Azure vWAN Multiple hubs

[gerrynicol]

Question/Feedback

AB#25156

Hi there, can any guidance be provided for creating multiple vWAN hubs. At the moment the modules only create one vWAN hub in a single region.

Possible Answers/Solutions?

Just want us to confirm your thinking, let us know any possible answers you've considered and we can confirm 👍

[jtracey93]

Hey @gerrynicol,

Would you be looking for multiple hubs in the same region or multiple hubs across various regions?

Let us know

Thanks

Jack

[gerrynicol]

Hi @jtracey93. Apologies, should have been more specfic. It would be single hubs deployed in multiple regions, all in the same vWAN.

[jtracey93]

Hey @gerrynicol,

No worries thanks for coming back to me.

Today the modules don't support this via input parameters. However you could take the VWAN module and customise it as per https://github.com/Azure/ALZ-Bicep/wiki/ConsumerGuide#customizing-the-alz-bicep-modules

However, your ask is valid and this could be something we look to add to ALZ Bicep.

Would you want it also to optionally have a FW in the other hub?

Really looking for what you would/wouldn't want it to do for a multi hub deployment.

We can then look to get this on the backlog and maybe start development soon.

Let us know

Cheers

Jack 👍

[gerrynicol]

Hi @jtracey93,
Thanks for looking at this and considering it. Yes indeed, the ask would indeed be for an optional firewall in the second\third Hub. I would say the requirements would be as follows

• Deploy a vWAN
• Keep existing module options of Gateways\scale units, firewall, firewall policy's, DDOS, private DNS Zones
• Deploy a vWAN Hub in Region1, Region2, Region3 etc (optionally to be a secure hub-i.e az firewall)
• Hub routing and intent policies (https://learn.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing)
• (Edit - Just read that these routing policies currently dont support inter-regional traffic going via AZfw)

Cheers
Gerry

[jtracey93]

Hey @gerrynicol,

Thanks for the info, really useful :)

Ill add it to our internal backlog and add a feature for this. Im thinking i'll just add a feature for enabling to deploy additional hubs with firewall etc. to an existing VWAN resource.

The other part around routing intent etc. we will leave off for now as you noted.

Sound good?

[gerrynicol]

Hi @jtracey93,

Yip. thats sound perfect. Would be great to see this available. And again, thanks for looking into it. :)

Cheers
Gerry

[jtracey93]

For completeness this has been created as a feature in our backlog. ADO WIT: 25156

[jtracey93]

Just an update this made it into the December sprint, so stay tuned

[gerrynicol]

Excellent. Looking forward to testing it

[gerrynicol]

Just a quick one on the options for creating the vWAN Hubs in different resource Groups. Would be good to have this option available as per extract from this link - https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq

Can hubs be created in different resource groups in Virtual WAN?
Yes. This option is currently available via PowerShell only. The Virtual WAN portal requires that the hubs are in the same resource group as the Virtual WAN resource itself.

[jtracey93]

Just a quick one on the options for creating the vWAN Hubs in different resource Groups. Would be good to have this option available as per extract from this link - https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq

Can hubs be created in different resource groups in Virtual WAN? Yes. This option is currently available via PowerShell only. The Virtual WAN portal requires that the hubs are in the same resource group as the Virtual WAN resource itself.

Good idea. @lachaves lets include this into the ADO work item you have for this AB#25156