Azure Auto Scaling Deployment Use Cases

Learn about how auto scaling works for securing inbound and outbound traffic in both greenfield and brownfield deployments.
A greenfield deployment is a fresh deployment in to a new VNet. A brownfield deployment, in contrast, is an upgrade or addition to an existing VNet that has some existing components.
  • Secure inbound traffic in a greenfield deployment
    —If you are starting from scratch and need to secure inbound web traffic for an internet-facing application, you require Panorama, the Azure plugin for Panorama, the Infrastructure template, and the Inbound Firewall template. Use the sample App template to verify the tags and try the solution before you deploy your applications and enable VNet Peering between the VNet that hosts your Inbound Firewall VMSS and the application VNet(s). When providing the inputs for the Inbound Firewall template, you must provide the details for creating a new VNet. For details on what components are included in each template, see Auto Scaling on Azure - Components and Planning Checklist and Deploy Azure Auto Scaling Template.
    azure-autoscaling-concept-greenfield-inbound.png
  • Secure inbound traffic in a brownfield deployment
    —If you have applications deployed in one or more VNets that are peered with the VNet which hosts an Application Gateway and directs traffic to these applications, you can now deploy an auto scaling set of VM-Series firewalls to create a security VNet topology as shown in the following topology diagram. To secure inbound web traffic for an internet-facing application in a brownfield deployment, you require Panorama, the Azure plugin for Panorama, the Infrastructure template, and the Inbound Firewall template. When providing the inputs for the Inbound Firewall template, you must provide the details for the existing VNet.
    azure-autoscaling-concept-brownfield.png
    You will also need to complete additional configuration to connect the applications to the Inbound firewall VMSS, for example you must add a UDR to redirect the inbound application traffic through the firewall VMSS. See Deploy Azure Auto Scaling Template for details.
  • Secure outbound traffic in greenfield and brownfield deployments
    —To secure web traffic originating from applications within your VNets, you require Panorama, the Azure plugin for Panorama, the Infrastructure template, and the Hub Firewall template. You will also need to complete additional configuration to connect the applications to the Hub firewall VMSS. See Auto Scaling on Azure—How it Works and Deploy Azure Auto Scaling Template.
    azure-autoscaling-concept.png

Recommended For You