This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IdentityUnknown
Contributor
Contributor
‎2020-04-25 03:33 AM
Jump to solution

IaaS BluePrint on Azure

Hi folks,

one question to the recommended blueprint designed by CP:

image.png

If you have to implement it in an azure cloud, do you use for each spoke and each hub a dedicated VNET? 

It means you have to pay a lot of money for incoming and outgoing vnet traffic. 

If you take a look to an older deployment guide the recommendation is to use one vnet and seperate it with subnets.
image.png

 

What is best practise with all advantages and disadvantages?

 

Thank you in advance & best regards

 

 

0 Kudos
1 Solution

Accepted Solutions
Amit_Schnitzer
Employee Alumnus
Employee Alumnus
‎2020-05-10 11:14 PM
Jump to solution

Hi, 

Check Point's Cloud Security BluePrint is a conceptual "best practice" approach

with that in mind, when it comes to Azure, it can be deployed inside the same vNET or across multiple vNETs. From an architecture approach, it is preserving the same principles and thus a viable solution. 

The decision whether to implement it that way or the other is up to the customer decision and depends on some factors such as organization structure, environment size & scale, locations and cost as well. 

In other words, for an organization with limited cloud presence (Subscriptions, Regions, vNET's), it would probably make sense to follow the BluePrint and deploy the solution within a single vNET (I have added a diagram as an example)

 

hope that helps 

View solution in original post

Preview file
41 KB
2 Replies
Amit_Schnitzer
Employee Alumnus
Employee Alumnus
‎2020-05-10 11:14 PM
Jump to solution

Hi, 

Check Point's Cloud Security BluePrint is a conceptual "best practice" approach

with that in mind, when it comes to Azure, it can be deployed inside the same vNET or across multiple vNETs. From an architecture approach, it is preserving the same principles and thus a viable solution. 

The decision whether to implement it that way or the other is up to the customer decision and depends on some factors such as organization structure, environment size & scale, locations and cost as well. 

In other words, for an organization with limited cloud presence (Subscriptions, Regions, vNET's), it would probably make sense to follow the BluePrint and deploy the solution within a single vNET (I have added a diagram as an example)

 

hope that helps 

Preview file
41 KB
benko2
Participant
‎2021-04-16 12:09 AM
In response to Amit_Schnitzer
Jump to solution

In Microsoft documentation (Azure Virtual Network concepts and best practices) you can find this:

It is recommended you have fewer large VNets rather than multiple small VNets.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Multi Cloud Cluster GCP+Azure
Upcoming Events

    Sort by:
    CheckMates Events