Common use cases for Azure Virtual Network Manager
Learn about use cases for Azure Virtual Network Manager including managing connectivity of virtual networks, and securing network traffic.
Important
Azure Virtual Network Manager is generally available for Virtual Network Manager, hub-and-spoke connectivity configurations, and security configurations with security admin rules. Mesh connectivity configurations remain in public preview.
This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
Creating topology and connectivity
Connectivity configuration allows you to create different network topologies based on your network needs. You create a connectivity configuration by adding new or existing virtual networks into network groups and creating a topology that meets your needs. The connectivity configuration offers three topology options: mesh, hub and spoke, or hub and spoke with direct connectivity between spoke virtual networks.
Mesh topology (Preview)
When a mesh topology is deployed, all virtual networks have direct connectivity with each other. They don't need to go through other hops on the network to communicate. Mesh topology is useful when all the virtual networks need to communicate directly with each other.
Hub and spoke topology
Hub and spoke topology is recommended when you're deploying central infrastructure services in a hub virtual network that are shared by spoke virtual networks. This topology can be more efficient than having these common components in all spoke virtual networks.
Hub and spoke topology with direct connectivity
This topology combines the two above topologies. It's recommended when you have common central infrastructure in the hub, and you want direct communication between all spokes. Direct connectivity helps you reduce the latency caused by extra network hops when going through a hub.
Maintaining virtual network topology
AVNM automatically maintains the desired topology you defined in the connectivity configuration when changes are made to your infrastructure. For example, when you add new spoke to the topology, AVNM can handle the changes necessary to create the connectivity to the spoke and its virtual networks.
Security
With Azure Virtual Network Manager, you create security admin rules to enforce security policies across virtual networks in your organization. Security admin rules take precedence over rules defined by network security groups, and they're applied first when analyzing traffic as seen in the following diagram:
Common uses include:
- Create standard rules that must be applied and enforced on all existing VNets and newly created VNets.
- Create security rules that can't be modified and enforce company/organizational level rules.
- Enforce security protection to prevent users from opening high-risk ports.
- Create default rules for everyone in the company/organization so that administrators can prevent security threats caused by NSG misconfiguration or forgetting to put necessary NSGs.
- Create security boundaries using security admin rules as an administrator and let the owners of the virtual networks configure their NSGs so the NSGs don’t break company policies.
- Force-allow the traffic from and to critical services so that other users can't accidentally block the necessary traffic, such as monitoring services and program updates.
For a walk-through of use cases, see Securing Your Virtual Networks with Azure Virtual Network Manager - Microsoft Tech Community.
Next steps
- Create an Azure Virtual Network Manager instance using the Azure portal.
- Deploy an Azure Virtual Network Manager instance using Terraform.
- Learn more about network groups in Azure Virtual Network Manager.
- Learn what you can do with a connectivity configuration.
- Learn more about security admin configurations.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for