The UW Azure Hub VNet provides common good services which UW customers using Azure can leverage.
What services does the UW Azure Hub VNet provide?
The UW Azure Hub VNet provides the following services:
- 1GB/sec shared ExpressRoute connectivity to the UW network
- NETID Active Directory domain controllers
- UW Azure Bridge DNS solution
How does one leverage the services in the UW Azure Hub VNet?
UW customers with VNets in the UW private address space set aside for Azure (10.4.0.0/17) can request peering to the UW Azure Hub VNet to get access to these services. You can use the documented steps to request the VNet peering. If use of the Shared ExpressRoute isn’t desired, just modify your request to explicitly note that you do not want that.
How does the UW Azure Hub VNet work?
A central hub VNet is a recommended design pattern for hosting common infrastructure resources that are required by one or more spoke VNets. UW-IT has implemented a hub VNet to enable customers to connect to the NETID Active Directory (AD) domain controllers and campus network resources. A VNet is the fundamental security boundary in Azure and is partly defined by an IP Address space. A VNet address space is divided into one or more subnets for use by customer resources.
Architecturally, this makes your VNet a spoke in a hub/spoke relationship. The VNet peering allows your VNet traffic to be routed to the hub VNet. In addition to peering to the UW hub VNet, you can also ask for ExpressRoute gateway transit to be enabled on the peering relationship. This allows your VNet traffic to be routed to the hub VNet and then, if needed, routed through the gateway to the UW network. The network routing described above is transitive, so clients on the UW network can also reach your VNet. Routing between spoke VNets is *not* enabled by default.
UW-IT has extended the campus address space into Azure by reserving 10.4.0.0/17 for use in Azure. A customer may establish a VNet and request that it connect to the Hub VNet, via VNet Peering. The peering relationship may or may not utilize the UW-IT Shared Express Route connection. Multiple customers may establish a similar peering relationship to the Hub VNet as shown in the figure.
