![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 84%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,593 questions
Hi,
Unfortunately, the answer is "it depends" (sorry, I don't like when people answer this).
It really depends on your requirements and preferences.
My recommendation would be to have a central hub and indeed have all the spoke connecting to it. That being said, while this is the ideal architecture from a security point of view (central point of management), it might not be the ideal architecture from a networking perspective.
Depending on your requirements, you might find that it is better to have multiple hub and spokes networks, all with their own NVA, connected together through each Hub. This of course increases the cost (appliances, maintenance, etc.), and the security exposure, but it's a much better design from a networking perspective.
I would also recommend to look at Azure Virtual WAN:
https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about
https://www.youtube.com/watch?v=UcOogJIu3Dw
Hope this helps,
Stephane
(Please don't forget to accept helpful replies as answer)