Course Roadmap, Target Architecture
Before we start building, letβs look at the roadmap and the target architecture we will create throughout this course.
This training moves step by step from network topology to real architectural control.
We begin by defining the course scope, assumptions, and the final multi-VNet Azure networking lab we want to build.
At the center of this architecture, we have the Hub VNet, which becomes the control point for shared networking services such as Azure Firewall and Private DNS.
On both sides, we have Spoke VNet 1 and Spoke VNet 2, which represent isolated workload networks connected to the hub through VNet peering.
But peering alone only gives us reachability, so we add routing and User Defined Routes to control which path traffic should follow.
Selected traffic is then directed through Azure Firewall, where inspection and outbound control can be enforced centrally.
We also add a Private Endpoint connected to a Storage Service, and we use Private DNS to make that private service reachable across VNet boundaries.
Finally, we include RBAC-aware access, because network reachability and authorization are two separate concerns.
By the end of the course, this diagram will become a working Terraform and OpenTofu lab that combines topology, peering, routing, firewall inspection, private connectivity, DNS, and access control.
