WVD network topology

Domenico Alemagna 1 Reputation point Microsoft Employee
2020-07-01T09:35:04.033+00:00

Our WVD architecture is based on a Forced Tunneling scenario. An Azure Route (UDR) 0.0.0.0/0 points to an Azure Fortigate firewall.

Internet traffic flows these hops:

  • WVD Host Pools
  • FortiGate firewall hosted on Azure
  • Virtual Network Gateway hosted on Azure
  • Site-To-Site VPN Tunnel
  • FortiGate Firewall hosted On-Premise
  • Internet

I created an additional Azure Route (UDR), to differentiate the KMS traffic and to send this triffic directly to Internet

To permit the WVD VMs to operate in absence of the On-Premise Firewall (DR scenario) I would like to create a rule to send the the traffic directed to *.wvd.microsoft.com directly to Internet.

Can I use an Azure Firewall or other Azure service to differentiate the traffic directed to *.wvd.microsoft.com and send it directly to Internet?

Thanks

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,571 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,289 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,449 questions
{count} votes

1 answer

Sort by: Most helpful
  1. prmanhas-MSFT 17,901 Reputation points Microsoft Employee
    2020-07-09T11:17:44.983+00:00

    @dalemagna Apologies for the delay in response.

    One of the way to avoid the problem of setting hostname manually is to use Azure DNS. You can create an azure DNS entry for specific private network (with entries which you are creating on the host directly) and then associate the Azure web-jobs to this private network.

    Using this mechanism, you can avoid creating DNS entries and manage the entries from central place.

    Web-jobs when run in these private network would use the DNS entries configured to fetch the DNS mapping. You can read more about Azure DNS from here .

    0 comments No comments