Microsoft just announced at Ignite two new amazing network/security related features.
- Azure Virtual Wan
- Azure Firewall
In this post I’ll focus on the new Virtual WAN.
First off it’s important to note that this service is currently in preview. You actually have to sign up for this preview and during preview there is no SLA offered for the service.
So enough of that, what can we actually achieve with Azure Virtual WAN?
Basically Virtual Wan is a networking service that allows you to connect you branch office together via Azure.
Aswell as branch office you can of course also add Azure Vnets into the mix.
The idea being that instead of creating dedicated links between all your offices, or delegating you head/HQ office as a hub you utilize Azure as your hub for networking and routing between all of your offices.
Now why would you do this? Well to begin with Azure has over 130 PoPs (points of presence) around the globe meaning that you’ll be connecting to the PoP that is closet to you. Once connected all your traffic will flow over the Azure Global Network and terminate at the SD-WAN hub. This will allow you to take advantage of Azure’s global network to interconnect all your branch offices and of course you Azure Vnets.
To create connectivity you basically just create a Site To site VPN from your branch office to the closest PoP. Two active tunnels will always be created for redundancy. Once connected automated spoke setup is configured seamlessly for you. Allowing full connectivity between your branch offices while utilizing the Azure global network for lower routing hops resulting in lower latency and faster transfer speeds.
You can find the official documentation over here