Optimizing Connectivity and Collaboration with Azure Hub and Spoke Architecture

Mar 12, 2024

Introduction

The customer is an innovative and pioneering part of the dental industry, delivering discount dental plans to local, regional, state, and national clients. They serve more than 30 million members across all companies, brands, products, and services. They are an established leader structured to design, develop, and deliver industry-best products and services focused on individual health and well-being and characterized by affordability, integrity, transparency, simplicity, and value.

Challenges

The customer faced the challenge of developing, deploying, and managing a SaaS application in a highly regulated healthcare environment. The need for segregated development environments, strict security controls, and seamless integration with on-premises systems called for a sophisticated Azure solution on the networking side.

Technology Solutions

Intuitive leveraged its Azure networking and security expertise to support this customer in a transformation effort. Intuitive came up with Hub-and-Spoke VNet Topology and deployed a hub-and-spoke VNet topology in Azure, where the hub VNet acts as the central point of connectivity, and spokes represent individual business units or applications.

Intuitive also deployed an ExpressRoute for Hybrid Connectivity and implemented Microsoft Azure ExpressRoute to establish private, dedicated connections between Azure data centers and on-premises locations. Connecting on-premises data centers to the Azure hub VNet via ExpressRoute circuits, ensuring low-latency, high-throughput, and secure connectivity and configured VPN as a failover to connect to the on-premises resources.

Implementation Strategy

Defined Networking Requirements to identify business and technical requirements, considering factors such as performance, security, compliance, and scalability. Determine the type of resources that need to communicate within Azure and with on-premises environments.

Designed Virtual Network Architecture and plan the Azure Virtual Network (VNet) architecture, including the segmentation of resources into subnets. Consider implementing a hub-and-spoke topology for centralized network management and improved security.

  • Core VNet as Hub:
    Serves as the central hub for the entire network architecture. Hosts critical services including Azure Firewall, Virtual Network Gateway, and Azure Monitoring and Management VMs.
  • Spoke VNets:
    • Production VNet:
      Hosts the live SaaS application with strict access controls and compliance measures.
    • Pre-Production VNet:
      Used for pre-release testing, ensuring high-quality application delivery.
    • Staging VNet:
      Dedicated for final pre-deployment testing, isolating any potential issues before release.
  • Transit Hub VNet:
    Connects to different VNets and on-premises infrastructure using Azure ExpressRoute for a dedicated and secure connection.

Results and Impact

  • Security and Compliance:
    Strict controls through Azure Firewall ensure compliance with healthcare data regulations, safeguarding sensitive patient information.
  • Scalability:
    The architecture is designed for scalability, supporting increased user loads and accommodating future expansion of the SaaS application.
  • Efficient Development Life Cycle:
    Segregated spoke VNets allow for isolated development, testing, and staging, enhancing the efficiency of the application development life cycle.
  • Seamless Integration:
    ExpressRoute provides a dedicated and secure link between on-premises systems and the Azure network, ensuring seamless integration of the client's existing infrastructure.

Conclusion

The implementation of Azure Hub-and-Spoke Topology for our healthcare provider client's SaaS application delivers a secure, scalable, and compliant network infrastructure. The central hub, along with segregated spoke VNets and ExpressRoute connectivity, addresses the unique challenges of the healthcare industry.

Main Logo
Rocket