How to peer payment HSM virtual networks

Peering allows you to seamlessly connect two or more virtual networks, so they appear as a single network for connectivity purposes. For full details, see Virtual network peering.

The fastpathenabled tag must be enabled on any virtual networks that the Payment HSM uses, peered or otherwise. For instance, to peer a virtual network of a payment HSM with a virtual network of a VM, you must first add the fastpathenabled tag to the latter. Unfortunately, adding the fastpathenabled tag through the Azure portal is insufficient—it must be done from the commandline.

Adding the fastpathenabled tag

Azure CLI

First, find the resource ID on the virtual network you wish to tag with the Azure CLI az network vnet show command:

az network vnet show -g "myResourceGroup" -n "myVNet"

The resource ID is in the format "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>".

Now, use the Azure CLI az tags create command to add the fastpathenabled tag to the virtual network:

az tag create --resource-id "<resource-id>" --tags "fastpathenabled=True"

Afterward, if you run az network vnet show again, you see this output:

  "tags": {
    "fastpathenabled": "True"
  },

Azure PowerShell

First, find the resource ID on the virtual network you wish to tag with the Azure PowerShell Get-AzVirtualNetwork cmdlet:

Get-AzVirtualNetwork -ResourceGroupName "myResourceGroup" -Name "myVNet" 

The resource ID is in the format "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>".

Now, use the Azure PowerShell Update-AzTag cmdlet to add the fastpathenabled tag to the virtual network:

Update-AzTag -ResourceId "<resource-id>" -Tag -Tag @{`fastpathenabled`="True"} -Operation Merge

Afterward, if you run Get-AzVirtualNetwork again, you see this output:

Tags                   :
                         Name             Value
                         ===============  =====
                         fastpathenabled  True

Peering the payment HSM and VM virtual networks

Azure CLI

To peer the payment HSM virtual network with the VM virtual network, use the Azure CLI az network peering create command to peer the payment HSM virtual network to the VM virtual network and vice versa:

# Peer payment HSM VNet to VM VNet
az network vnet peering create -g "myResourceGroup" -n "VNet2VMVNetPeering" --vnet-name "myVNet" --remote-vnet "myVMVNet" --allow-vnet-access

# Peer VM VNet to payment HSM VNet
az network vnet peering create -g "myResourceGroup" -n "VMVNet2VNetPeering" --vnet-name "myVMVNet" --remote-vnet "myVNet" --allow-vnet-access

Azure PowerShell

To peer the payment HSM virtual network with the VM virtual network, first use the Azure PowerShell Get-AzVirtualNetwork cmdlet to save the details of the virtual networks into variables

$myvnet = Get-AzVirtualNetwork -ResourceGroupName "myResourceGroup" -Name "myVNet"
$myvmvnet = Get-AzVirtualNetwork -ResourceGroupName "myResourceGroup" -Name "myVMVNet" 

Then use the Azure PowerShell Add-AzVirtualNetworkPeering cmdlet to peer the payment HSM virtual network to the VM virtual network and vice versa:

# Peer payment HSM VNet to VM VNet
Add-AzVirtualNetworkPeering -Name "VNet2VMVNetPeering" -VirtualNetwork $myvnet -RemoteVirtualNetworkId $myvmvnet.Id

# Peer VM VNet to payment HSM VNet
Add-AzVirtualNetworkPeering -Name 'VMVNet2VNetPeering' -VirtualNetwork $myvmvnet -RemoteVirtualNetworkId $myvnet.Id

Next steps

• Read an Overview of Payment HSM
• Find out how to Get started with Azure Payment HSM
• Learn how to Create a payment HSM
• See the Azure Payment HSM frequently asked questions