Azure Hub spoke v1.0

ashraf_kazi 1,059 views 7 slides Jan 19, 2022
Slide 1
Slide 1 of 7
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7

About This Presentation

Azure Landing Zone

Size: 852.65 KB
Language: en
Added: Jan 19, 2022
Slides: 7 pages

Slide Content

Azure Landing Zone (Azure Firewall/WAF) Azure Firewall: NAT, Network and Application traffic filtering rules allows Inbound/Outbound access L3-L7 Connectivity Policies On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier App Services Managed Database Jumpbox VNet Peering (Bidirectional) VNet Peering (Bidirectional) VNet (Spoke 1) VNet (Spoke 2) 1

Azure Landing Zone (NVA) On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier VNet (Spoke 2) App Services Managed Database VNet Peering (Bidirectional) Jumpbox Availability set Public DMZ in Public DMZ out Availability set Private DMZ in Private DMZ out VNet Peering (Bidirectional) VNet (Spoke 1) https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz 2

Azure Network Architecture: Deployment to Primary Azure Region On-premises Network HQ Internet VNet Peering ( Bidirectional ) Prod Subscription Prod Resource Group(s) * Prod VNet (Spoke 3) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Prod Management Group Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ yy Hub Resource Group(s) * Hub Subscription Hub Management Group VNet Peering ( Bidirectional ) VNet Peering ( Bidirectional ) Non-Prod Subscription Dev Resource Group(s) * Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Test VNet (Spoke 2) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Test Resource Group(s) * Additional Resource Groups will be used for Azure resources as required for better resource management and security control * P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 3

Azure Network Architecture: with animation VNet Peering ( Bidirectional ) Prod Subscription Prod Resource Group(s) * Prod VNet (Spoke 3) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Prod Management Group Non-Prod Subscription Dev Resource Group(s) * Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Test VNet (Spoke 2) 10.xx.xx.xx/ yy 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ zz 10.xx.xx.xx/ yy Hub Resource Group(s) * Hub Subscription Hub Management Group Test Resource Group(s) * VNet Peering ( Bidirectional ) VNet Peering ( Bidirectional ) Additional Resource Groups will be used for Azure resources as required for better resource management and security control * On-premises Network HQ Internet P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 4

Hub and Spoke Network Topology VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 5

Hub and Spoke Topology Benefits Drawbacks Hub & Spoke Easier to manage shared services Lower licensing costs Improved segregation Easy to scale Single point of failure Overhead of managing UDRs Simplified No single point of failure Duplication of shared services (Firewall, SIEM) Higher licensing costs Challenging to scale VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 6

Example Azure Network Plan: VNets & Subnets ID vNET Subnet Netmask CIDR # Of hosts Subscription Security zone Gateway unit Gateway address 1 HUB 10.151.98.0 26 10.151.98.0/26 62 Hub HUB_SZ_MSS Microsoft Azure 10.151.98.1 2 HUB 10.151.96.0 26 10.151.96.0/26 62 Hub HUB_SZ_PRIVATE_DMZ Firewall 1(Internal) 10.151.96.1 3 HUB 10.151.97.0 24 10.151.97.0/24 254 Hub HUB_SZ_PUBLIC_DMZ Firewall 0 (External) 10.151.97.1 4 HUB 10.151.98.64 26 10.151.98.64/26 62 Hub HUB_SZ_JUMP_BOX Microsoft Azure 10.151.98.65 5 PROD 10.151.0.0 19 10.151.0.0/19 8190 Prod PROD_SZ_WORKLOAD1 Microsoft Azure 10.151.0.1 6 DEV 10.151.32.0 19 10.151.32.0/19 8190 Non-Prod DEV_SZ_NON_PROD Microsoft Azure 10.151.32.1 7 STAGING 10.151.64.0 19 10.151.64.0/19 8190 Non-Prod STAGING_SZ_NON_PROD Microsoft Azure 10.151.64.1 7
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,059
  • Slides 7
  • Age 1413 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
31 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category