A shared services hub virtual network with isolation and segmentation is a network topology that uses a hub virtual network to centralize shared services and resources while isolating environments in spokes. This topology can help improve network performance and security and can be used for various purposes, such as dev/test, staging, user acceptance testing, and production.
Here are some key features of a shared services hub virtual network with isolation and segmentation:
Centralized Services
The hub virtual network hosts shared services and resources, such as DNS IDs, Active Directory Domain Services (AD DS), and Network Time Protocol (NTP).
Isolation
Each environment is deployed to a different spoke to maintain isolation.
Centralized Control
The hub can provide centralized control over security and connectivity. For example, the hub can have a perimeter network firewall, and each spoke can have segregated workload management.
Decentralized Management
The hub and each spoke can be implemented in different resource groups or subscriptions, allowing for decentralized workload management.
Network segmentation is dividing a computer network into smaller parts to improve network performance and security. Other terms for network segmentation include network segregation, network partitioning, and network isolation.
In this article, we will be learning how to provide a shared services hub virtual network with isolation and segmentation.
First, we create hub and spoke virtual networks and subnets
- Open a browser and navigate to the Azure portal and login.
- To create a Virtual Network, in the search bar at the top of the portal type “Virtual Networks” and select “Virtual Networks” from the results.
- In the “Virtual Networks” portal pane, select “+ Create”.
- Fill out all the tabs of the creation process by using the values below:
Property Value
Resource group YOUR GROUP
Name app-vnet
Region East US
IPv4 address space 10.1.0.0/16
Subnet name frontend
Subnet address range 10.1.0.0/24
Subnet name backend
Subnet address range 10.1.1.0/24
Note: Leave all other settings as their defaults. Select “Next” to advance to the next tab, and Create to create the virtual network.
- Following the same steps as above, create the Azure virtual network Hub-vnet by using the values below:
Property Value
Resource group YOUR GROUP
Name Hub-vnet
Region East US
IPv4 address space 10.0.0.0/16
Subnet name AzureFirewallSubnet
Subnet address range 10.0.0.0/26
- Once the deployment is complete. Navigate back to the portal, in the search bar type “resource groups” and select Resource Groups” from the results. Select “RG1” in the main pane and confirm both virtual networks have been deployed.
Then you setup a peer relationship between the virtual networks
- Setting up a peer relationship between the two virtual networks will allow traffic to flow in both directions between the app-vnet and hub-vnet virtual networks.
- In the Portal in the RG1 resource group view. Select the “app-vnet” virtual network.
- On the app-vnet context menu on the left-hand side of the portal scroll down and select peerings
- In the app-vnet peerings pane, Select + Add. Fill out the form using the values below:
Property Value
This virtual network Peering link name app-vnet-to-hub
Remote virtual network Peering link name hub-to-app-vnet
Virtual network hub-vnet
Note: Leave all other settings as their defaults. Select “Add” to create the virtual network peering.
Once the process completes and after the configuration updates. Validate that the Peering status is set to Connected. (you may have to refresh the page to see the updated status)