About This Architecture

Hub-and-spoke network topology in Azure UK South connecting production, disaster recovery, and external workloads through a central hub vnet with VPN Gateway and Azure Firewall. Traffic flows from production spoke (172.16.16.0/24) and DR spoke (172.16.32.0/24) through the hub to on-premises infrastructure via VPN, with NSG rules securing each subnet. This architecture centralizes security policy, DNS resolution, and WAN connectivity while enabling spoke-to-spoke communication for failover scenarios. Fork and customize this diagram on Diagrams.so to match your subscription structure, add additional spokes, or modify firewall rules. The design demonstrates Azure best practices for enterprise hybrid networks requiring high availability and compliance across multiple workload tiers.

People also ask

How do I design a hub-and-spoke network in Azure with VPN connectivity to on-premises and disaster recovery failover?

This diagram shows a production hub-and-spoke topology in Azure UK South where the central hub vnet (vnet-naht-hub-uks) routes traffic from production (172.16.16.0/24) and DR (172.16.32.0/24) spokes through Azure Firewall and VPN Gateway to on-premises infrastructure. NSGs secure each subnet, and spoke-to-spoke peering enables failover communication between production and DR workloads.