Virtual WAN | Part One

Decision making & initial deployment.

With the addresses carved out and an idea of what I wanted from my network, I decided to use Azure Virtual WAN as part of my solution.

I went with this over a traditional hub & spoke architecture as it simplified my enterprise network, providing security, accessibility, and global scalability for any plans to expand overseas.

While hub & spoke has its advantages, I know with Azure VWAN I could implement a secure hub (Azure Firewall), deploy a point-to-site VPN gateway, and have all of my virtual networks all peered without the hassle of defining routing tables.

Operations Workspace

The first task was to set up a new Azure DevOps repository and associated Terraform workspace to host all of my Operations infrastructure. This would be any shared resources & services like networking, DNS, Agents, monitoring, and our SFTP solution.

With the workspace setup and the usual provider, variables, output, and local files deployed, I created a new file called vwan.tf to keep my Terraform code for this resource.

The first thing I like to start with, before anything else, is setting up a resource group. I pretty much know at this point if I am going to have problems.

# Create the main operations networking resource group
resource "azurerm_resource_group" "vwan-rg" {
  name     = "rg-vwan-prod"
  location = "North Europe"

  tags = {
    service    = "operations"
    env        = "prod"
    department = "cloudops"
    source     = "terraform"
  }
}

Once that has run in Terraform and set up my resource group I can then crack on with the basic Virtual WAN and Hub creation.

###############################################################
#                           VWAN                              #
###############################################################


# Create a VWAN
resource "azurerm_virtual_wan" "vwan-prod-ne" {
  name                              = "vwan-name-prod-ne"
  resource_group_name               = azurerm_resource_group.vwan-rg.name
  location                          = "North Europe"
  type                              = "Standard"
  disable_vpn_encryption            = false
  allow_branch_to_branch_traffic    = true
  office365_local_breakout_category = "None"

  tags = {
    service    = "operations"
    env        = "prod"
    department = "cloudops"
    source     = "terraform"
  }
}

# Create a VWAN Hub
resource "azurerm_virtual_hub" "vwan-hub-prod-ne" {
  name                = "vhub-name-prod-ne"
  resource_group_name = azurerm_resource_group.vwan-rg.name
  location            = "North Europe"
  virtual_wan_id      = azurerm_virtual_wan.vwan-prod-ne.id
  address_prefix      = "x.x.x.x/23"

  tags = {
    service    = "operations"
    env        = "prod"
    department = "cloudops"
    source     = "terraform"
  }
}

It takes a little while for Azure to do its thing, but with it completed I now had the foundational network in place to start deploying other services across it.