Forum Discussion
Network Design Ideas for VMs
I am analyzing the current Azure environment at my new job and trying to figure out the architectural choices mostly networking wise. Currently, we have 10 VMs and each VM has its own VNet and they are all in the same region. In my experience so far, I have never seen such network design in Azure before.
4 Replies
In my opinion the best approach is to build a Hub and Spoke network.
The Hub hosts the central components such as the firewall, Application Gateway and VPN Gateway.
Each application gets its own Spoke VNet with multiple subnets, and all Spoke VNets are peered to the Hub.
All traffic should be routed through the firewall in the Hub. This provides secure outbound internet access for your servers and applications. In the firewall you only allow traffic between Spokes if it is absolutely necessary. The fewer open ports the better.
Place a Bastion in the Hub to provide secure SSH and RDP access to your virtual machines without exposing anything to the internet.
If you need on-premises connectivity, deploy a VPN Gateway in the Hub. This allows you to Arc-enable your on-prem servers and manage everything centrally from the Azure portal.
The result is a scalable, easy-to-manage network design with a strong focus on security and zero trust.
identify the 10 VMs belongs which environment? like Production, non-prod etc.,
Then isolate both the environments using separate and dedicate virtual networks. you can maintain separate subnets for application, database etc., you can consider HUB and Spoke network architecture as well. let me know if you need any further details.
Regards,Surendra Aderu
There might be a reason for this type of setup. I encountered a similar configuration with 25 VMs, each in a separate vNet. Upon investigation, I found that each business unit had its own VM, isolated from the others using vNets. I resolved it by implementing a Hub & Spoke topology, along with subnets and NSGs. How did you address your situation?
