So to kick things off we need to put together an environment in Azure. We need setup some scaffolding to support our efforts to build interesting things. What we are looking for is something quick that gives us flexibility in our deployment, integration, and management of resources. The Azure hub-spoke topology. This works great. It’s easy to deploy, extend, manage, and maintained. It’s used in large enterprise deployments right the way down to our lab. It’s a Swiss Army Knife architecture and perfect for learning. Trying new services or features just means spinning up a new spoke, deploying resources, and configuring them mostly without breaking the other spokes. Things get tricky with services that need specific integration configurations, possible to do, just tricky.
For the time being we keep it really simple. Hub and Spoke. Manually create a hub resource group and a single spoke. This will change as we explore other services and solutions. To do this, here is the thinking:
- Create a hub
- Create a hub resource group
- Deploy a virtual network to the resource group with a default address space and subnet.
- Create a virtual network gateway with it’s own subnet.
- Set up point-to-site VPN connectivity, which works for a single or few clients.
- Create a spoke
- Create a spoke resource group
- Get a refreshing beverage and peruse the interweb for our first project and architecture fit.
This is the entry point for my hybrid network traffic. What I don’t cover here is the subnetting, that’s an exercise for the reader 😁 Getting started is the game right now, so I have this:
- Virtual network
- Subnet: default
- Subnet: gateway (hosts the gateway for our Point-to-Site VPN setup)
- Virtual network gateway
- Public IP address
Looking at extending this at a later stage to include subnets and resources like an IaaS jump server or Azure Firewall.
A spoke holds resources I think work simply together. Resource groups are used to group related to each other or that you want to manage together. An example of this would be deploying an Azure Synapse Analytics workspace to a spoke with it’s supporting services (e.g. Key Vault, Azure Data Lake Gen2, etc.). The spoke allows us to do just that.
Considering our usage, data classification, budget, the current architecture should be good for now. Better to start and learn than being paralyzed by analysis in this case. Things might change things as we learn. Looking ahead Azure DevOps or GitHub integration will be on the map as well. Though it does make for easier learning doing things manually to understand it, get things moving, then automate all the things 🤖. For now keep it really simple.