What is Azure Virtual Network Manager (Preview)?

Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. Then you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once.

Important

Azure Virtual Network Manager is currently in public preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

How does Azure Virtual Network Manager work?

Diagram of management group in Virtual Network Manager.

During the creation process, you define the scope for what your Azure Virtual Network Manager will manage. Your Network Manager will only have the delegated access to apply configurations within this scope boundary. Defining a scope can be done directly on a list of subscriptions. However it's recommended to use management groups to define your scope. Management groups provide hierarchical organization to your subscriptions. After defining the scope, you deploy configuration types including Connectivity and the SecurityAdmin rules for your Virtual Network Manager.

After you deploy the Virtual Network Manager instance, you create a network group, which serves as a logical container of networking resources to apply configurations at scale. You can manually select individual virtual networks to be added to your network group, known as static membership. Or you can use Azure Policy to define conditions that will govern your group membership dynamically, or dynamic membership. For more information about Azure Policy initiatives, see Azure Virtual Network Manager and Azure Policy.

Next, you create connectivity and/or security configuration(s) applied to those network groups based on your topology and security needs. A connectivity configuration enables you to create a mesh or a hub-and-spoke network topology. A security configuration allows you to define a collection of rules that you can apply to one or more network groups at the global level. Once you've created your desired network groups and configurations, you can deploy the configurations to any region of your choosing.

Key benefits

  • Centrally manage connectivity and security policies globally across regions and subscriptions.

  • Enable direct connectivity between spokes in a hub-and-spoke configuration without the complexity of managing a mesh network.

  • Highly scalable and highly available service with redundancy and replication across the globe.

  • Ability to create network security rules that override network security group rules.

  • Low latency and high bandwidth between resources in different virtual networks using virtual network peering.

  • Roll out network changes through a specific region sequence and frequency of your choosing.

Public preview regions

  • North Central US

  • South Central US

  • West US

  • West US 2

  • East US

  • East US 2

  • Canada Central

  • North Europe

  • West Europe

  • UK South

  • Switzerland North

  • Southeast Asia

  • Japan East

  • Japan West

  • Australia East

  • Central India

Next steps