Common use cases for Azure Virtual Network Manager
Learn about use cases for Azure Virtual Network Manager including managing connectivity of virtual networks, and securing network traffic.
Creating topology and connectivity
Connectivity configuration allows you to create different network topologies based on your network needs. You create a connectivity configuration by adding new or existing virtual networks into network groups and creating a topology that meets your needs. The connectivity configuration offers three topology options: mesh, hub and spoke, or hub and spoke with direct connectivity between spoke virtual networks.
When a mesh topology is deployed, all virtual networks have direct connectivity with each other. They don't need to go through other hops on the network to communicate. Mesh topology is useful when all the virtual networks need to communicate directly with each other.
Hub and spoke topology
Hub and spoke topology is recommended when you're deploying central infrastructure services in a hub virtual network that are shared by spoke virtual networks. This topology can be more efficient than having these common components in all spoke virtual networks.
Hub and spoke topology with direct connectivity
This topology combines the two above topologies. It's recommended when you have common central infrastructure in the hub, and you want direct communication between all spokes. Direct connectivity helps you reduce the latency caused by extra network hops when going through a hub.
Maintaining virtual network topology
AVNM automatically maintains the desired topology you defined in the connectivity configuration when changes are made to your infrastructure. For example, when you add new spoke to the topology, AVNM can handle the changes necessary to create the connectivity to the spoke and its virtual networks.
With Azure Virtual Network Manager, you create security admin rules to enforce security policies across virtual networks in your organization. Security admin rules take precedence over rules defined by network security groups, and they're applied first when analyzing traffic as seen in the following diagram: Common uses include:
- Create standard rules that must be applied and enforced on all existing VNets and newly created VNets.
- Create security rules that can't be modified and enforce company/organizational level rules.
- Enforce security protection to prevent users from opening high-risk ports.
- Create default rules for everyone in the company/organization so that administrators can prevent security threats caused by NSG misconfiguration or forgetting to put necessary NSGs.
- Create security boundaries using security admin rules as an administrator and let the owners of the virtual networks configure their NSGs so the NSGs won’t break company policies.
- Force-allow the traffic from and to critical services so that other users can't accidentally block the necessary traffic, such as monitoring services and program updates.
For a walk-through of use cases, see Securing Your Virtual Networks with Azure Virtual Network Manager - Microsoft Tech Community.