Introduction

Welcome. In this lesson you’ll learn how Network Virtual Appliances (NVAs) are used inside Azure Virtual Hubs — why they matter, common deployment patterns, and the management tasks you’ll perform once an NVA is running. Network Virtual Appliances are virtualized network devices — for example, firewalls, routers, and load balancers — delivered as virtual machines or marketplace images. In Azure Virtual Hubs, NVAs centralize inspection, routing, and security enforcement for hub-and-spoke topologies, enabling consistent policy enforcement and advanced traffic processing across multiple spokes. This lesson covers both conceptual and operational tasks so you can design, deploy, and maintain an NVA in a Virtual Hub. What you will learn

Manage an NVA in a Virtual Hub:
- Monitor health and metrics.
- Configure settings and policies.
- Apply updates and manage lifecycle.
Deploy an NVA into a Virtual Hub:
- Choose an appropriate appliance image or VM size.
- Integrate the NVA with hub routing and security constructs.
- Verify traffic flow and policies.

This lesson focuses on the conceptual steps and management tasks for NVAs in an Azure Virtual Hub. A basic understanding of Azure Virtual Hubs, hub routing, and virtual machine administration will help you follow along.

Why use an NVA in a Virtual Hub?

Centralized security and inspection: route inter-spoke or egress traffic through a firewall or DPI appliance.
Advanced routing: run custom routing or packet manipulation not supported by built-in hub routing.
Vendor features: leverage third-party firewall, WAN optimization, or IDS/IPS features available through marketplace appliances.

When to prefer an NVA vs native Azure services

Use Case	Prefer NVA when	Prefer native Azure service when
Deep packet inspection, Stateful firewall	You need vendor-specific features (IDS/IPS, WAF, advanced logging)	Basic network security via Azure Firewall or NSGs
Complex routing, protocol manipulation	Appliance supports custom routing policies or non-standard protocols	Hub route tables and Route Server suffice
Integrated management and logging	You need central management across multiple hubs/spokes	Azure-native solutions integrate more tightly with Azure Monitor and services

Recommended prerequisites

Familiarity with Azure Virtual Hub architecture and hub/spoke network design.
Basic VM management (images, sizes, NICs).
Access to the Azure subscription with network contributor or higher role.

Helpful references

A presentation slide titled "Learning Objectives" with a teal gradient panel on the left. It lists two items: "Learning to Manage an NVA in a Virtual hub" and "Learning to Deploy an NVA in your Virtual hub."

Watch Video

Working with Virtual WAN

Deploy an NVA in Your Virtual Hub

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

Introduction

Watch Video