Hub and spoke setup with 1 or 2 hubs?

Question

Currently we have just 2 hubs (one for dev, and one for prod) and all resources reside within them. But now we are spinning up more resources we are looking to move to a hub and spoke setup.

My question is, should we go with 1 hub, then just have dev spokes, and prod spokes. Or should I go with 2 hubs, one for dev and one for live with there own spokes?

Answer 1

Hi Mark Pearson

Welcome to Microsoft Q&A Platform.

Both architectures are valid, and the choice depends on organizational scale, governance requirements, and security boundaries. Microsoft documentation describes hub-and-spoke as a flexible topology where hubs provide shared connectivity services such as VPN gateways, firewalls, and routing for spoke networks.Ref :Hub-spoke network topology in Azure

For most small to medium environments, Option 2 (single hub with dev and prod spokes) is a practical starting point due to its simplicity and cost efficiency.

As environments grow or regulatory requirements increase, organizations often evolve toward Option 1 with separate hubs for production and non-production workloads to improve security isolation and governance.

Ref:

• Create a secured hub and spoke network
• Deploy a connectivity configuration
• Hub-spoke network topology in Azure (architecture overview & recommendations)

Pleaseand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.