Today a quick post on Zone Aware VPN Gateways… When you currently create a VPN gateway, you’ll see the following screen ;
There are two important options to note here ;
– Availability Zone
– Active / Active
Here you have the option to either create a “Zone-redundant” VPN Gateway, or link it directly to a zone. If you choose the “Zone-redundant” one, then it’ll be deployed across Azure Availbility Zones (where each zone has a different fault/update domain).
The other option is to link it to a specific zone. For me, this is a pretty niche situation, as I only see a potential use case if you expect the VPN Gateway and workload to be very close to each other.
Active / Active
As you would expect, you get multiple instances for your VPN Gateway. When selecting Active/Active, you’ll have two instances running. Where in a Zone Redundant config, they’ll each run in another zone. Though if you would have selected a specific zone, then they would both be deployed into the same zone.
Don’t forget that zone-aware services are an exception to the basic rule that services talking to each other in the same VNET have no budget impact. If this is new to you, be sure to read up on the cost impact in this post.