scale  Single point of failure  Overhead of managing UDRs Simplified  No single point of failure  Duplication of shared services (Firewall, SIEM)  Higher licensing costs  Challenging to scale VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 6
  • 7. Example Azure Network Plan: VNets & Subnets ID vNET Subnet Netmask CIDR # Of hosts Subscription Security zone Gateway unit Gateway address 1 HUB 10.151.98.0 26 10.151.98.0/26 62 Hub HUB_SZ_MSS Microsoft Azure 10.151.98.1 2 HUB 10.151.96.0 26 10.151.96.0/26 62 Hub HUB_SZ_PRIVATE_DMZ Firewall 1(Internal) 10.151.96.1 3 HUB 10.151.97.0 24 10.151.97.0/24 254 Hub HUB_SZ_PUBLIC_DMZ Firewall 0 (External) 10.151.97.1 4 HUB 10.151.98.64 26 10.151.98.64/26 62 Hub HUB_SZ_JUMP_BOX Microsoft Azure 10.151.98.65 5 PROD 10.151.0.0 19 10.151.0.0/19 8190 Prod PROD_SZ_WORKLOAD1 Microsoft Azure 10.151.0.1 6 DEV 10.151.32.0 19 10.151.32.0/19 8190 Non-Prod DEV_SZ_NON_PROD Microsoft Azure 10.151.32.1 7 STAGING 10.151.64.0 19 10.151.64.0/19 8190 Non-Prod STAGING_SZ_NON_PROD Microsoft Azure 10.151.64.1 7