Forum Discussion
Connectivity between Multiple Subcription in same region
We have a Azure Tenant with One subcription Managed by a CSP. we want to create another Subscription of 7 VM's to run Azure Openshift ( with RH VM's), In the same Region.
The Question is.
- We want to leverage the AD/DC resources in Existing subscription, for this, Do we need to have any Additional Network Components ( vNet Peering etc) ..
- Do we need other network Components like WAF, Firefall, LB etc in the New subcription.
2 Replies
you can peer virtual networks that exist in two different subscriptions as long as a privileged user of both subscriptions authorizes the peering and the subscriptions are associated with the same Active Directory tenant.
https://azure.microsoft.com/en-in/updates/vnet-peering-cross-version-cross-subscription/#:~:text=Note%20that%20you%20can%20peer%20virtual%20networks%20that,more%20information%20in%20the%20Virtual%20network%20peering%20article.Once the network peering is established you can replicate the AD sync with each other
assuming if you have Hub and spoke configuration then peer both subscription to the HUB vNet where you have the firewall and route the AD/DNS traffic via firewall .
Hope this helps
- If you want to access resources on the other subscription, then yes - another VNET with Peering between the two, will allow access, then set the DNS of the secondary VNET to point towards the IP of the domain controller, no need for WAF/Firewall etc unless something is published externally over the internet.
Then you need whatever resources you need for Openshift, (you will need a separate Back Recovery Vault, for Backups)
