Hub and spoke is a networking model for efficiently managing common communication or security requirements. It also helps avoid Azure subscription limitations.
Azure supports two types of hub-and-spoke design. The first type supports communication, shared resources, and centralized security policy. The second type is based on Azure Virtual WAN. This type is for large-scale branch-to-branch and branch-to-Azure communications.
A hub is a central network zone that controls and inspects ingress or egress traffic between zones: internet, on-premises, and spokes. The hub-and-spoke topology gives your IT department an effective way to enforce security policies in a central location. It also reduces the potential for misconfiguration and exposure.
The hub often contains the common service components that the spokes consume. Examples of common central services are:
- A DNS service resolves naming the workload in the spokes to access resources on-premises and on the internet if Azure DNS isn't used.
- A public key infrastructure implements single sign-on for workloads.
- TCP and UDP traffic flow is controlled between the spoke network zones and the internet.
- Flow is controlled between the spokes and on-premises.
- Flow is controlled between one spoke and another, if needed.
- 4 перегляди