Connect remote resources by using Azure Virtual WANs
- 6 minutes
Today’s workforce is more distributed than ever before. Organizations are exploring options that enable their employees, partners, and customers to connect to the resources they need from wherever they are. It’s not unusual for organizations to operate across national/regional boundaries, and across time zones.
Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface.
Azure Virtual WAN features
Some of the main features include:
- Branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE).
- Site-to-site VPN connectivity.
- Remote user VPN connectivity (point-to-site).
- Private connectivity (ExpressRoute).
- Intra-cloud connectivity (transitive connectivity for virtual networks).
- VPN ExpressRoute inter-connectivity.
- Routing, Azure Firewall, and encryption for private connectivity.
This diagram shows an organization with two Virtual WAN hubs connecting the spokes. VNets, Site-to-site and point-to-site VPNs, SD WANs, and ExpressRoute connectivity are all supported.
To configure an end-to-end virtual WAN, you create:
- Virtual WAN. This resource represents a virtual overlay of your Azure network and is a collection of multiple resources. It contains links to all your virtual hubs that you would like to have within the virtual WAN. Virtual WANs are isolated from each other and can't contain a common hub.
- Hub. A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity.
- Hub virtual network connection. The hub virtual network connection resource is used to connect the hub seamlessly to your virtual network. One virtual network can be connected to only one virtual hub.
- Hub-to-hub connection. Hubs are all connected to each other in a virtual WAN.
- Hub route table. You can create a virtual hub route and apply the route to the virtual hub route table. You can apply multiple routes to the virtual hub route table.
- Site (optional). This resource is used for site-to-site connections only.
Choose a Virtual WAN SKU
The Virtual WAN SKUs are: Basic and Standard. This table shows the available configurations for each type.
| Virtual WAN type | Hub type | Available configurations |
|---|---|---|
| Basic | Basic | Site-to-site VPN only |
| Standard | Standard | ExpressRoute User VPN (P2S) VPN (site-to-site) Inter-hub and VNet-to-VNet transiting through the virtual hub Azure Firewall NVA in a virtual WAN |