Description 📝
Azure Virtual WAN (vWAN) is a networking service that simplifies large-scale branch connectivity, providing an optimized, automated, and global transit network architecture. It integrates various networking, security, and routing functionalities, enabling centralized management and control over a global network. Azure vWAN offers seamless integration with other Azure services like VPN, ExpressRoute, and Azure Firewall, enhancing connectivity and security across enterprise networks.
Why use it? 🤔
- Simplified Connectivity: It streamlines the process of connecting branch offices, data centers, and the cloud, reducing complexity and improving efficiency.
- Global Transit Network: Azure vWAN provides a high-bandwidth, low-latency global backbone, offering improved network performance for global enterprises.
- Automated Routing and Scalability: It automates network routing and scaling, allowing for easy adaptation as the network grows or changes.
- Integrated Security: With built-in security features and seamless integration with Azure Firewall, it enhances the overall security posture of the network.
- Centralized Management: Azure vWAN offers a unified view and control over the entire network, simplifying management and monitoring.
Architecture components 🏛️
-
azurerm_virtual_wan (vwan1): This is the central resource for Azure Virtual WAN. It acts as a unified hub that connects different networking services. The
office365_local_breakout_category
parameter optimizes and allows Office 365 traffic. - azurerm_resource_group (region-1-rg-1 and region-2-rg-1): These are containers that hold related resources for Azure solutions. In this case, they likely hold the resources for different regional deployments.
- azurerm_virtual_hub (region-1-vhub-1 and region-2-vhub-1): Virtual hubs are the core of the Virtual WAN. They act as traffic managers and routers for the network traffic. Each hub is associated with a specific region.
- azurerm_virtual_hub_connection (region1-connection1 and region2-connection1): These establish connections between the virtual hubs and virtual networks, enabling the networks to use the WAN for traffic routing.
- azurerm_virtual_network (region-1-vnet-1 and region-2-vnet-1): These are the fundamental building blocks for your private network in Azure. They provide a private IP address space where you can run your services and applications.
- azurerm_firewall (fw01): This resource provides a fully stateful firewall as a service. In this configuration, it's associated with a virtual hub to secure and control network traffic.
- azurerm_firewall_policy (fw-pol01): This defines a collection of rules for the firewall to control inbound and outbound network traffic.
- azurerm_firewall_policy_rule_collection_group (region1-policy1): This is a group of firewall rules within the firewall policy, specifying how traffic should be filtered and managed.
- azurerm_vpn_gateway (region1-gateway1): This gateway enables the connection of on-premises networks to Azure through Site-to-Site VPNs, providing secure connectivity.
- azurerm_vpn_site (region1-officesite1): Represents an on-premises location (like an office site) for a secure site-to-site VPN connection.
- azurerm_vpn_gateway_connection (region1-officesite1): Connects the VPN gateway to the VPN site, enabling the secure site-to-site connection.
- azurerm_point_to_site_vpn_gateway (region1-p2s-01): This gateway allows individual devices to connect to Azure's virtual network, creating a Point-to-Site VPN connection.
- azurerm_vpn_server_configuration (region1-p2s-conn-01): Configures the VPN server for Point-to-Site VPN connections, including authentication types and settings.
- azurerm_express_route_gateway (region1-er-gateway-01): This gateway connects your on-premises networks to Azure through Azure ExpressRoute, which is a private connection from your premises to Azure.
Each of these resources plays a specific role in building a comprehensive, secure, and efficient virtual WAN in Azure, catering to different networking, connectivity, and security needs.
How to use the Azure VWan on Brainboard?
Go to the templates catalog and clone the architecture. Modify the variables according to your needs and deploy them.
We highly advise you to run pipelines to check the security posture of this architecture and its cost before you deploy it to avoid any surprises.
Use the CI/CD part for cost analysis, security check and policy compliance.
You can use it here 👉 https://app.brainboard.co
Top comments (0)