5/5/2018 11:05 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Slides:



Advertisements
Similar presentations
MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Advertisements

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
Windows Azure SQL Data Sync Name Title Microsoft Corporation.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Kurt Jung – Sr. Research Analyst KEMP Technologies
Mastering Azure Connectivity to the Microsoft Cloud
Azure Stack Foundation
Mastering Azure Connectivity to the Microsoft Cloud
Microsoft Azure networking: Sve što trebate znati
Microsoft Build /9/2017 5:00 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server Azure Resource Manager © 2014 Microsoft.
Welcome to the Hands on Lab!
Run Azure Services in your datacenter
IT Operations Management
Building ARM IaaS Application Environment
Mastering Azure Connectivity to the Microsoft Cloud Session 3.
Accelerate your DevOps with OpenShift by Red Hat
Microsoft Azure: The only consistent Hybrid Cloud
Migrating your IaaS infrastructure from ASM to ARM without downtime
Monitoring, diagnosing and debugging with Azure Networking
Mastering Azure Connectivity to the Microsoft Cloud
ExpressRoute for Office 365 Training
IT Operations Management
Microsoft Ignite /31/ :08 AM
Infrastructure Provisioning Kenon Owens Sr
Design and Implement Cloud Data Platform Solutions
Mastering Azure ExpressRoute Connectivity to the Microsoft Cloud
Microsoft Build /13/2018 2:15 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
ExpressRoute for Office 365 Training
Microsoft Virtual Academy
Microsoft Virtual Academy
Обзор Windows Azure Connect
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Azure AD Domain Services
Microsoft Virtual Academy
Microsoft Virtual Academy
Title of Presentation 12/2/2018 3:48 PM
Microsoft Virtual Academy
1/2/2019 5:18 PM THR3016 Customer stories: Plan and orchestrate large resource deployments on Azure infrastructure Igal Figlin Principal PM Manager – Azure.
TechReady 16 1/12/2019 MDC-B351 How to Design and Configure Networking in Microsoft System Center Part 2 of 2 Greg Cusanza Senior Program Manager, Microsoft.
Enabling the hybrid cloud with remote access appliances
Developing for Windows Azure
8/04/2019 9:13 PM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Windows Azure Overview
A - E Cloud Enterprise Symbols
Шитманов Дархан Қаражанұлы Тарих пәнінің
Title of Presentation 5/24/2019 1:26 PM
Route web traffic using Azure CLI
Day 2, Session 2 Connecting System Center to the Public Cloud
L3-L7 Connectivity Policies
Microsoft Virtual Academy
Microsoft Virtual Academy
Microsoft Virtual Academy
DirectAccess with Unified Access Gateway (UAG)
08 | Conclusion Jon Galloway | Technical Evangelist
VNet and Cross-Premises Connectivity
Presentation transcript:

