Bundle Core Network

## A Technical Description of MyPlatform's Templated Core Network Setup

MyPlatform has developed a templated setup for deploying a Core Network in Azure, establishing a secure and scalable foundation for all your cloud resources. The value of this template is rooted in the strategic integration of key Azure networking services, configured to work together to enforce security, automate routing, and provide deep visibility across your entire network landscape. This approach ensures a robust and centrally managed network from the outset.

## Integrated Services for a Secure and Scalable Network Foundation

Our Core Network template combines several critical Azure services into a cohesive and automated solution. Each component plays a vital role in building a network that adheres to security and operational best practices.

Centralized Security and Traffic Management

• Azure Firewall & Azure Virtual WAN Secured Hub: At the heart of our template is the Azure Virtual WAN (vWAN) Secured Hub, with Azure Firewall acting as the central security anchor. All network traffic, whether it's between different virtual networks (spokes), to and from the internet, or between Azure and your on-premises locations, is forced through the Azure Firewall. This hub-and-spoke model ensures that no traffic bypasses your central security controls.

• Core Network Rules (Platform-Wide): The template deploys a foundational set of Azure Firewall policies that serve as platform-wide security rules. These rules are designed to block known malicious traffic and establish a baseline for secure communication. You can then build upon this foundation with application-specific rules, but the core security posture remains consistent and centrally managed.

• Network-specific Log Collection and Firewall Policy Insights: All traffic logs from the Azure Firewall are automatically ingested into a centralized Log Analytics workspace. This provides invaluable data for threat hunting, security audits, and troubleshooting. The template also enables Firewall Policy Analytics, offering insights into your rule sets and traffic patterns to help you refine and optimize your security policies over time.

Automated Connectivity and Routing

• Hub and Spoke Peering Automation and Routing: Manually configuring network peering and routing can be complex and error-prone. Our template automates the peering of new spoke virtual networks to the central vWAN hub. Furthermore, it manages the routing tables to ensure that all traffic is correctly directed through the Azure Firewall, simplifying network expansion and guaranteeing that your security policies are always enforced.

• VPN or ExpressRoute Connectivity to On-Premise: The template provides a standardized mechanism for connecting your on-premises datacenters to Azure, offering a choice between a site-to-site VPN for encrypted traffic over the public internet or ExpressRoute for a private, dedicated connection. This integration ensures that your hybrid network traffic is also subject to the security and routing policies of the central hub.

Secure Access

• Azure Bastion Shared Service on Spoke: To provide secure administrative access to your virtual machines without exposing them to the public internet, the template deploys Azure Bastion as a shared service. Bastion allows you to RDP or SSH into your VMs directly from the Azure portal over a secure TLS connection, eliminating the need for public IP addresses on your VMs and reducing your attack surface.

## Understanding Consumption and Cost Management

It's important to note that a significant portion of the cost for this Core Network setup is driven by Azure Firewall, which is billed based on both deployment time and the amount of data processed. Therefore, proper configuration and right-sizing are crucial for managing expenses.

To help you forecast these costs, we have created a pre-configured template in the Azure Calculator. By inputting your expected data processing volumes and other network parameters, you can receive a detailed estimate of the monthly costs associated with this robust and secure Core Network foundation.