Merge pull request #214377 from b-ahibbard/vwan

ANF VWAN

Author: v-stsavell

articles/azure-netapp-files/TOC.yml

@@ -227,6 +227,8 @@
         href: configure-unix-permissions-change-ownership-mode.md
       - name: Configure network features for a volume
         href: configure-network-features.md
+      - name: Configure Virtual WAN
+        href: configure-virtual-wan.md
     - name: Mount volumes
       items:
       - name: Mount an NFS volume for Windows or Linux VMs

articles/azure-netapp-files/azure-netapp-files-network-topologies.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: conceptual
-ms.date: 12/13/2022
+ms.date: 12/14/2022
 ms.author: ramakk
 ms.custom: references_regions
 ---
@@ -81,10 +81,10 @@ The following table describes what’s supported for each network features confi
 |     Number of IPs in a VNet (including immediately peered VNets) accessing volumes in an Azure NetApp Files hosting VNet    |     [Same standard limits as VMs](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-resource-manager-virtual-networking-limits)    |     1000    |
 |     Azure NetApp Files delegated subnets per VNet    |     1    |     1    |
 |     [Network Security Groups](../virtual-network/network-security-groups-overview.md) (NSGs) on Azure NetApp Files delegated   subnets    |     Yes    |     No    |
-|     [User-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined) (UDRs) on Azure NetApp Files delegated   subnets    |     Yes    |     No    |
+|     [User-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined) (UDRs) on Azure NetApp Files delegated subnets    |     Yes    |     No    |
 |     Connectivity to [Private Endpoints](../private-link/private-endpoint-overview.md)    |     No    |     No    |
 |     Connectivity to [Service Endpoints](../virtual-network/virtual-network-service-endpoints-overview.md)    |     No    |     No    |
-|     Azure policies (for   example, custom naming policies) on the Azure NetApp Files interface    |     No    |     No    |
+|     Azure policies (for example, custom naming policies) on the Azure NetApp Files interface    |     No    |     No    |
 |     Load balancers for Azure   NetApp Files traffic    |     No    |     No    |
 |     Dual stack (IPv4 and   IPv6) VNet    |     No <br> (IPv4 only supported)    |     No <br> (IPv4 only supported)   |
 
@@ -109,9 +109,10 @@ The following table describes the network topologies supported by each network f
 |     Connectivity from on-premises to a volume in a spoke VNet   over VPN gateway and VNet peering with gateway transit    |     Yes    |     Yes    |
 |     Connectivity over Active/Passive VPN gateways    |     Yes    |     Yes    |
 |     Connectivity over Active/Active VPN gateways    |     Yes    |     No    |
-|     Connectivity over Active/Active Zone Redundant gateways    |     No    |     No    |
+|     Connectivity over Active/Active Zone Redundant gateways    |     Yes    |     No    |
 | Connectivity over Active/Passive Zone Redundant gateways | Yes | Yes |
-|     Connectivity over Virtual WAN (VWAN)    |    No    |     No    |
+|     [Connectivity over Virtual WAN (VWAN)](configure-virtual-wan.md)    |    Yes    |     No    |
+
 
 \* This option will incur a charge on ingress and egress traffic that uses a virtual network peering connection. For more information, see [Virtual Network pricing](https://azure.microsoft.com/pricing/details/virtual-network/). For more general information, see [Virtual network peering](../virtual-network/virtual-network-peering-overview.md). 
 

articles/azure-netapp-files/configure-network-features.md

@@ -82,3 +82,4 @@ This section shows you how to set the Network Features option.
 * [Create an NFS volume for Azure NetApp Files](azure-netapp-files-create-volumes.md)
 * [Create an SMB volume for Azure NetApp Files](azure-netapp-files-create-volumes-smb.md) 
 * [Create a dual-protocol volume for Azure NetApp Files](create-volumes-dual-protocol.md) 
+* [Configure Virtual WAN for Azure NetApp Files](configure-virtual-wan.md)

