With the growth of Hybrid Cloud deployments, most enterprises have moved workloads to the cloud and need to enable secured connectivity from branch sites to these application workloads. In addition, enterprises are moving towards hybrid and multi-cloud architecture with their on-premise infrastructure. This transition must work seamlessly while ensuring SLAs (Service Level Agreements) are met for applications hosted on-IaaS, PaaS, SaaS environments, and on-premise with the right level of visibility and security controls.

The central entity in Azure that provides the branch integrations through vION devices is the Virtual WAN (virtual WAN). Azure Virtual WAN is a networking service with a single operational interface that provides networking, security, and routing functionalities together. These functionalities include branch connectivity through SD-WAN devices (vION), intra-cloud connectivity (transitive connectivity for virtual networks), Azure Firewall, and encryption for private connectivity, amongst others that may be applicable in a typical hybrid cloud integration environment.

According to Microsoft Azure, the virtual WAN architecture is a hub and spoke architecture with built-in scale and performance for branches (VPN/SD-WAN devices), virtual networks, users (Azure VPN/OpenVPN/IKEv2 clients), and ExpressRoute circuits. In addition, it enables a global transit network architecture, where the cloud-hosted network hub enables transitive connectivity between endpoints that may be distributed across different types of spokes.