extending enterprise networks to windows azure
Post on 13-Feb-2017
234 Views
Preview:
TRANSCRIPT
Extending Enterprise Networks to Windows AzureGanesh SrinivasanProgram Manager, Windows Azure NetworkingMicrosoft Corporation
AZR316
Agenda
Overview of Windows Azure Virtual NetworkTypical use cases and scenariosSetting up Virtual NetworksWhat’s in our preview release
Overview of Hybrid Options in Windows Azure
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Windows Azure Hybrid and Connectivity Options
Windows Azure ENTERPRISE
Data Synchronization
SQL Data Sync
Application-Layer Connectivity & Messaging
Service Bus
Secure Machine-to-Machine Network
ConnectivityWindows Azure Connect
WINDOWS AZURE CONNECT WINDOWS AZURE VIRTUAL NETWORK
Azure Cross-premises Connectivity
Windows Azure
SIMPLE TO SETUP AND MANAGE
E2E SECURITYRAPID PROVISIONING
EASYCOMPLETE CONTROLSCALABLECOMPLEX SCENARIOS
ENTERPRISE-READY
On-premises
Windows Azure
On-premises
A protected private virtual network in the cloud
Setup secure private IPv4 networks fully contained within Windows AzureIP address persistenceInter-service DIP-to-DIP communication
Networking on-ramp for migrating existing apps and services to Windows AzureVirtual private networks in Windows AzureConnect to on-premises resources securely over industry standard site-to-site VPN
Currently Available in Preview
Windows Azure Virtual Network
Extend your Enterprise Networks to Windows Azure securely over S2S VPNRun “hybrid” apps that span cloud and their premisesIP level connectivity between Windows Azure and your premises
Your “virtual” branch office / datacenter in the cloud Enables many new scenarios
Hybrid Public / Private CloudEnterprise Identity and Access ControlMonitoring and ManagementSharePoint in Windows AzurePaaS and IaaS working together
Virtual Network FeaturesUse on-premises DNS servers for name resolution
Use your on-premises DNS servers for name resolutionJoin VMs running in Windows Azure to your corporate domains (running on-premises)Run DNS servers in Windows Azure Run Active Directory Domain Controller in Windows Azure
“Bring your own IPv4 addresses”Control over placement of Windows Azure Roles within the network using IP subnetsStable IPv4 addresses for VMs
Customer-managed private virtual networks within Windows Azure
Automated provisioning & managementSupport existing on-premises S2S VPN devices
Hosted VPN Gateway that enables site-to-site connectivity
Example: Contoso’s Deployment
Contoso HQ (10.0.0.0/16)
Contoso Test in Windows Azure
(10.2.0.0/16)
Contoso Production VNet in Windows Azure (10.1.0.0/16)
S2S VPN Device
IIS Servers
AD / DNS
SQL Farm
Exchange BRK Gateway
S2S VPN tunnels10.0.0.1010.0.0.11
131.57.23.120
10.2.2.0/24
10.2.3.0/24
10.1.2.0/24
10.1.3.0/24
65.52.249.2210.1.0.4 10.1.1.4
Windows Azure Virtual Network Scenarios
Monitoring and ManagementRemote monitoring and trouble-shooting of resources running in Windows Azure
Enterprise app in Windows Azure requiring connectivity to on-premise resourcesPhased Migration of services from premises to Windows Azure
Hybrid Public/Private Cloud
Advanced Connectivity Requirements
Cloud deployments requiring persistent IP addresses and direct connectivity across services
Manage identity and access control with on-premise resources (on-premises Active Directory)
Enterprise Identity and Access Control
The Corp. HQ
IIS Servers
AD / DNS
SQL Farm
App Servers
Application Migration
VPN Tunnel
WA Web Role
Domain joining VMs to a domain on-premises
Deploying VMs using PowerShell$dns1 = New-AzureDns -Name 'DCReplicainVnet' -IPAddress '10.100.4.4'$vmname = 'TechEdVNetVM4'$imagename = 'MSFT__Win2K8R2SP1-120514-1520-141205-01-en-us-30GB.vhd'$servicename = 'MyTechEdVNetDemo'
$TechEdVNetVM4 = New-AzureVMConfig -Name $vmname -InstanceSize 'Small' -ImageName $imagename |
Add-AzureProvisioningConfig -WindowsDomain -Password 'rdPa$$w0rd' `-Domain 'vnetdemo' -DomainPassword 'rdPa$$w0rd' `-DomainUserName 'ganesh' -JoinDomain 'vnetdemo.com' |
Set-AzureSubnet -SubnetNames 'TestSubnet1'
New-AzureVM –ServiceName $servicename -AffinityGroup 'VNetDemoAffinityGroup' -VMs $TechEdVNetVM4 -DnsSettings $dns1 -VNetName 'MyvNet'
Monitoring
VPN Tunnel
The Corp. HQ
IIS Servers
AD / DNS
SQL Farm
Monitoring Service
WA Web Role
SharePoint in Windows Azure
Virtual Machine
SharePoint FrontEnd
Virtual Machine
SharePoint FrontEnd
Virtual Machine
DC DNS
Server Account
Virtual Machine
Local DNS
SQL Mirroring
Load balancer
IPsec Tunnel
User AccountsOn
PremisesDC DNS
10.0.0.x
Domain Joined to On-Premises Network
Persistent VM Role
SQL
SQL
Virtual Machine
Search and Index
SQLPersistent Disk
Internet
Demo SharePoint in Windows Azure
Connecting Cloud Services with Virtual Network
DIP level Direct
Access
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet (10.1.0.0/16)
Load Balancer
80WA Web Role
Cloud Service
1
Cloud Service 2
AD
SQL Mirror
AD Subnet(10.2.0.0/16)
Contoso VNet (10.0.0.0/8)
