Merge branch 'main' into add-data-pol-assignments

Azure · Mar 9, 2022 · d596ca4 · d596ca4
2 parents 27727bf + d6fced1
commit d596ca4
Show file tree

Hide file tree

Showing 15 changed files with 508 additions and 2 deletions.
diff --git a/docs/wiki/CustomerUsage.md b/docs/wiki/CustomerUsage.md
@@ -43,4 +43,5 @@ The following are the unique ID's (also known as PIDs) used in each of the modul
 | spokeNetworking             | 0c428583-f2a1-4448-975c-2d6262fd193a |
 | subscriptionPlacement       | 3dfa9e81-f0cf-4b25-858e-167937fd380b |
 | virtualNetworkPeer          | ab8e3b12-b0fa-40aa-8630-e3f7699e2142 |
+| vwanConnectivity            | 7f94f23b-7a59-4a5c-9a8d-2a253a566f61 |
 | hubSpoke - Orchestration    | 50ad3b1a-f72c-4de4-8293-8a6399991beb |
diff --git a/docs/wiki/DeploymentFlow.md b/docs/wiki/DeploymentFlow.md
@@ -14,6 +14,8 @@ This document outlines the prerequisites, dependencies and flow to help orchestr
 
 ![High Level Deployment Flow](media/high-level-deployment-flow.png)
 
+<sup>*</sup>To use with the network topology of your choice. See [network topology deployment instructions below](#network-topology-deployment).
+
 ## Module Deployment Sequence
 
 Modules in this reference implementation must be deployed in the following order to ensure consistency across the environment:
@@ -24,11 +26,18 @@ Modules in this reference implementation must be deployed in the following order
 |   2   | Custom Policy Definitions              | Configures Custom Policy Definitions at the `organization management group`.                                                                                                               | Management Groups.                                                     | [infra-as-code/bicep/modules/policy/definitions](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions)                         |
 |   3   | Custom Role Definitions                | Configures custom roles based on Cloud Adoption Framework's recommendations at the `organization management group`.                                                                        | Management Groups.                                                     | [infra-as-code/bicep/modules/customRoleDefinitions](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/customRoleDefinitions)                   |
 |   4   | Logging & Sentinel                     | Configures a centrally managed Log Analytics Workspace, Automation Account and Sentinel in the `Logging` subscription.                                                                     | Management Groups & Subscription for Log Analytics and Sentinel.       | [infra-as-code/bicep/modules/logging](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/logging)                                               |
-|   5   | Hub Networking                         | Creates Hub networking infrastructure with Azure Firewall to support Hub & Spoke network topology in the `Connectivity` subscription.                                                      | Management Groups, Subscription for Hub Networking.                    | [infra-as-code/bicep/modules/hubNetworking](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/hubNetworking)                                   |
+|   5   | Hub Networking                         | Azure supports two types of hub-and-spoke design, VNet hub and Virtual WAN hub. Creates resources in the `Connectivity` subscription.                                                      | Management Groups, Subscription for Hub Networking.                    | [See network topology deployment below](#network-topology-deployment)                                   |
 |   6   | Role Assignments                       | Creates role assignments using built-in and custom role definitions.                                                                                                                       | Management Groups & Subscriptions.                                     | [infra-as-code/bicep/modules/roleAssignments](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/roleAssignments)                               |
 |   7   | Subscription Placement                 | Moves one or more subscriptions to the target management group.                                                                                                                            | Management Groups & Subscriptions.                                     | [infra-as-code/bicep/modules/subscriptionPlacement](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/subscriptionPlacement)                   |
 |   8   | Built-In and Custom Policy Assignments | Creates policy assignments to provide governance at scale.                                                                                                                                 | Management Groups, Log Analytics Workspace & Custom Policy Definitions | [infra-as-code/bicep/modules/policy/assignments/alzDefaults](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/assignments/alzDefaults) |
-|   9   | Corp Connected Spoke Network           | Creates Spoke networking infrastructure with Virtual Network Peering to support Hub & Spoke network topology.  Spoke subscriptions are used for deploying construction sets and workloads. | Management Groups, Hub Networking & Subscription for spoke networking  | [infra-as-code/bicep/modules/spokeNetworking](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/spokeNetworking)                               |
+|   9   | Corp Connected Spoke Network           | Creates Spoke networking infrastructure with Virtual Network Peering to support Hub & Spoke network topology.  Spoke subscriptions are used for deploying construction sets and workloads. | Management Groups, Hub Networking & Subscription for spoke networking  | [See network topology deployment below](#network-topology-deployment)                               |
+
+## Network Topology Deployment
+
+You can decide which network topology to implement that meets your requirements. Please review the network topologies [here](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/define-an-azure-network-topology). The following lists examples of network topology deployment based on the recommended enterprise-scale architecture:
+
+- [Traditional VNet Hub and Spoke](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlowHS) - Supports communication, shared resources and centralized security policy.
+- [Virtual WAN](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlowVWAN) - Supports large-scale branch-to-branch and branch-to-Azure communications.
 
