One or Many Vnets?

Occasional Visitor

Hi all,

 

I just wanted a bit of feedback from the community. I'm currently looking to build a Data Storage solution within a set Resource group in Azure. This will contain multiple resource types like Storage Accounts, Synapse, Databricks & a number of associated monitoring & governance elements. 

 

What I'm not sure on is what is the best practice (or pros and cons) of creating all of that within 1 Vnet, or splitting it out into multiple Vnets to cover the various sections (Storage, Analytics etc). In terms of access, I picture very little (if any) public access - everything will be through expressroutes to an on-prem network.

 

I've had a look online and can't find anything obvious so any pointers would be great thanks.

1 Reply
Hi, Difficult to give a full response with the limited information, however I would suggest looking through the zero trust model, in particular the assumption of compromise and the assumption of breach. With the addition of multiple vNets, it will reduce the blast radius should it get breached and make it easier for our friends in the compromise recovery team to help the customer.

I hope this article will help you; https://docs.microsoft.com/en-us/security/zero-trust/networks