All Content
Timespan
explore our new search
Azure Virtual Network Manager Deep Dive
Azure Weekly Update
Aug 4, 2022 12:00 AM

Azure Virtual Network Manager Deep Dive

by HubSite 365 about John Savill's [MVP]

Principal Cloud Solutions Architect

Azure DataCenterCompute & ContainersAzure Weekly UpdateLearning Selection

Enhance your connectivity management with Azure Virtual Network Manager - optimize deployment, configuration and security across networks.

  • Introduction
  • Virtual network refresher and challenges at scale
  • Azure Virtual Network Manager overview and deployment
  • Network groups
  • Configurations
  • Connectivity configurations
  • Hub and spoke
  • Direct connectivity and connected groups
  • Hub and spoke direct connectivity with multiple network groups
  • Mesh and removing deployments
  • Security admin configurations
  • Types of action including Always Allow
  • Demo and viewing rules applied
  • Pricing

A Comprehensive Look into Azure Virtual Network Manager

Ever wondered what Azure Virtual Network Manager is all about? This network management service is designed to enable you to group, manage, deploy, and configure virtual networks globally across subscriptions. The system allows users to define network groups for logically segmenting their virtual networks for optimized management. Once network groups are defined, users can then determine the connectivity and security configurations they desire and apply these configurations across the selected virtual networks in the network groups.

Azure Virtual Network Manager is currently in General Availability for Virtual Network Manager and hub and spoke connectivity configurations while the mesh connectivity configurations and security admin rules remain in Public preview. It's crucial to be aware that the preview version is provided without a service level agreement and isn't recommended for production workloads as certain features might not be supported or may have constrained capabilities.

One may wonder, "how does the Network Manager function?" During the creation process, the scope for what your Virtual Network Manager manages is defined. This scope limits the delegated access to apply configurations within this scope boundary. While defining a scope can be done directly on a list of subscriptions, it is advisable to use management groups to define your scope as these groups offer a hierarchical organization to your subscriptions. After defining the scope, you will deploy configuration types including Connectivity and SecurityAdmin rules for your Virtual Network Manager.

 

Once the Network Manager has been deployed and a network group has been created, the next step involves selecting individual virtual networks to be added to your network group, a process known as static membership. Alternatively, Azure Policy can be utilized to define the conditions governing group membership dynamically or dynamic membership. Further details on Azure Policy initiatives can be found at Azure Virtual Network Manager and Azure Policy.

The creation of connectivity and/or security configuration(s) to be applied to the network groups based on your topology and security needs comes up next. These configurations allow you to create a mesh or a hub-and-spoke network topology and define a collection of rules that can be applied globally to one or more network groups. Once your desired network groups and configurations have been created, you can deploy the configurations to any region of your choice.

The Unique Features of Azure Virtual Network Manager

The Azure Virtual Network Manager comes with a host of benefits. These include: the ability to centrally manage connectivity and security policies globally across regions and subscriptions; enabling direct connectivity between spokes in a hub-and-spoke configuration without the complexity of managing a mesh network; high scalability and availability; redundancy and replication across the globe; creating network security rules that override network security group rules; low latency and high bandwidth between resources in different virtual networks using virtual network peering; and, lastly, the ability to rollout network changes through a specific region sequence and frequency of choice. For more information on regions where Azure Virtual Network Manager is available, visit the Azure Virtual Network Manager regions section.

Learn about What is Azure Virtual Network Manager?

The Azure Virtual Network Manager is a feature of the vast Microsoft Azure platform, known for its capability to enable the creation, deployment, and management of virtual networks across subscriptions on a global scale. azure. It lets users define network groups, a concept that assists in segmenting and identifying distinct virtual networks, allowing them to apply their chosen connectivity and security settings to all the relevant virtual networks at one go.

Note:
As of now, the Azure Virtual Network Manager is in General Availability for its hub and spoke connectivity options. However, the mesh connectivity options and security admin rules are still made available only in Public Preview, which doesn't offer any service level agreement and is not suitable for production workloads. Many features may still be under development or may have limited capabilities. This availability status is as per Microsoft Azure's Supplemental Terms of Use.

Let's delve into the way the Azure Virtual Network Manager functions. When you initiate the creation process, you begin by setting the scope boundary within which your Virtual Network Manager can apply configurations. The scope can be defined directly on a subscription list, but it's suggested to employ management groups for this purpose as they offer a hierarchical organization to your subscriptions. Afterwards, you may proceed to deploy configuration types inclusive of Connectivity and SecurityAdmin rules.

  • Upon the deployment of a Virtual Network Manager instance, a network group is created. This group essentially acts as a pool for networking resources that you can apply configurations on a large scale. You hold the freedom to select individual virtual networks to join your network group manually (static membership), or you could let Azure Policy dictate the group membership conditions allowing for dynamic changes (dynamic membership).
  • Subsequently, you'll set up connectivity and/or security configurations aimed at your network groups, keeping your topology and security requirements in mind. A connectivity configuration enables you to create either a mesh network or a hub-and-spoke network topology. On the other hand, a security configuration lets you define a set of rules that could be applied to one or more network groups at a universal level.

After configuring the network groups to your satisfaction, you get the option to deploy to any regional location of your choice.

This management tool comes with a handsome bunch of merits:

  • Centralized management of connectivity and security rules across regions and subscriptions on a worldwide scale.
  • Direct connection between spokes in a hub-and-spoke arrangement without the complexity of mesh network management.
  • A highly scalable, highly available service with redundancy and replication capabilities across the globe.
  • Capability to generate network security rules that override existing network security group rules.
  • Low latency, high bandwidth connections between resources in diverse virtual networks through virtual network peering.

About the regional availability of Azure Virtual Network Manager, you can check out the Microsoft Azure website for the latest information.

More links on about What is Azure Virtual Network Manager?

What is Azure Virtual Network Manager?
Mar 22, 2023 — Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across ...

Keywords

Microsoft Azure, Azure Virtual Network Manager, network manager, Azure network management, Azure VNet, Azure VPN, Azure VNet Manager, Azure network services, virtual network Azure, Azure private network