Connect Hub and Spoke Networks with VNet Peering

45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

*Hub and spoke* is a common network topology used to both isolate and interconnect networked resources securely.

Azure includes various tools to help connect and secure resources. In this hands-on lab, we’ll use the Azure portal to configure VNet peering, public IP addressing, and network security groups to configure secure RDP connectivity from a spoke network to the hub network.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure Access to the Jump Server
  1. Configure a public IP address for the VM called jumpserver.
  2. Configure the network security group, spoke1-vnet-nsg, to allow inbound RDP access from your public IP address. (Optionally, you may allow all inbound access if you are unable to determine your own IP address.)
Configure Access to the Hub Network
  1. Configure a VNet peer between hub-vnet and spoke1-vnet.
  2. Configure the network security group, hub-vnet-nsg, to allow only RDP from the private IP address of the jumpserver VM.
Test Connectivity
  1. Use a local RDP client, and connect to jumpserver.
  2. From jumpserver, use the built-in RDP client to connect to appserver.

Additional Resources


You're a cloud network engineer working for an organization that has many private virtual-networked resources running in Azure.

Normally, the IT help desk team would manage these resources from the head office using a private ExpressRoute connection, and custom support tools running on their company PCs; however, in recent times, many members of the IT help desk team have begun working from home.

So staff can continue to work remotely, the IT support team has deployed a new jump server (management VM) with all the required custom support tools. This has been deployed to a new VNet in Azure.

You've been asked to configure secure connectivity. You will need to complete the following tasks:

  • Configure public connectivity to the jump server using a network security group and public IP addressing.
  • Configure private connectivity between the two virtual networks using VNet peering.
  • Configure a network security group rule for the hub network.

Logging In

Log in to the Azure portal by right-clicking the Open link in Incognito Window button on the lab page, and selecting the option to open it in a new private browser window (this option will read differently depending on your browser — e.g., in Chrome, it says "Open Link in Incognito Window"). Then, log in using the credentials provided on the lab page.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?