Powered by Microsoft Azure

Azure Network Manager – Get the best for the minimum amount.

azure, cybersecurity, IT

Azure Network Manager – Get the best for the minimum amount.

Azure Virtual Network Manager (In Preview), is a central management service for your virtual network resources, significantly reducing your operational overhead. Easily manage your virtual network infrastructure while scaling your cloud-based workloads. Use the centralized solution to create and manage complex network topologies and network security rules globally across subscriptions.

The brief tutorial explains how to deploy three networks and how Azure Virtual Network Manager can create a single mesh topology. Thenwe’ll look at the networking configuration got applied correctly (hub and spoke config)

More details here: What is Azure Virtual Network Manager (Preview)? | Microsoft Docs

Let’s get started.

  1. Go to resources and select Network Manager to create a new:

2. I already have 3 vNET and a Hub vNET created – I will use network manager to deploy the Hub and Spoke topology.

3. Next step is to create a group, and all spoke vNETs to it:

4. After creating a group, the next step is to add the configuration.

5. I will choose Hub and Spoke here and also select Hub vNET. Additionally, choose the vNET group that I created above.

6. Wait for a successful message.

7. The config would look like this:

8. The next step is to deploy the configuration – ie. create a hub and spoke topology.

So click on Deploy and push the configuration as shown:

9. Deploy the configuration, which should ideally take 1-2 minutes and Hub-Spoke topology will be created for the select vNETs

10. Checking at the Hub vNET – peering is created with all the vNET’s

What are common use cases for using Azure Virtual Network Manager?

  • As an IT security manager, you can create different network groups to meet the requirements of your environment and its functions. For example, you can create network groups for Production and Test network environments, Dev teams, Finance departments, etc. to manage their connectivity and security rules at scale.
  • You can apply connectivity configurations to create a mesh or a hub-and-spoke network topology for a large number of virtual networks across your organization’s subscriptions.
  • You can deny high-risk traffic: As an administrator of an enterprise, you can block specific protocols or sources that will override any NSG rules that would normally allow the traffic.  
  • Always allow traffic: You want to permit a specific security scanner always to have inbound connectivity to all your resources, even if there are NSG rules configured to deny the traffic.

Leave a Reply

Your email address will not be published.