12. Creating a Hub and Spoke Network with a DMZ and Allowing Access to Azure Arc and Other Microsoft URLs from the Azure Portal

12. Creating a Hub and Spoke Network with a DMZ and Allowing Access to Azure Arc and Other Microsoft URLs from the Azure Portal.

1. Create a Hub Virtual Network

• Go to the Azure Portal: Navigate to the Azure portal (https://azure.microsoft.com/en-us/get-started/azure-portal).
• Create a Resource: Click on "Create a resource" in the top left corner.
• Search for Virtual Network: Search for "Virtual network" and select it.
• Choose Deployment Model: Select "Hub and spoke" as the deployment model.
• Configure Hub Settings:
  • Name: Provide a unique name for your hub virtual network.
  • Location: Choose a region where you want to deploy the hub.
  • Address Space: Define the address space for the hub virtual network.
  • Subnet Configuration: Create a subnet for the hub gateway.
• Create: Click "Create" to start the deployment.

2. Create Spoke Virtual Networks

• Repeat Step 1: Follow the same steps as above to create spoke virtual networks for different workloads.
• Configure Spoke Settings:
  • Name: Provide a unique name for each spoke virtual network.
  • Location: Choose the same region as the hub virtual network.
  • Address Space: Define the address space for each spoke virtual network.
  • Subnet Configuration: Create subnets for the application workload and peering connection to the hub.

3. Create Peering Connections

• Go to Virtual Network: Navigate to the hub virtual network.
• Peering: Click on "Peering" under the "Connectivity" section.
• Create Peering: Click on "Create peering."
• Configure Peering:
  • Name: Provide a name for the peering connection.
  • Remote virtual network: Select the spoke virtual network you want to peer with.
  • Allow gateway traffic: Select this option to enable traffic between the hub and spoke virtual networks.
  • Create: Click "Create" to establish the peering connection.
• Repeat for Other Spoke Networks: Repeat these steps for each spoke virtual network.

4. Create a DMZ Virtual Network

• Follow Step 1: Create a new virtual network for the DMZ.
• Configure DMZ Settings:
  • Name: Provide a unique name for the DMZ virtual network.
  • Location: Choose the same region as the hub and spoke virtual networks.
  • Address Space: Define the address space for the DMZ virtual network.
  • Subnet Configuration: Create subnets for the DMZ resources.

5. Create a Peering Connection Between Hub and DMZ

• Follow Step 3: Create a peering connection between the hub virtual network and the DMZ virtual network.
• Configure Peering:
  • Allow gateway traffic: Select this option to enable traffic between the hub and DMZ virtual networks.

6. Configure Network Security Groups (NSGs)

• Go to Network Security Groups: Navigate to the NSG associated with the DMZ subnet.
• Inbound Rules: Create inbound rules to allow traffic from the hub virtual network to the DMZ subnet.
• Outbound Rules: Create outbound rules to allow traffic from the DMZ subnet to Azure Arc and other Microsoft URLs.
• Review and Apply: Review the rules and apply them to the NSG.

7. Configure Azure Firewall (Optional)

• Create Azure Firewall: If you want to use Azure Firewall, create a new Azure Firewall resource.
• Associate with DMZ: Associate the Azure Firewall with the DMZ virtual network.
• Configure Rules: Create rules to allow traffic to and from the DMZ subnet.

8. Test Connectivity

• Test Access: From a resource within the DMZ virtual network, attempt to access Azure Arc and other Microsoft URLs.
• Verify Connectivity: Ensure that the traffic is flowing correctly and that you can access the desired resources.

By following these steps, you can successfully create a hub and spoke network with a DMZ and allow access to Azure Arc and other Microsoft URLs from the Azure portal.