With Azure Virtual WAN and Azure Firewall, Microsoft will provide two new services to help customers modernise their network. The Azure Virtual WAN service will simplify large-scale company branch connectivity, while with the Azure Firewall enterprises can enforce their security policies in the cloud. Both services are currently in public preview.
The public preview of both Azure Virtual WAN and Azure Firewall are Microsoft’s way of showing their customers new mechanisms for securing connectivity of their offices and infrastructure to Azure and its global network. Enterprises today face emerging challenges, with their employees working more remotely, combined with tighter regulations varying per country – for example, the GDPR in Europe that was introduced on the 25th of May 2018. Furthermore, having all branch offices accessing the public internet requires uniform network and security policies. Both Azure Virtual WAN and Azure Firewall can address these challenges.
Azure Virtual WAN provides customers with a way of connecting a company's physical branches to Azure with SD-WAN (Software-Defined Wide Area Network) and VPN devices like customer premises equipment (CPE) leveraging the built-in automated connectivity and configuration management.
With Azure Virtual WAN, enterprises can benefit from Microsoft’s Global Network, and traffic from their branch offices can enter the closest Microsoft edge site. According to Yousef Khalidi, corporate vice president, Azure Networking, in the blog post about Azure Virtual WAN:
We have over 130 edge sites or Points of Presence (PoPs). Once your traffic is in the Microsoft global network, it terminates in a virtual hub. An Azure Virtual WAN is composed of multiple virtual hubs. You can create your hubs in different Azure regions. Azure has more global regions than any other public cloud provider bringing your virtual hubs close to your branches around the world.
The other new service Azure Firewall offers fully stateful native firewall capabilities for Virtual Network resources, including high availability and the ability to scale automatically. With Azure Firewall enterprises can enforce connectivity policies using the application and network level filtering rules.
The preview release of Azure Firewall offers various capabilities such as Outbound FQDN filtering, Network traffic filtering rules, Outbound SNAT support, and integration with Azure Monitor service for logging.
Microsoft is not the only significant cloud provider increasing their network service capabilities. Amazon, for instance, raised the bandwidth to speed up data transfer and launched AWS Firewall Manager. However, Microsoft with Azure Virtual WAN is now entering the SD-WAN market, which according to an estimate of IDC’s Worldwide SD-WAN Forecast (2017–2021) will hit $8 billion by 2021 due to the continuing growth of cloud computing and employees accessing cloud-hosted workloads from various locations. In a TechTarget article, Brad Casemore, an IDC analyst, said:
But this Azure network service solves a big problem for customers who make decisions about network transports and integration with existing routers, as they consume more cloud resources from more locations. Now what you've got is more policy-based, tighter integration within the SD-WAN.
Enterprises can now try the public preview both Azure Virtual WAN and Azure Firewall for free via the Azure portal.