Docs section: Network & Connectivity - Target information

[danycontre]

This page has a lot of information on it that isn't specific to AVD as a "construction set" upon an ESLZ framework.

The CAF networking decision tree & common networking scenarios etc. Shouldn't live in this doc and are covered in the ESLZ networking sections for what is relevant for "corp" connected workloads which is effectively what WVD is.

This page seems more like a general CAF doc for networking which we already have covered in ESLZ and elsewhere.

This should be prescriptive around the networking considerations for WVD deployments on and ESLZ framework.

Make this doc specific to the AVD construction set networking design covering the below:

• VNET design
• Subnets
• Micro segmentation
• Peering back to hub or VWAN as per ESLZ
• DNS configuration
• For AD DS Join
• Private Link/Endpoint
• NSGs
• Including suggested rules
• Private Endpoints
• Creation and placement
• DNS Zones back to central ones in ESLZ
• WVD required URLs
• How to handle with and without Azure Firewall
• Azure Files
• Private Endpoint
• SMB Multi-Channel
• Considerations before enabling
• (breaks NTFS GUI & have to use icacls)
• How to handle internet breakout
• Connectivity back to on-prem
• Linking back to ESLZ network docs and just providing context as to how ESLZ sits on top of ESLZ and therefore uses the hubs

[danycontre]

I would also add AzFW and its suggested configuration for AVD.

[danycontre]

Changes to existing documentation: we need to overhaul the current documentation as it mostly talks of CAF and ALZ but not a lot of specifics on AVD, we will use some of the existing info in the document but in general we need to align with what other teams (like AVS Enterprise-scale network topology and connectivity for Azure VMware Solution - Cloud Adoption Framework | Microsoft Docs) have delivered in their accelerator docs.

The newly proposed structure for the doc will include customer scenarios section (customer profile, architectural components with diagram, considerations):

• Quick intro: brief info on ALZ connectivity, AVD’s networking and mentions hybrid, performance, security, and scale.
• Networking components and concepts: quick description of networking concepts and components that interact with the AVD deployment: NSG, ASG, Azure Firewall, Azure virtual network, NVA, vWAN, hub&spoke, UDR, AVD traffic flow, private link, azure files networking, ANF networking.

• Networking Scenarios:

1: Hub&Spoke
2: vWAN
3: Traffic inspection: NVA, secure hub, azure firewall (forced tunneling).

• General design considerations and recommendations:

Hub-Spoke vs vWAN
AVD Ports and protocols requirements
AVD Bandwidth and latency
AVD Internet connectivity (Outbound)
Zero trust on AVD networking Security
Plan for IP addressing
DNS
Native vs Short path

[danycontre]

Network and topology doc created and submitted including diagrams for scenario 1.

PR submitted: https://github.com/MicrosoftDocs/cloud-adoption-framework-pr/pull/2988

[danycontre]

Pending:

• Scenarios
  -- Zero-trust: NSG/ASG for micro-segmenting east/west and forced NVA/AzFW in the hub for north/south
  -- RDP Shortpath
  -- NVA/AzFW in the hub to control north/south specially internet outbound
  -- Cross-region example

• Subjects:
  -- Network policy driven governance
  -- Monitoring
  -- Plan for IP addressing
  -- Internet inbound/outbound filtering options
  -- Micro segmentation
  -- Network security

[danycontre]

Moving this issue to complete.

New issue created for networking docs and scenarios updates (#71)