If you don’t have ExpressRoute, you most probably rely on Azure Site-to-Site VPN to connect your on-premise network to Azure. If you have multiple Azure subscriptions, maintaining multiple Site-to-Site VPN connections from Azure to your on-premise VPN gateway is not fun at all. Take the case below in the diagram:
What is the problem?
- Configuration takes time.
- Maintaining all these VPN connections is not easy.
- Monitoring each connection is hell.
How can we solve this problem?
To solve the problem you can:
- Create only a single Site-to-Site VPN connection to a shared Azure subscription.
- Connect all the other subscriptions to the shared subscription through vNet Sharing
The diagram below shows a transformed hybrid connectivity architecture which is also supet easy to automate:
The only thing to keep in mind is that you need to make sure both vNets are in the same Azure Region. I have however heard of a preview vNet feature which allows sharing of vNets in different regions, but at the time I am writing this article, this feature is not yet in GA (General Availability).