I recently had to set up a new cloud environment, either an AWS VPC or an Azure VNet, for a project. The compute part went quickly, but once we dove into network connectivity—including routing, firewall rules, and cross-region access—everything slowed down significantly. Even with automation in play, getting everything fully connected and ready for production took much longer than I'd anticipated. For those working with large enterprise cloud setups, I'm curious: what does your deployment timeline look like for a new VPC or VNet? Are you looking at days, or does it often stretch into weeks with networking and security configurations?
6 Answers
Creating a landing zone can really accelerate your deployments. You might want to check out the Azure Cloud Adoption Framework for some design areas that could help: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas
If you’re waiting on an ExpressRoute, it could take days. But, if you have a setup like a VWANHub, it’s just minutes. Ultimately, it depends on how automated you are willing to go and the comfort level with networking intricacies. Some teams take a more careful approach, and I completely get that.
In my experience, it takes about 20 minutes to run the DevOps pipeline that deploys the new spoke and connects it to our hub, whether it’s on AWS or Azure. But getting everything approved and the necessary pull requests done can take a few days due to change control processes.
In my experience, it takes about a month for each request in one environment because there are so many prerequisites, especially for firewall IP range approvals.
The timeline really depends on how well your initial IP addressing is set up. I’ve seen cases where a VNet was completely tied up because of poor initial design. Fixing that could take weeks instead of the anticipated few minutes for a quick VNet deployment.
It's tricky to give a definitive time without knowing more details. I use Terraform to set everything up in AWS, which speeds things up a lot for me, but your timing will depend on various factors.
I had a similar experience a few years back. The networks team assigned us a huge CIDR range, but someone used all of it for one production VPC. When we needed a new VPC later, we were completely blocked. It turned out to be a huge hassle because the network team didn't have anything left to allocate.