Share via

Thinking about which azure network topology in my case !!

APTOS 221 Reputation points
2022-10-26T13:40:30.647+00:00

Hello ,

we have a datacenter head office and small datancenters for branch offices in the world and only one azure subscription
we have an only one vnet in this subscription linked via vpn gateway to the datacenter head office .for billing purpose , i will create for each branch office an azure subscription and i ll create a subscription for shared services to be used for all branch offices .so i'm thniking for the best network topology for my case .Should i create a virtual hub network in the shared subscription then create vpn gateway for all branch offices and a peering network between branch offices subscription and shared subscription with enabling transit gateway ?

to simplify
Head Office : A
Head Office Azure Subscription : SA
Branch offices : B1,B2,B3
Branch office Azure subscription : SB1,SB2,SB3
Shared Subscription : SH

So , i ll create a vrtual hub on SH with vpn gateways to B1,B2 and B3
then create peering between vnets SH/SB1 ,SH/SB2,SH,SB3

Please help!

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
224 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,556 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,491 questions
0 comments
Accepted answer
  1. Andreas Baumgarten 110.9K Reputation points MVP
    2022-10-26T21:25:11.463+00:00

    Hi @APTOS ,

    if I got your requirement and scenario right you could just create peerings between the vNets in different subscriptions.
    https://learn.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions

    There is no need to install a VPN Gateway in each subscription (vNets).

    I would recommend one "hub vNet" with the VPN Gateway to the on-premises environment and peerings to all "branch vNets" with the option to use the VPN Gateway in the "hub vNet".

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. APTOS 221 Reputation points
    2022-10-27T07:48:15.95+00:00

    Hello ,
    I thank you.

    for the hub vNet .could i control network branch offices to be isolated ?so vnet SB1 can't connect to vnet SB2 ....

    Regards

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.