Post on 05-Jan-2016
Extending your datacenter with Azure Site to Site VPNAleksandar Đorđevićadjordj@microsoft.com Technical EvangelistMicrosoft
Objectives, agenda and key takeawaysObjectives:• Show and demo Microsoft Azure Network – Site to Site VPN
Agenda:• Common examples for extending on premise Datacenter to Azure with Site to Site VPN
Key takeaways:• “Hey, it is easy to setup Azure Site to Site VPN”
On-premises
Your datacenter
Hardware VPN or Windows RRAS
Windows Azure
Virtual NetworkVPN
Gateway
<subnet 1>
<subnet 2>
<subnet 3>
DNS Server
VPN Gateway
Site-to-SiteVPN
S2S Virtual Network
Hybrid Datacenter scenarios• Capacity Demand• Remote Site• Layered Solutions• Strategic migration• Disaster Recovery
Demo
Environment outlook for Demo
On-premise Datacenter
Infrastructure at Azure
Cloud Service
Infrastructure at Belgrade
Active Directory
itp-dc01172.16.10.10 Site to Site VPN
Win2012RRASPub IP109.122.104.251
Azure Active/Passive GW/VPNtechdayzzz.cloudapp.net
172.16.10.0/24itpro-ceemc.rs
10.10.10.0/24
New VM with few features
Hybrid Datacenter scenarios
Hybrid scenario: Capacity demand
On-premise Datacenter
Site-to-Site VPN
Hybrid scenario: Capacity demand
On-premise Datacenter
Site-to-Site VPN
Hybrid scenario: Remote Sites
On-premise Datacenter
Europe
Asia
N. America
Central Datacenter
users
Hybrid scenario: Layered Solutions
On-premise Datacenter
Web Shop application
Web Frontend
SQL Backend
Billing and CRM
ERP & CRM
SQL Backend Site-to-Site VPN
Hybrid scenario: Strategic migration
On-premise Datacenter
Site-to-Site VPN
Hybrid scenario: Disaster Recovery
On-premise Datacenter
Site-to-Site VPN
Good to consider when planning Azure S2S VPN
• IKE v1, IKE v2
• AES 128, 256
• SHA1, SHA2
Generic VPN devices must support
• Windows Server
• Routing and Remote Access Service (RRAS)
New: Software based VPN gateway
Options for On-Premises VPN Gateways
Requirements for VPN gatewaysProperty Static Routing VPN gateway Dynamic Routing VPN gateway
Site-to-Site connectivity (S2S) Policy-based VPN configuration Route-based VPN configuration
Point-to-Site connectivity (P2S) Not supported Supported (Can coexist with site-to-site connectivity)
Authentication method Pre-shared key
• Pre-shared key for site-to-site connectivity
• Certificates for point-to-site connectivity
Maximum Number of Site-to-Site (S2S) connections 1 10
Maximum Number of Point-to-Site (P2S) connections Not supported 128
Active Routing Support (BGP) Not supported Not supported
http://azure.microsoft.com/en-us/documentation/services/virtual-network/
DNS ScenariosWindows Azure DNS Scenarios Use your own DNS Scenarios
A. Client-server applications using VMs B. Hybrid connectivity with on-premise (DNS on-premise)
C. SharePoint with custom DNS (VM)
VM
SQL Reporting Service
VM
SQL Analysis Service
VM
SQL Service
On-Premises Machine
Active Directory
Active Directory
SQL ServiceDomain joined to On-
Premises Network
On-Premises Machine
Business Components &
Entities
On-Premises Machine
UI Process Components
Web Tier
Active Directory
Internet
VM Role
SharePoint FrontEnd
VM Role
SharePoint FrontEnd
VM Role
Search and Indes
SQL Service
VM Role
DC DNS
VM Role
VM Role
SQL
VM Role
SQL
Local DNS
SQ
L Mirro
ring
LB
Open User Access
(Website)
DNS – you need to plan it…
Few tips...regarding Hybrid Datacenter• Azure is fast changing platform, and new features are
constantly being added
• Extending toward Azure is much faster than building your new traditional datacenter
• Azure has predefined HA capabilities that can be easily utilized
Network Load Balancing
Scale up/down
Etc.
• Plan your DNS resolution strategy
Quick recap…
Extending your infrastructure
On-premises
Subnets in Windows Azure
GatewayVPN Device
Setup virtual private networks in the cloud
Manage as extensions of on-premises datacenters
Logical isolation with network configuration options
Create subnets, private IP addresses
Bring your own DNS
Windows Azure Virtual Network – S2S VPN
Extend
your data
center!
It’s easy, step in to the world of hybrid…
Resources
TechNet Evaluation CenterDownload Microsoft software trials today.technet.microsoft.com/evalcenter
Microsoft Virtual Academy Learn, know apply http://www.microsoftvirtualacademy.com/
Microsoft Azure: Site-to-Site VPNhttp://www.microsoftvirtualacademy.com/training-courses/microsoft-azure-site-to-site-vpn
21
Check it out
Thank you!Q&A time