Global Windows Azure Bootcamp – Lisboa - Windows Azure Biztalk Services
Windows Azure Connect Name Title Microsoft Corporation.
-
Upload
william-turner -
Category
Documents
-
view
218 -
download
4
Transcript of Windows Azure Connect Name Title Microsoft Corporation.
Windows Azure Connect
NameTitleMicrosoft Corporation
Introducing Windows Azure ConnectSecure network connectivity between on-premises and cloudSupports standard IP protocols
Example use cases:Enterprise app migrated to Windows Azure that requires access to on-premise SQL ServerWindows Azure app domain-joined to corporate Active Directory Remote administration and trouble-shooting of Windows Azure Roles
Simple setup and management
Enterprise
Windows Azure Connect – Closer LookEnable Windows Azure (WA) Roles for external connectivity via service model
Enable local computers for connectivity by
installing WA Connect agent
Network policy managed through WA portalGranular control over connectivity
Automatic setup of secure IP-level network between connected role instances and local computersTunnel firewalls/NAT’s through hosted relay serviceSecured via end-to-end IPSecDNS name resolution Enterpri
se
Role C(Multiple
VM’s)
Role A Role B
Relay
Dev Machines Databases
Windows Azure Connect
demo
Windows Azure Service DeploymentTo use Connect with a WA service, enable one or more of its RolesFor Web & Worker Role, include the Connect plug-in as part of Service Model (.csdef file)
For VM role, install the Connect agent in VHD image using the Connect VM install package
Connect agent will automatically be deployed for each new role instance that starts up
Connect agent configuration managed through the Service Configuration (.cscfg) fileOne required setting - “ActivationToken”
Unique per-subscription token, accessed from Admin UI
Optional settings for managing AD domain-join and service availability
On-Premises DeploymentLocal computers are enabled for connectivity by installing & activating the Connect agentWeb-based installation link Retrieved from admin UIContains per-subscription activation token embedded in URL
Standalone install packageReads activation token from registry keyEnables installation using existing S/W distribution tools
Connect agent tray icon & client UIView activation state & connectivity status Refresh network policy
Connect agent automatically manages network connectivity Sets up virtual network adapter“Auto-connects” to Connect relay service as neededConfigures IPSec policy based on network policy Enables DNS name resolution Automatically syncs latest network policies
Management of Network PolicyConnect network policy managed through Windows Azure admin portalManaged on a per-subscription basis
Local computers are organized into GroupsE.g. “SQL Servers”, “My Laptops”, “Project Foo”
A computer can only belong to a single group at a time
Newly activated computers are ‘unassigned’ by default
WA Roles can be connected to GroupsEnables network connectivity between all Role instances (VM’s) and local computers in the Group
WA Connect does not control connectivity between Roles or Role instances (done through existing mechanisms)
Groups can be connected to other GroupsEnables network connectivity between computers in each group
In addition, a Group can be ‘interconnected’ - enables connectivity within a group
Useful for ad-hoc & roaming scenarios
Network Policy - Example
My Laptops
DEV_LAPTOP1
DEV_LAPTOP2
SERVER1
SERVER2
SERVER3
My Servers
Networking BehaviorConnected resources (WA Role instances and external machines) have secure IP-level network connectivityRegardless of physical network topology (Firewalls / NAT’s) so long as outbound HTTPS access to Connect Relay service
Each connected machine has a routable IPv6 addressConnect agent sets up virtual network adapter
No changes to existing networks (additive model)
Communication between resources is secured via end-to-end certificate-based IPSec Scoped to Connect virtual network
Automated management of IPSec certificates
DNS name resolution for connected resources based on machine names Windows Azure instance local computer
Local computer Windows Azure instance
Active Directory Domain JoinConnect plug-in supports domain-join of WA Roles to on-premises Active Directory
Scenarios enabled:Log into WA role instances using domain accounts
Connect to on-premise SQL server using Windows Integrated Auth
Migrate LOB apps to cloud that assume domain-joined environment
Process to enable:Install Connect agent on DC / DNS server(s)For multiple DC environment, recommend creating dedicated Site
Configure Connect plug-in to automatically join WA role instances to ADSpecify credentials used for domain-join operation
Specify target OU for WA role instances
Specify list of domain users / groups to add to local Administrators group
Configure network policy to enable connectivity between WA roles and DC / DNS servers
New WA role instances will automatically be domain-joined
Windows Azure Connect - Roadmap
CTP Available Now
Future release
On-premises agent for non-Windows Azure resourcesSupports Windows Server 2008 R2, Windows Server 2008, Windows 7, Windows Vista SP1, and up
Sign up on Windows Azure Portal under ‘Beta’ programs
Enable connectivity using existing on-premises VPN devices
SummaryWindows Azure Connect enables secure network connectivity between Windows Azure services and on-premises resources
Simple to setup & manageEnable WA Roles using Connect plug-inInstall Connect agent on local computersConfigure network policy
Useful scenarios:Remote administration & troubleshootingWindows Azure app access to on-premises serversDomain-join Windows Azure roles
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.