More SecureLow LatencyCloud App AutonomyVIP Swap (stateless roles)Advanced Connectivity Requirements
Strengths
Hosting Multiple Customers with Overlapping Address Spaces
Contoso (10.0.0.0/16)
IIS Servers
AD / DNS
SQL Farm
Woodgrove (10.0.0.0/16)
IIS Servers
AD / DNS
SQL Farm
Contoso’s VNet in Windows Azure
(10.1.0.0/16)
Svc1
10.1.2.0/24
Svc2
10.1.3.0/24
65.52.249.22
Woodgrove’s VNet in Windows Azure
(10.1.0.0/16)
Svc1
10.1.2.0/24
Svc2
10.1.3.0/24
65.22.192.5
Exchange
Exchange
S2S VPN
Device
S2S VPN
Device
132.27.23.20
131.57.23.120
Setting up Virtual Networks
Configuration steps
DNS1 10.0.0.20
DNS2 10.0.0.21
S2S VPN device
131.57.23.45
IT Admin
Network Admin
ContosoVNet (10.1.0.0/16)
MyAffinityGroupFrontEndSubnet
(10.1.1.0/24)
SQLSubnet (10.1.3.0/24)
ADSubnet (10.1.2.0/24)
BESubnet (10.1.4.0/24)
GatewaySubnet
(10.1.0.0/24)GW IP65.57.23.45
Windows Azure Portal (API)
VPN device config script
Network configuratio
n
Deployment package
ContosoCorpOffice (10.0.0.0/16)
Portal Experience, APIs and Service Models
Operations on Net ConfigSet Network ConfigurationGet Network Configuration
Wizard to create, and update virtual networksManage Gateway Lifecycle
Portal
Create GatewayDelete GatewayGet GatewayGet Gateway SharedKeyReset Gateway SharedKeyList Connections
Operations on GW ManagerConnect To Local Network SiteDisconnect From Local Network SiteTest Local Network SiteList Operation Status
REST APIsPowerShell Cmdlets
APIs and Scripting
Network Configuration
Service Model
DemoSetting up Virtual Networks using the Windows Azure Portal
Deploying PaaS instances into a VNet
<ServiceConfiguration …><NetworkConfiguration><DnsServers><DnsServer name=“MyDNS" IPAddress=“10.1.0.5" /></DnsServers><VirtualNetworkSite name=“MyVNet"/><AddressAssignments><InstanceAddress roleName=“MyWebRole"><Subnets><Subnet name=“TestSubnet1" /><Subnet name=“TestSubnet2" /></Subnets></InstanceAddress></AddressAssignments></NetworkConfiguration>
</ServiceConfiguration>
Service Definition Schema
Deploying PaaS Services to a VNet
Supported VPN device families
JuniperSRX Series RoutersJ Series RoutersISG Series Routers
IKE v13DES, AES128SHA1
Industry standard VPN devices
More VPN device families soon ASA 5500 Series (Adaptive Security Appliances)ASR 1000 Series Aggregation Services Routers ISR Series Integrated Services Routers
Cisco
Preview release capabilities
Local Network SitePublic and Private IP addresses allowedOnly one gateway per siteOnly one active tunnel between site and VNet
Up to 5 VNets and 5 sites per subscriptionUp to 9 DNS Servers per subscription
Subscription Limits (soft limits)
IPv4 addresses limited to IP addresses in RFC1918Can connect to only one site per VNetNo limit on subnets
Virtual Network Site
Summary
Feedback and SupportFeedback to vnetfeedback@microsoft.comSupport Forum: http://social.msdn.microsoft.com/Forums/en-US/WAVirtualMachinesVirtualNetwork
Enables you to run hybrid scenarios in Windows Azure Networking on-ramp for migrating existing apps and services to Windows Azure
Windows Azure Virtual Network is
Customer-managed private virtual networks within Windows AzureHosted VPN Gateway that enables site-to-site connectivityOn-premises DNS servers for name resolution
Windows Azure supports
Call To ActionSign up for Windows Azure Virtual Machines and Virtual Networks previewUse Windows Azure Virtual Network features and provide feedback to vnetfeedback@microsoft.com
Visit Virtual Network Support Forum for support and tips
Useful Documents OnlineOverview of Windows Azure Virtual NetworkConfiguring a Virtual Network using the Windows Azure PortalNetwork Configuration schema documentationNotes on supported VPN devicesName resolution support
Related ContentAZR201Overview Windows Azure Virtual Machines and how they workAZR304Overview of Windows Azure Networking FeaturesAZR202An Overview of Managing Applications, Services, and Virtual Machines in Windows AzureAZR203Business Continuity in the Windows Azure CloudAZR313Deep Dive into Windows Azure Virtual MachinesAZR314Migrating Applications to Windows Azure Virtual MachinesAZR204Hybrid Will Rule: Options to Connect, Extend and Integrate Applications in Your Data Center and Windows AzureAZR307Running Linux in Windows Azure Virtual MachinesAZR327Deploying SharePoint Farms on Windows Azure Virtual MachinesAZR319Monitoring and Managing Your Windows Azure Applications and Services
Track Resources
Meetwindowsazure.com
@WindowsAzure @ms_teched
DOWNLOAD Windows Azure
Windowsazure.com/teched
Hands-On Labs
Resources
Connect. Share. Discuss.http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resourceswww.microsoft.com/learning
TechNet
Resources for IT Professionalshttp://microsoft.com/technet
Resources for Developershttp://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
Please Complete an Evaluation Your feedback is important!
Multipleways to Evaluate Sessions
Scan the Tagto evaluate thissession now on myTechEd Mobile
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
top related