VM
Service Endpoint
Virtual machine
Private IP: 10.1.1.4
Account
Allow VNet: Subnet
Allow on-prem NAT IPs
10.1.1.0/24
Subnet
10.1.0.0/16
Azure Storage
Virtual Network
On-premises
Microsoft
Azure
ExpressRoute public peering or Internet
Access through NAT IPs
Figure 6: VNet Service EndPoints Overview
4. Cloud Access Service Broker (CASB) is a service that acts as an access broker
for all cloud services. This can be connected to all Azure AD-integrated SAAS
applications, such as Salesforce, Box, Jira, etc., as well as PAAS applications with
Azure AD integration.
Azure Networking
1. Azure Virtual WAN provides optimized and automated branch-to-branch con-
nectivity through Azure. Virtual WAN lets you simplify connectivity and the con-
figuration of branch devices and provisions an Azure Virtual WAN hub to termi-
nate on-premises connectivity and to host all the common services, such as AD/
DS, DNS, NVAs, etc., that are shared across spoke networks. This is compatible
with site-to-site, point-to-site or ExpressRoute connections. The Azure WAN
built-in dashboard provides instant troubleshooting insights to save you time
and gives you an easy way to view large-scale connectivity.
Spoke VNET
Spoke VNET
Azure Virtual WAN hub
Site-to-Site
VPN
Site-to-
Site VPN
"branch offices"
Express-
Route
"headquarters"
Figure 7: Azure Virtual WAN
WINTER 2019 | THE DOPPLER | 33