Course Details

Microsoft Transit Hub Training & Certification

This is an On-demand course. Please submit a request to training@uberknowledge.com, if you want to pursue it. We will get back to you within one business day of receiving the request.

Course Overview

A "beginners" section on how one can interconnect networks in Azure which transitions into the "new way" of doing it, Virtual WANs. There is an optional second part on operational topics that MSPs (among others) might be interested in. 


Part I

An Azure user has multiple vNets and they want to integrate them. What's available?

   VNet to VNet

    Uses a VPN Gateway object

    Automatically collects and propagates all routes

    Site to Site

    Similar to above but routing is configured manually and can include arbitrary networks (Non-Azure)

    VNet peering

    Same region peering AND global peering options available

     NSGs are used to filter traffic flow between vNets/subnets

      Peered networks can still implement gateways for on-prem connections

  A particular vNet can only have one gateway (local or remote) (peered networks become a single vNet)

        Gateway transit enables one virtual network to utilize the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.

  
    In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network. Routes to the gateway-connected virtual networks or on-premises networks will propagate to the routing tables for the peered virtual networks using gateway transit. You can disable the automatic route propagation from the VPN gateway. Create a routing table with the "Disable BGP route propagation" option, and associate the routing table to the subnets to prevent the route distribution to those subnets. 

It's all about the routing

    Default System Routes
    Viewing the routing table
    Altering the routing

 

<Lab> Build a hub and spoke. Add another spoke to an existing deployment. Examine the structure, management, billing and routing.

 

A new alternative is virtualWAN.

Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity to, and through, Azure.

 

Automates the setup and connection of "branch" locations

     Supported by 3rd parties (like PAN) for automated connection/integration

Consists of:

    Azure virtualWAN object

    Azure Hub

    Azure Hub virtual network connection

    Hub Route table

    (Optional) Azure Site


Optional lab to configure same network as above with this feature. Subject to cost and the provisioning delays.

Operational topics (Part II)

Costs

Integration of existing hub and spoke deployments

Operational ownership

    Config management

    Provisioning new services

    Operational monitoring/alerts

    Scaling for multiple customer isolated networks/addressing


X