Background: A customer asked if it was possible to use what they called a ‘bridge-hub’ virtual network (this virtual network would only contain an Azure firewall), and have spokes virtual networks connect to that ‘bridge-hub’ and then use a VPN gateway hosted in another virtual network, which in turn connected to on-prem. The goal being to get the virtual network not peered to the virtual network containing the VPN gateway to be able to route to/from on-prem.

Background: A colleague asked me an interesting question about an Azure Virtual WAN scenario their customer was facing. The customer is using Azure Virtual WAN with a single virtual WAN hub, which was placed in the West Europe region, and this hub had been deployed before Azure Virtual WAN routing intent was available (https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-routing-preference-overview). The customer had deployed a number of virtual networks in West Europe and was using a tiered vnet model in West Europe https://learn.

Question: When does network traffic stay on the Microsoft network? Does Azure to Azure traffic stay on the Microsoft network? What about Azure to other Microsoft services, such as Microsoft 365? For a video discussion of the same topic see https://www.youtube.com/watch?v=ssrAPwOKw4g Background: There seems to be some confusion as to when, and when not, traffic originating in Azure stays within the Azure backbone (from now on I’ll refer to this as the Microsoft Network) network.

Problem Statement: I have Terraform modules in a single repository that enable me to deploy a hub virtual network, firewall and VPN gateway. How can I deploy this code to multiple Azure regions using Terraform Cloud? Answer: There is more than one way to achieve this: A Github repository dedicated to each region and a Terraform Cloud workspace for each region Publish the modules to terraform cloud private registry, reference those modules in a repository dedicated for each region and a terraform cloud workspace for each region Use a single repo for everything with different directories containing a root module for each environment and a terraform workspace for each region I’m sure there are other options as well as the above

So Terraform 0.12 was just released. I sat down this morning to have a quick play with it. I strongly recommend following the upgrade guide and make a separate branch of your TF files before testing 0.12. After getting everything setup and ready to test I ran a plan and apply using Terraform 0.11.14 and got my infrastructure to a state where no further changes were required. I then ran terraform.