Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. A virtual hub is a Microsoft-managed virtual network that enables connectivity from other resources. When a virtual hub is created from a Virtual WAN in the Azure portal, a virtual hub VNet and gateways (optional) are created as its components.
Recently I created a Bicep code to create an Azure Virtual WAN with 2 Hubs, Azure Firewalls, and spoke VNETs & VMs, to use it for PoCs, Labs, and Tests. You can find it at my repo: https://github.com/proximagr/VWAN
The script deploys:
- One Log Analytics workspace
- Four VETS, two on each Azure Region.
- one VWAN with two VWAN HUBs, each on a different Azure Region.
- Two Azure Firewalls inside the VWAN Hubs, each on a different Azure Region. The Azure Firewalls have diagnostic settings sending all logs to a log analytics workspace.
- Two Azure Firewalls outside the VWAN Hubs, each on a different Azure Region. The Azure Firewalls have diagnostic settings sending all logs to a log analytics workspace.
- Four VMs, Ubuntu, one in each VNET
You can choose to:
- deploy VWAN or not
- deploy Azure Firewall inside the VWAN Hubs
- deploy VMs or not
- deploy Azure Firewall outside the VWAN Hubs or not
- how many Public IPs will be created and attached to the Azure Firewalls
- The Azure Firewall SKU between Basic and Standard
The script does NOT deploy the connections between the VWAN Hubs & the VNETS. Once the VWAN Hubs are ready, with Hub Status “Succeeded” and Router Status “Provisioned”, create the connections manually. This is because to create a connection the VWAN Hub Router Status must be “Provisioned” and currently, the is no way of getting this Status.
The VMs are for testing & troubleshooting. Ubuntu Linux, without Public IP. I usually use the Serial console.
Deployment Commands for Azure Cli:
create the Resource Group az group create –name ResourceGroupName –location PreferedLocation
deploy the bicep script and answer the questions interactively az deployment group create –resource-group ResourceGroupName –template-file main.bicep
deploy the bicep script with the required parameters and choose true false az deployment group create –resource-group ResourceGroupName –template-file main.bicep –parameters numberOfFirewallPublicIPAddresses=1 adminPassword=’#########’ adminUserName=’######’ deployVWAN=true addFirewallToVWAN=true deployFirewall=true deployFirewallBasic=true deployVMs=true
Deployment Diagram
VWAN Lab: https://github.com/proximagr/VWAN
Pantelis Apostolidis is a Sr. Specialist, Azure at Microsoft and a former Microsoft Azure MVP. For the last 20 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.
