We help IT Professionals succeed at work.

Azure Network Architecture Setup

65 Views
Last Modified: 2019-11-19
Need some advice on proper Azure Network Architecture.

These are the components we will be using in Azure

Azure Firewall
Azure VPN gatway
Azure VMs for TEST Webservers
Azure VMs for PROD Webservers
Azure Managed Instance of SQL
Azure Managed My SQL
Azure Backup
Azure Load balancer

The starting address space will be AZPRIVATE-VNET 10.0.0.0/8

My initial design looks like this. Im looking for feed back and guidance on properly segmenting the subnets according to cloud best practices.
And any other notes i didnt cover here.

Subnets
AZPRIVATENET-GW 10.0.1.0/24 (Firewall and VPN subnet)
AZPRIVATENET-TESTVMS 10.0.2.0/24 (TEST web servers)
AZPRIVATENET-PRODVMS 10.0.3.0/24 (PROD web servers)
AZPRIVATENET-UTILITY 10.0.4.0/24  ( this will include Managed SQL, AD DC, Load balancer...)

Vnet peering will be setup between them

In addition, TEST and PROD VM web servers will have PUBLIC IPs (im assuming natted, not a second NIC?)


A setup guide for any of above would be very appreciated.
Thanks
Comment
Watch Question

Mohammed KhawajaManager - Infrastructure:  Information Technology
CERTIFIED EXPERT

Commented:
I do not understand as to what you mean by firewall subnet.  I understand you VPN users being assigned IP addresses and it could be a separate subnet.  What ports/applications allowed between each subnet?  It is best to have your load balancer available in the subnet which you are trying to implement load balancing as you should avoid jumping multiple subnets.  If your test and prod will have public IPs then they should be behind a firewall.  The way I would do it is that I would have all zones behind the firewall from outside and then create your NATs to required servers that need public IPs.

Author

Commented:
Thats just an example i found, see here.
https://www.petri.com/how-to-architect-an-azure-firewall-with-a-vpn-gateway

Yes all subnets will be behind the firewall
I think what the example suggests is a management subnet for the firewall, which then has vnet peering to other subnets.
Kinda like hub and spoke.
Do you have any other better guides you can share?

Thanks for the tip about LB, ill place each one in its respective subnet.
Get access with a 7-day free trial.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.