 ## Deployment Identity
 

diff --git a/docs/wiki/DeploymentFlowHS.md b/docs/wiki/DeploymentFlowHS.md
@@ -0,0 +1,18 @@
+<!-- markdownlint-disable -->
+## Azure Landing Zones Bicep - Deployment Flow - Hub and Spoke
+<!-- markdownlint-restore -->
+
+### Intro
+
+This deploys a [hub and spoke](https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) network topology to the Azure Landing Zone foundation.
+
+> Please review and run the [Deployment Flow](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlow) before running these modules.
+
+### Module Deployment Sequence
+
+Modules in this reference implementation must be deployed in the following order to ensure consistency across the environment:
+
+| Order | Module                                 | Description                                                                                                                                                                                | Prerequisites                                                          | Module Documentation                                                                                                                                                  |
+| :---: | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|   1   | Hub Networking                         | Creates Hub networking infrastructure with Azure Firewall to support Hub & Spoke network topology in the `Connectivity` subscription.                                                      | Management Groups, Subscription for Hub Networking.                    | [infra-as-code/bicep/modules/hubNetworking](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/hubNetworking)                                   |
+|   2   | Corp Connected Spoke Network           | Creates Spoke networking infrastructure with Virtual Network Peering to support Hub & Spoke network topology.  Spoke subscriptions are used for deploying construction sets and workloads. | Management Groups, Hub Networking & Subscription for spoke networking  | [infra-as-code/bicep/modules/spokeNetworking](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/spokeNetworking)                               |
diff --git a/docs/wiki/DeploymentFlowVWAN.md b/docs/wiki/DeploymentFlowVWAN.md
@@ -0,0 +1,18 @@
+<!-- markdownlint-disable -->
+## Azure Landing Zones Bicep - Deployment Flow - Virtual WAN
+<!-- markdownlint-restore -->
+
+### Intro
+
+This deploys a hub and spoke network [topology with Azure Virtual WAN](https://docs.microsoft.com/en-us/azure/architecture/networking/hub-spoke-vwan-architecture) to the Azure Landing Zone foundation. This connectivity approach uses Virtual WAN (VWAN) to replace hubs as a managed service. Spoke virtual networks peer with the VWAN virtual hub.
+
+> Please review and run the [Deployment Flow](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlow) before running these modules.
+
+### Module Deployment Sequence
+
+Modules in this reference implementation must be deployed in the following order to ensure consistency across the environment:
+
+| Order | Module                                 | Description                                                                                                                                                                                | Prerequisites                                                          | Module Documentation                                                                                                                                                  |
+| :---: | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|   1   | Virtual WAN Connectivity                      | Deploys the Virtual WAN network topology and its components according to the Azure Landing Zone conceptual architecture.                                                                                          | Management Groups, Subscription for vWAN connectivity.                    | [infra-as-code/bicep/modules/vwanConnectivity](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vwanConnectivity)                             |
+|   2   | VNet Peering with vWAN                        | Connect a virtual network to a Virtual WAN hub.                                                                                          | Management Groups, Subscription for spoke VNet, vWAN Connectivity Module                    | _**Coming soon**_                            |
diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md
@@ -2,6 +2,8 @@
 
 * [Wiki Home](https://github.com/Azure/ALZ-Bicep/wiki/Home)
 * [Deployment Flow](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlow)
+  * [Network Topology: Hub and Spoke](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlowHS)
+  * [Network Topology: Virtual WAN](https://github.com/Azure/ALZ-Bicep/wiki/DeploymentFlowVWAN)  
 * [Contributing](https://github.com/Azure/ALZ-Bicep/wiki/Contributing)
 * [Telemetry Tracking Using Customer Usage Attribution (PID)](https://github.com/Azure/ALZ-Bicep/wiki/CustomerUsage)
 * [Azure Container Registry Deployment - Private Bicep Registry](https://github.com/Azure/ALZ-Bicep/wiki/ACRDeployment)

diff --git a/docs/wiki/media/high-level-deployment-flow.png b/docs/wiki/media/high-level-deployment-flow.png