Forum Discussion

cvsadsadd's avatar
cvsadsadd
Copper Contributor
Jun 28, 2025

Network Design Ideas for VMs

I am analyzing the current Azure environment at my new job and trying to figure out the architectural choices mostly networking wise. Currently, we have 10 VMs and each VM has its own VNet and they a...
MortenLundPetersen's avatar
MortenLundPetersen
Copper Contributor
Sep 24, 2025

In my opinion the best approach is to build a Hub and Spoke network.

The Hub hosts the central components such as the firewall, Application Gateway and VPN Gateway.

Each application gets its own Spoke VNet with multiple subnets, and all Spoke VNets are peered to the Hub.

All traffic should be routed through the firewall in the Hub. This provides secure outbound internet access for your servers and applications. In the firewall you only allow traffic between Spokes if it is absolutely necessary. The fewer open ports the better.

Place a Bastion in the Hub to provide secure SSH and RDP access to your virtual machines without exposing anything to the internet.

If you need on-premises connectivity, deploy a VPN Gateway in the Hub. This allows you to Arc-enable your on-prem servers and manage everything centrally from the Azure portal.

The result is a scalable, easy-to-manage network design with a strong focus on security and zero trust.

Resources