articles/azure-netapp-files/configure-virtual-wan.md

@@ -0,0 +1,88 @@
+---
+title: Configure Virtual WAN for Azure NetApp Files | Microsoft Docs
+description: Describes guidelines to help you configure Azure NetApp files on Azure Virtual WAN.
+services: azure-netapp-files, virtual-wan
+author: rambk
+ms.service: azure-netapp-files
+ms.topic: conceptual
+ms.date: 12/14/2022
+ms.author: rambala
+---
+# Configure Virtual WAN for Azure NetApp Files (preview)
+
+You can configure Azure NetApp Files volumes with Standard network features in one or more Virtual WAN spoke virtual networks (VNets). This allows access to the file storage service globally across your Virtual WAN environment.
+
+Your Virtual WAN global deployments could include any combinations of different branches, Point-of-Presence (PoP), private users, offices, Azure virtual networks, and other multicloud deployments. You can use SD-WAN, site-to-site VPN, point-to-site VPN, and ExpressRoute to connect your different sites to a virtual hub. If you have multiple virtual hubs, all the hubs would be connected in full mesh in a standard Virtual WAN deployment.
+
+Refer to [What is Azure Virtual WAN?](../virtual-wan/virtual-wan-about.md) to learn more about Virtual WAN.
+
+The following diagram shows the concept of deploying Azure NetApp Files volume in one or more spokes of a Virtual WAN and accessing the volumes globally.
+
+:::image type="content" source="../media/azure-netapp-files/virtual-wan-1.png" alt-text="Conceptual illustration of virtual wan set up.":::
+
+This article will explain how to deploy and access an Azure NetApp Files volume over Virtual WAN.
+
+## Considerations
+
+* Inter-region secure hub connectivity is not supported. A spoke VNet containing Azure NetApp Files in region A cannot connect to a secure virtual hub in region B.
+* You should be familiar with network policies for Azure NetApp Files [private endpoints](../private-link/disable-private-endpoint-network-policy.md). Refer to [Route Azure NetApp Files traffic from on-premises via Azure Firewall](#route-azure-netapp-files-traffic-from-on-premises-via-azure-firewall) for further information.
+
+## Before you begin
+
+Before you proceed with configuring virtual WAN for Azure NetApp Files, confirm:
+
+* You've configured at least one virtual hub within your Virtual WAN environment. For help with the virtual hub settings, refer to [About virtual hub settings](../virtual-wan/hub-settings.md).
+* You've connected at least one spoke VNet to the virtual hub for deploying Azure NetApp Files volumes. For help, refer to [Connect a virtual network to a Virtual WAN hub](../virtual-wan/howto-connect-vnet-hub.md). 
+* You have sufficient address space within the selected spoke VNet (at the least a /28 space) for creating a subnet dedicated for Azure NetApp Files.
+
+## Deploy an Azure NetApp Files volume
+
+Once you've selected a spoke VNet, you can create the delegated Azure NetApp Files subnet within the VNet as part of the Azure NetApp Files deployment process. If you've already created the subnet, refer [Delegate a subnet to Azure NetApp Files](azure-netapp-files-delegate-subnet.md).
+
+Deploying Azure NetApp Files volume with Standard network features in a Virtual WAN spoke VNet is the same process as deploying it in any VNet. For deployment steps, refer to [Configure network features for an Azure NetApp Files volume](configure-network-features.md).
+
+## Route Azure NetApp Files traffic from on-premises via Azure Firewall
+
+This diagram shows routing traffic from on-premises to an Azure NetApp Files volume in a Virtual WAN spoke VNet via a Virtual WAN hub with a VPN gateway and an Azure firewall deployed inside the virtual hub.
+
+:::image type="content" source="../media/azure-netapp-files/azure-netapp-files-vnet-diagram.png" alt-text="Diagram of routing on-premises traffic via secure virtual hub.":::
+
+To learn how to install an Azure Firewall in a Virtual WAN hub, refer [Configure Azure Firewall in a Virtual WAN hub](../virtual-wan/howto-firewall.md).
+
+To force different traffic flows via the Azure Firewall installed in the hub, see [How to configure Virtual WAN Hub routing intent and routing policies](../virtual-wan/how-to-routing-policies.md).
+
+To force the Azure NetApp Files-bound traffic through Azure Firewall in the Virtual WAN hub, the effective routes of the virtual hub should have the specific IP address of the Azure NetApp Files volume pointing to the Azure Firewall.
+
+The following image of the Azure portal shows an example virtual hub of effective routes. In the first item, the IP address is listed as 10.2.0.5/32. The static routing entry's destination prefix is `<IP-Azure NetApp Files-Volume>/32`, and the next hop is `Azure-Firewall-in-hub`.
+
+:::image type="content" source="../virtual-wan/media/howto-private-link/effective-routes.png" alt-text="Screenshot of effective routes in Azure portal.":::
+
+> [!IMPORTANT] 
+> Azure NetApp Files mount leverages Azure Private Endpoint. The specific IP address entry is required, even if a CIDR to which the Azure NetApp Files volume IP address belongs is pointing to the Azure Firewall as its next hop. For example, 10.2.0.5/32 should be listed even though 10.0.0.0/8 is listed with the Azure Firewall as the next hop.
+
+## List Azure NetApp Files volume IP under virtual hub effective routes
+
+To identify the private IP address associated with your Azure NetApp Files volume:
+1. Navigate to the **Volumes** in your Azure NetApp Files subscription. 
+1. Identify the volume you are looking for. The private IP address associated with an Azure NetApp Files volume is listed as part of the mount path of the volume.
+
+:::image type="content" source="../media/azure-netapp-files/virtual-wan-volumes-list.png" alt-text="Screenshot showing the private IP address of an Azure NetApp Files volume  listed as part of its mount path." lightbox="../media/azure-netapp-files/virtual-wan-volumes-list.png":::
+
+### Edit virtual hub effective routes
+
+You can effect changes to a virtual hub's effective routes by adding routes explicitly to the virtual hub's route table.
+
+1. In the virtual hub, navigate to **Route Tables**.
+1. Select the route table you want to edit.
+    :::image type="content" source="../media/azure-netapp-files/virtual-hub-route-table.png" alt-text="Screenshot of virtual hub route table.":::
+1. Choose a **Route name** then add the **Destination prefix** and **Next hop**.
+    :::image type="content" source="../media/azure-netapp-files/route-table-edit.png" alt-text="Screenshot of route table edits.":::
+1. Save your changes. 
+
+## Next steps
+
+* [Understand Azure NetApp Files backup](backup-introduction.md)
+* [Cross-region replication of Azure NetApp Files volumes](cross-region-replication-introduction.md)
+* [Disaster recovery design](../virtual-wan/disaster-recovery-design.md)
+* [Migrate to Azure Virtual WAN](../virtual-wan/migrate-from-hub-spoke-topology.md)
+* [Virtual WAN routing deep dive](../virtual-wan/routing-deep-dive.md)

