VM deployments in Azure Cloud

We need to deploy App connector VM for application access, NSS VM as well as Data Connector VM (Used for integration with Azure sentinel) in Azure cloud. Can someone please provide and share inputs on below points

  1. From functioning and VM deployment perspective is it possible to provisioning all VM’s within same Resource group ?

  2. Is it possible to deploy all these VM’s in same vNet sitting behind a dedicate Azure Firewall instance for internet connectivity? Plan is to NAT traffic from all these VM’s for internet access and outbound connectivity to a single public IP?

Or Should I keep all NSS , data connector VM in separate RG and vNet along with App connector VM in a separate RG and vNet?

How is your deployment going?, if your still looking for input,
i have done a similar setup a while ago,
all VMs are in same RG, same VNET,
Internet is via a NAT GW with static public IP.
the only thing different i done compared to above, is that i used NSGs instead of az fw.
one for each VM
so a specific NSG for the app con,
specific for the NSS VM
and specific for the Data connector.


Till now I had deployed App connector VM’s in an isolated vNet sitting behind Azure Firewall. Will be deploying NSS VM later

1 Like