SlideShare a Scribd company logo

Hub_Spoke_v1.0.pptx

Download as PPTX, PDF
A
AanSulistiyo

Hub_Spoke

Software
1 of 7
Azure Landing Zone (Azure Firewall/WAF) Azure Firewall: On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier App Services Managed Database Jumpbox VNet Peering (Bidirectional) VNet Peering (Bidirectional) VNet (Spoke 1) VNet (Spoke 2) 1
Azure Landing Zone (NVA) On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier VNet (Spoke 2) App Services Managed Database VNet Peering (Bidirectional) Jumpbox Availability set Public DMZ in Public DMZ out Availability set Private DMZ in Private DMZ out VNet Peering (Bidirectional) VNet (Spoke 1) https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz 2
Azure Network Architecture: Deployment to Primary Azure Region On-premises Network HQ Internet VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group VNet Peering (Bidirectional) VNet Peering (Bidirectional) Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test Resource Group(s)* Additional Resource Groups will be used for Azure resources as required for better resource management and security control * P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 3
Azure Network Architecture: with animation VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group Test Resource Group(s)* VNet Peering (Bidirectional) VNet Peering (Bidirectional) Additional Resource Groups will be used for Azure resources as required for better resource management and security control * On-premises Network HQ Internet P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 4
Hub and Spoke Network Topology VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 5
Hub and Spoke Topology Benefits Drawbacks Hub & Spoke  Easier to manage shared services  Lower licensing costs  Improved segregation  Easy to scale  Single point of failure  Overhead of managing UDRs Simplified  No single point of failure  Duplication of shared services (Firewall, SIEM)  Higher licensing costs  Challenging to scale VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 6
Example Azure Network Plan: VNets & Subnets ID vNET Subnet Netmask CIDR # Of hosts Subscription Security zone Gateway unit Gateway address 1 HUB 10.151.98.0 26 10.151.98.0/26 62 Hub HUB_SZ_MSS Microsoft Azure 10.151.98.1 2 HUB 10.151.96.0 26 10.151.96.0/26 62 Hub HUB_SZ_PRIVATE_DMZ Firewall 1(Internal) 10.151.96.1 3 HUB 10.151.97.0 24 10.151.97.0/24 254 Hub HUB_SZ_PUBLIC_DMZ Firewall 0 (External) 10.151.97.1 4 HUB 10.151.98.64 26 10.151.98.64/26 62 Hub HUB_SZ_JUMP_BOX Microsoft Azure 10.151.98.65 5 PROD 10.151.0.0 19 10.151.0.0/19 8190 Prod PROD_SZ_WORKLOAD1 Microsoft Azure 10.151.0.1 6 DEV 10.151.32.0 19 10.151.32.0/19 8190 Non-Prod DEV_SZ_NON_PROD Microsoft Azure 10.151.32.1 7 STAGING 10.151.64.0 19 10.151.64.0/19 8190 Non-Prod STAGING_SZ_NON_PROD Microsoft Azure 10.151.64.1 7

Recommended

Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptx
Alejandro Daricz
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
Amazon Web Services
 
CCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure NetworkingCCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure Networking
walk2talk srl
 
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiMoving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Amazon Web Services
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185
jtaylor707
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet Topologies
Marius Zaharia
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Virtual Data Center VDC - Azure Cloud Reference Architecture CRAVirtual Data Center VDC - Azure Cloud Reference Architecture CRA
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Ammar Hasayen
 

Recommended

Microsoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptxMicrosoft Azure Hub_Spoke_Ampliado.pptx
Microsoft Azure Hub_Spoke_Ampliado.pptx
Alejandro Daricz
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
Amazon Web Services
 
CCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure NetworkingCCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure Networking
walk2talk srl
 
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiMoving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Amazon Web Services
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185
jtaylor707
 
Azure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet TopologiesAzure Networking: Innovative Features and Multi-VNet Topologies
Azure Networking: Innovative Features and Multi-VNet Topologies
Marius Zaharia
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Virtual Data Center VDC - Azure Cloud Reference Architecture CRAVirtual Data Center VDC - Azure Cloud Reference Architecture CRA
Virtual Data Center VDC - Azure Cloud Reference Architecture CRA
Ammar Hasayen
 
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptxCloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
VipulKumar221864
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
Wim Matthyssen
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報
Tech Summit 2016
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
Paulo Freitas
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
Aymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautésAymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautés
Aymeric Weinbach
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Azure Network and Infrastructure
Azure Network and InfrastructureAzure Network and Infrastructure
Azure Network and Infrastructure
Phi Huynh
 
Microsoft cloud stack
Microsoft cloud stackMicrosoft cloud stack
Microsoft cloud stack
Michael Rüefli
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
Richard Cove
 
vSRX
vSRXvSRX
vSRX
MarketingArrowECS_CZ
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
Amazon Web Services
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
Citrix
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
VMUG IT
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2
 

More Related Content

Similar to Hub_Spoke_v1.0.pptx

CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
Paulo Freitas
 
Aymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautésAymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautés
Aymeric Weinbach
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
Amazon Web Services
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
VMUG IT
 

Similar to Hub_Spoke_v1.0.pptx (20)

Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
 
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptxCloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
Cloud-Reference-Architecture-Virtual-Data-Center-VDC-Azure.pptx
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
It's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure BastionIt's all about Security! Let’s get you started with Azure Bastion
It's all about Security! Let’s get you started with Azure Bastion
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
VMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and FlexibilityVMWARE Professionals - Security, Multitenancy and Flexibility
VMWARE Professionals - Security, Multitenancy and Flexibility
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
Aymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautésAymeric weinbach ze cloud intro et nouveautés
Aymeric weinbach ze cloud intro et nouveautés
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Azure Network and Infrastructure
Azure Network and InfrastructureAzure Network and Infrastructure
Azure Network and Infrastructure
 
Microsoft cloud stack
Microsoft cloud stackMicrosoft cloud stack
Microsoft cloud stack
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
04 vsx power-r65
04 vsx power-r6504 vsx power-r65
04 vsx power-r65
 
vSRX
vSRXvSRX
vSRX
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
 

Recently uploaded

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Recently uploaded (20)

WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 

Hub_Spoke_v1.0.pptx

  • 1. Azure Landing Zone (Azure Firewall/WAF) Azure Firewall: On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier App Services Managed Database Jumpbox VNet Peering (Bidirectional) VNet Peering (Bidirectional) VNet (Spoke 1) VNet (Spoke 2) 1
  • 2. Azure Landing Zone (NVA) On-premises network Gateway subnet UDR Management subnet Hub VNet Web tier Business tier Data tier VNet (Spoke 2) App Services Managed Database VNet Peering (Bidirectional) Jumpbox Availability set Public DMZ in Public DMZ out Availability set Private DMZ in Private DMZ out VNet Peering (Bidirectional) VNet (Spoke 1) https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-dmz 2
  • 3. Azure Network Architecture: Deployment to Primary Azure Region On-premises Network HQ Internet VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group VNet Peering (Bidirectional) VNet Peering (Bidirectional) Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test Resource Group(s)* Additional Resource Groups will be used for Azure resources as required for better resource management and security control * P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 3
  • 4. Azure Network Architecture: with animation VNet Peering (Bidirectional) Prod Subscription Prod Resource Group(s)* Prod VNet (Spoke 3) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Prod Management Group Non-Prod Subscription Dev Resource Group(s)* Non-Prod Management Group Dev VNet (Spoke 1) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Test VNet (Spoke 2) 10.xx.xx.xx/yy 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz Gateway Subnet Hub VNet Firewall Subnet SIEM Subnet WAF Subnet Management Subnet 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/zz 10.xx.xx.xx/yy Hub Resource Group(s)* Hub Subscription Hub Management Group Test Resource Group(s)* VNet Peering (Bidirectional) VNet Peering (Bidirectional) Additional Resource Groups will be used for Azure resources as required for better resource management and security control * On-premises Network HQ Internet P2S VPN Tunnel S2S VPN Tunnel HTTP/HTTPS VPN Client On-premises Network Site 2 S2S VPN Tunnel 4
  • 5. Hub and Spoke Network Topology VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 5
  • 6. Hub and Spoke Topology Benefits Drawbacks Hub & Spoke  Easier to manage shared services  Lower licensing costs  Improved segregation  Easy to scale  Single point of failure  Overhead of managing UDRs Simplified  No single point of failure  Duplication of shared services (Firewall, SIEM)  Higher licensing costs  Challenging to scale VPN Client On-premises Network HQ On-premises Network Site 2 Hub VNet Hub Subnets P2S VPN Tunnel S2S VPN Tunnel Gateway Subnet Spoke 2 VNet Spoke 1 Subnets Spoke 2 VNet Spoke 2 Subnets Spoke 3 VNet Spoke 3 Subnets Spoke 4 VNet Spoke 4 Subnets HTTP/ HTTPS 6
  • 7. Example Azure Network Plan: VNets & Subnets ID vNET Subnet Netmask CIDR # Of hosts Subscription Security zone Gateway unit Gateway address 1 HUB 10.151.98.0 26 10.151.98.0/26 62 Hub HUB_SZ_MSS Microsoft Azure 10.151.98.1 2 HUB 10.151.96.0 26 10.151.96.0/26 62 Hub HUB_SZ_PRIVATE_DMZ Firewall 1(Internal) 10.151.96.1 3 HUB 10.151.97.0 24 10.151.97.0/24 254 Hub HUB_SZ_PUBLIC_DMZ Firewall 0 (External) 10.151.97.1 4 HUB 10.151.98.64 26 10.151.98.64/26 62 Hub HUB_SZ_JUMP_BOX Microsoft Azure 10.151.98.65 5 PROD 10.151.0.0 19 10.151.0.0/19 8190 Prod PROD_SZ_WORKLOAD1 Microsoft Azure 10.151.0.1 6 DEV 10.151.32.0 19 10.151.32.0/19 8190 Non-Prod DEV_SZ_NON_PROD Microsoft Azure 10.151.32.1 7 STAGING 10.151.64.0 19 10.151.64.0/19 8190 Non-Prod STAGING_SZ_NON_PROD Microsoft Azure 10.151.64.1 7