articles/azure-netapp-files/whats-new.md

@@ -21,7 +21,7 @@ Azure NetApp Files is updated regularly. This article provides a summary about t
 
 ## December 2022
 
-* [Cross-zone replication](create-cross-zone-replication.md) (Preview)
+  * [Cross-zone replication](create-cross-zone-replication.md) (Preview)
 
     With Azure’s push towards the use of availability zones (AZs) the need for storage-based data replication is equally increasing. Azure NetApp Files now supports [cross-zone replication](cross-zone-replication-introduction.md). With this new in-region replication capability - by combining it with the new availability zone volume placement feature - you can replicate your Azure NetApp Files volumes asynchronously from one Azure availability zone to another in a fast and cost-effective way.
 
@@ -31,6 +31,10 @@ Azure NetApp Files is updated regularly. This article provides a summary about t
 
     In the future, cross-zone replication is planned for all [AZ-enabled regions](../availability-zones/az-overview.md#azure-regions-with-availability-zones) with [Azure NetApp Files presence](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=netapp&regions=all&rar=true).
 
+* [Azure Virtual WAN](configure-virtual-wan.md) (Preview)
+
+    [Azure Virtual WAN](../virtual-wan/virtual-wan-about.md) is now supported on Azure NetApp Files with Standard network features. Azure Virtual WAN is a spoke-and-hub architecture, enabling cloud-hosted network hub connectivity between endpoints, creating networking, security, and routing functionalities in one interface. Use cases for Azure Virtual WAN include remote user VPN connectivity (point-to-site), private connectivity (ExpressRoute), intra-cloud connectivity, and VPN ExpressRoute inter-connectivity. 
+
 ## November 2022 
 
 * [Azure NetApp Files datastores for Azure VMware Solution](../azure-vmware/attach-azure-netapp-files-to-azure-vmware-solution-hosts.md) is now generally available (GA) with expanded regional coverage.