Understand the use of Hub and Spoke topology in Microsoft Azure to connect with on-premises network

Is your network's security airtight? Are you maximizing your performance potential in every connection? If these questions resonate with your concerns, you're in the right place. In this article, we explore the transformative journey of boosting security and performance by connecting Azure Hub and spokes VNets with on-premises networks.

To put it another way, imagine a network with nonexistent security and sharp speed gains. This article reveals the secret to combining Azure hub and spoke VNets with on-premises networks. Think about the options as we examine the subtleties of this relationship. You should be ready for your network's dynamics to dramatically shift.

Curious to explore the key strategies and insights to fortify your network's security while supercharging its performance? Our journey doesn't stop here. Join us in the main article as we unravel the detailed steps, best practices, and real-world applications, ensuring you're equipped with the knowledge to elevate your network to new heights.

Are you ready to revolutionize your network? Let's dive into the world of Azure and witness its game-changing impact on security and performance.

But these are not the only secrets we have in store. Stay with us, and let's embark on a journey to redefine the benchmarks of network excellence. Stay with us, and let's embark on a journey to redefine the benchmarks of network excellence together.

Scenario:

In real business environments, A Head office of an organization and its Branch offices could be in the same city or may be in the different cities. Branch offices have their own functions too but for some of the main tasks they need to contact with their Head office. The same scenario is used in Hub and spoke topology where Hub works like a central point as Head office and spokes work as branch offices. In Microsoft Azure, Hub virtual network can be used as a connectivity point to on-premises networks. that can peer spoke virtual network with the Hub virtual network and in this way, we can also isolate the workloads.

Follow the steps to understand and configure the above discussed scenario in the Microsoft Azure portal.

  • Create resource Group and virtual networks
  • Peer virtual networks with each other
  • Verify connectivity - Ping from Hub-VM to Spoke VMs and vice versa
  • Deployment of Virtual Network Gateway on Hub-VM
  • Generate certificates on an on-premises network machine
  • Install it on an on-premises machine
  • Upload Certificate on Azure portal during the creation of VPN
  • Connect on-premises machine to Azure through VPN
  • Ping between Azure Hub-VM and on-premises machine to test the connectivity
Step-1: Create resource group with the name Demo-RG and virtual network for hub and two spokes

Create a Hub Virtual Network “Hub-Vnet” and select East US as the location you can choose as your own.

Create a Virtual Network for Hub and Spokes
virtual networks for hub and spoke

Step-2: Create three Virtual Machines one for each virtual network:

  • Hub-VM for Hub-Vnet as Hub-VM
  • Spoke1-VM for Spoke1-Vnet
  • Spoke2-VM for Spoke2-Vnet

virtual machine
virtual machine

Step-3 Set the static IP of all three Virtual machines:

  • 10.0.0.4 of Hub-VM
  • 10.1.0.4 of Spoke1-VM
  • 10.2.0.4 of Spoke2-VM

IP address setting in Hub-Virtual Machine
IP setting for hub VM


IP address setting in Spoke1-Virtual Machine
IP setting for Spoke1-VM

IP address setting in Spoke2-Virtual Machine
IP setting for spoke-2 VM

Step-4 Create peering between Hub and Spokes:

  • Hub-Vnet and Spoke1-Vnet
  • Hub-Vnet and Spoke2-Vnet

Peering between Hub and Spoke1
Peering between Hub and Spoke1

Peering between Hub and Spoke2
Peering between Hub and Spoke2

Step-5: Test the connectivity between Hub and Spoke VMs:

  • Ping Hub-VM to Spoke1-VM 
  • Ping Hub-VM to Spoke2-VM 
  • Ping Spoke1-VM to Hub-VM 
  • Ping Spoke2-VM to Hub-VM 
Ping from Hub VM to Spoke1 and Spoke2 VMs
Ping result Hub VM to Spoke1 and Spoke2 VMs


Ping result Spoke1-VM to Hub-VM
Ping result in Spoke1-VM to Hub-VM

Ping result Spoke2-VM to Hub-VM
Ping result in Spoke2-VM to Hub-VM

Step-6: Create a Virtual Network Gateway and associate it with Hub-Vnet

Create Virtual Network Gateway in Hub-Vnet
Virtual Network Gateway


Step-7: Connectivity between Hub and on-premises network

  • Install a VPN Client on an on-premises network machine and then connect it to your Azure account by using the command “Connect-AzAccount”
  • To make the connection secure and for authentication of on-premises machine generate Root and Client Certificates on an on-premises machine.

Root & Client Certificate
Root and Client Certificate


Step-8: Create a Point-to-site VPN as you can see in the image and upload the Root Certificate on the Azure portal

VPN and Root certificate in Azure portal


Step-9: Install the Client Certificate on your on-premises machine.

To connect the on-premises network machine with Azure hub, run VPN client software installed earlier on an on-premises machine and connect with the VPN on the Azure portal.

connect to VPN
VPN Client software

Step-10: Verify the connectivity between on-premises network machine and Azure hub

Ping IP address of Hub-VM 10.0.0.4 from an on-premises machine 

Ping result from on-premises machine to Hub-VM
Ping result from on-premises machine

Tags
Previous Post Next Post