AZ104 — Azure Virtual Private Network(VPN )

· An Azure virtual network gateway provides an endpoint for incoming connections from on-premises locations to Azure over the Internet.

· A VPN gateway is a specific type of virtual network gateway that can be an endpoint for encrypted connections.

· Each virtual network can have only one VPN gateway.

· All connections to that VPN gateway share the available network bandwidth.

· Within each virtual network gateway there are two or more virtual machines (VMs).

· These VMs have been deployed to a special subnet that you specify, called the gateway subnet.

· They contain routing tables for connections to other networks, along with specific gateway services.

§ The following table summarizes some of these planning issues. The remainder are discussed later.

PLANNING FACTORS

Point to site

Site to site

ExpressRoute

Azure supported services

Cloud services and VMs

Cloud services and VMs

All supported services

Typical bandwidth

Depends on VPN Gateway SKU

Depends on VPN Gateway SKU

See ExpressRoute bandwidth options

Protocols supported

SSTP and IPsec

IPsec

Direct connection, VLANs

Routing

RouteBased (dynamic)

PolicyBased (static) and RouteBased

BGP

Connection resiliency

Active-passive

Active-passive or active-active

Active-active

Use case

Testing and prototyping

Dev, test and small-scale production

Enterprise/mission critical

§ It’s important that you choose the right SKU.

o If you have set up your VPN gateway with the wrong one, you’ll have to take it down and rebuild the gateway, which can be time consuming

§ VPN gateways need a gateway subnet called GatewaySubnet

o It must have this name for the gateway to work, and it should not contain any other resources.