AZ104 — Azure Virtual Private Network(VPN )
· An Azure virtual network gateway provides an endpoint for incoming connections from on-premises locations to Azure over the Internet.
· A VPN gateway is a specific type of virtual network gateway that can be an endpoint for encrypted connections.
· Each virtual network can have only one VPN gateway.
· All connections to that VPN gateway share the available network bandwidth.
· Within each virtual network gateway there are two or more virtual machines (VMs).
· These VMs have been deployed to a special subnet that you specify, called the gateway subnet.
· They contain routing tables for connections to other networks, along with specific gateway services.
§ The following table summarizes some of these planning issues. The remainder are discussed later.
PLANNING FACTORS
Point to site
Site to site
ExpressRoute
Azure supported services
Cloud services and VMs
Cloud services and VMs
All supported services
Typical bandwidth
Depends on VPN Gateway SKU
Depends on VPN Gateway SKU
See ExpressRoute bandwidth options
Protocols supported
SSTP and IPsec
IPsec
Direct connection, VLANs
Routing
RouteBased (dynamic)
PolicyBased (static) and RouteBased
BGP
Connection resiliency
Active-passive
Active-passive or active-active
Active-active
Use case
Testing and prototyping
Dev, test and small-scale production
Enterprise/mission critical
§ It’s important that you choose the right SKU.
o If you have set up your VPN gateway with the wrong one, you’ll have to take it down and rebuild the gateway, which can be time consuming
§ VPN gateways need a gateway subnet called GatewaySubnet
o It must have this name for the gateway to work, and it should not contain any other resources.