Hybrid Infrastructure – Azure + On-Prem VPN

Here is one of my recent IT consulting missions where I helped a mid-sized company securely connect their on-premise infrastructure to the Azure cloud using a hybrid VPN setup.

Client: Hexorix Technologies (Hybrid Infrastructure & VPN)
Consultant: Samuel Ndala – Cloud & Network Security Consultant
Duration: 6 days
Delivery Date: March 5, 2024
Project Type: Hybrid Cloud Networking & Secure Connectivity

Project Supervision & Mentorship

This project was completed under the mentorship and supervision of:

• Eric Mulumba – Senior IT Specialist with 15+ years of expertise in system architecture and enterprise security.

• Elie William Mbayabo – Technical Support Engineer at Check Point Software Technologies, with professional experience in network security and IT operations.

Working under their guidance allowed me to strengthen my technical skills, apply industry best practices, and deliver a solution that reflects real-world enterprise standards.

Project Summary

Hexorix Technologies needed to extend its on-premise infrastructure to Azure for better scalability and availability, without compromising on internal security. The goal was to set up a reliable and secure hybrid network using VPN gateways to link Azure and on-prem networks.

Objectives

Design and deploy a hybrid network architecture
Establish a Site-to-Site VPN tunnel between Azure and on-prem
Configure Azure Virtual Network Gateway
Enforce secure routing, NAT rules, and firewall policies
Provide documentation and connection testing results

Architecture Overview

VPN Setup & Configuration

Deployed Azure Virtual Network Gateway (VPN SKU)
Created Local Network Gateway with on-prem IP range
Shared secret and IKEv2 tunnel established
Updated on-prem firewall to allow IPSec/IKE protocols
Validated tunnel status, latency, and data flow

Routing & Firewall Rules

Configured custom UDR (User Defined Routes)
Enabled NAT translation for outbound traffic
Allowed only specific ports and subnets through the VPN
Blocked public IP exposure via NSG and on-prem firewall

Key Deliverables

🧩 Architecture diagram (.PNG + .Visio)
🔐 VPN configuration file (IPSec/IKE settings)
📄 Connection validation report (ping, latency, flow test)
📘 Documentation for internal IT team
💡 Troubleshooting checklist for future updates

Results & Impact

✅ Tunnel connection established and stable
✅ Secure routing from on-prem to Azure (no public exposure)
✅ Latency under 50ms across regions
✅ Hybrid model enabled local apps to connect to cloud DBs

Technologies Used

Azure: VPN Gateway, Local Network Gateway, NSG, VNet
On-Prem: FortiGate Firewall (IPSec), RouterOS
Protocols: IKEv2, IPSec, BGP
Tools: Azure CLI, Network Watcher, Wireshark (for testing)

Conclusion

This project enabled Hexorix Technologies to transition into a hybrid infrastructure model with full control over routing, security, and availability. The solution is scalable and can support future expansion or DR failover scenarios.

Popular Projects

Create a Real-Time Data Stream with Kinesis

Deploy a Containerized App to Azure Kubernetes Service (AKS)

Create and test a Pub/Sub queue with a subscriber

Host a Static Website on Google Cloud Storage

What is Cloud Computing ?

Cloud computing delivers computing resources (servers, storage, databases, networking, and software) over the internet, allowing businesses to scale and pay only for what they use, eliminating the need for physical infrastructure.

AWS: The most popular cloud platform, offering scalable compute, storage, AI/ML, and networking services.

Azure: A strong enterprise cloud with hybrid capabilities and deep Microsoft product integration.

Google Cloud (GCP): Known for data analytics, machine learning, and open-source support.

LINKS