5/5/2018 11:05 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure VNet for Containers 5/5/2018 11:05 PM P4045 Azure VNet for Containers Narayan Annamalai, Mario Lopez Program Managers, Azure Networking © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The Big (Network) Picture Build 2012 5/5/2018 11:05 PM Virtual Network “Bring Your Own Network” Segment with subnets and security groups Control traffic flow with User Defined Routes The Big (Network) Picture Azure Virtual Network Users Internet Front-End Access Dynamic/Reserved Public IP addresses Direct VM access, ACLs for security Load balancing DNS services: hosting, traffic management DDoS protection Backend Connectivity Point-to-site for dev / test VPN Gateways for secure site- to-site connectivity ExpressRoute for private enterprise grade connectivity Backend Connectivity ExpressRoute VPN Gateways © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure SDN Momentum: Rich and Scalable VNets 5/5/2018 11:05 PM Azure SDN Momentum: Rich and Scalable VNets 2013: Virtual networks Public load balancing Managed NAT 2014: Internal load balancing VPN based on premise connectivity 2015: Network security groups Service chaining Private peering Multi-NIC Reserved IP Instance IP 2016+: Container support Application gateway Accelerated networking Virtual network peering IPv6 Mac persistence Netwatcher Multiple IPs per NIC 1.8m virtual network interfaces 879k Network Security Groups 23k virtual network peerings 42.1m public IP address in use 28.8m reserved IP Over 100k TB traffic in/out per week 4.9k remote connectivity circuits 16.8 m hours/week of VPN gateway © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure VNet for Containers One SDN 5/5/2018 11:05 PM Azure VNet for Containers One SDN Vnet: One SDN for VMs & Containers Consistent way to specify policies One IP space, Containers as first class citizens on the network Connectivity between VMs and containers, Cross connectivity with on premises Rich feature set: Service chaining, ACLs, IPAM, Load balancing, DNS, PaaS Services Optimized for Cloud (no double overlays) Accelerated networking/ FPGA works/ existing offloads work No double encap VNet © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Container networking so far 5/5/2018 11:05 PM Container networking so far Bridge/NAT Mode Orchestrator Default Connectivity within containers in same Host Connectivity outside the host requires NAT Isolated Networks NAT Bridge Source 10.0.0.5 Destination 55.1.1.40 ... Source 148.23.2.34 Destination 55.1.1.40 ... Overlay network Mode Connectivity with containers outside the same host Double encapsulation: performance degradation Two networking stacks 10.1.1.5 10.2.1.5 VXLAN Tunnel VNet Header Data Overlay Header Data © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Container Service + SDN 5/5/2018 Azure Container Service + SDN Containers Orchestrator ACS—deploys and manages the infrastructure to run containers ACS—creates clusters with chosen orchestrators Orchestrators can now plug in to Azure SDN stack with a single click ACS engine Azure VNet Infrastructure © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Public Preview Open SDN solution for containers in Azure 5/5/2018 11:05 PM Public Preview Azure Open SDN solution for containers in Azure Connects containers to Azure network One SDN, connectivity, security, network and infrastructure management Available with Azure Container Service (ACS) Azure SDN Stack © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure VNet for containers 5/5/2018 11:05 PM Azure VNet for containers Connected to entire network (container, VM, on-premises) Native support for containers on Azure’s virtual network - all offloads supported with native performance Unified network policies for all workloads 10.1.1.5 10.1.1.6 10.2.1.5 10.2.1.6 Azure Network Backend connectivity ExpressRoute VPN Gateways © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Containers in Azure VNet 5/5/2018 11:05 PM Containers in Azure VNet Full connectivity within VNet. To other Containers, VMs, peered VNets Granular network control that scales Load balancing, Direct Internet access Connect to on-premises over Express Route, secure VPN gateway © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure VNet for containers—ecosystem 5/5/2018 Azure VNet for containers—ecosystem For CNI (Kubernetes, DC/OS) and CNM (Docker Engine) Orchestrator/ Plugin For Linux and Windows Platform For Azure and Azure Stack for on premises Cloud Container orchestrator Cloud network © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure VNet for Containers 5/5/2018 11:05 PM Open Source Azure VNet for Containers Microsoft Contributing to open source project CNI project, portability to Windows Azure VNet for Containers project, CNI plugin for Azure Microsoft is serious about open source and about serving as a committed participant in the open source community. We want to contribute fresh, innovative solutions for the community to share and build on. In this spirit, we are making available the complete and scalable Azure networking stack for containers that run on the Azure platform. A completely open source Container Network Interface (CNI) plug-in, sponsored by the Linux foundation, will work with different orchestrators on any platform—without vendor lock-in—and open up the benefits of the Azure networking stack for the community to implement their own versions in Windows and Linux Allowing the community to contribute to, modify, and engage with the Azure network stack. The significance of this announcement is that the container approach has not been available for networking before now. To network between containers, customers needed an overlay—which has an impact on performance—and had to use different vendors for different functionality such as load balancing, security, and on-premises connections. Azure Virtual Network for Containers will provide all that functionality at no extra cost, with the familiar Software Defined Networking (SDN) stack that is available in Azure VMs today. And you can use any third- party orchestrator to create Containers and leverage the Azure network as the platform. To learn more about Azure Virtual Network for Containers A single Azure open-source project for all things container networking on Azure https://github.com/Azure/azure-container-networking © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Open & Modular Architecture 5/5/2018 11:05 PM Open & Modular Architecture Container1 Container2 Container3 Application Containers Orchestrator (Kubernetes, DC/OS, Service Fabric) Container Runtime (Docker) CNI Container hosting environment 3rd party plugins Network Plugin IPAM Plugin Open architecture – our SDN works with every partner Azure offers a rich Software Defined Networking stack to accomplish the Network Virtual functions for virtual machines. Customers can deploy VMs into virtual private networks (VNets), set up network ACLs, load balancing, internet connectivity and connect back to on-premises through hybrid technologies. Today, we are announcing that all these network virtual functions can also be leveraged for containers running in Azure. ‘Azure Virtual Network’ for containers is a CNI plugin that works with various container orchestration engines to impart SDN to containers. This solution is also integrated to ‘Azure Container Service Engine’ such that this is readily available for a customer when using the kubernetes SKU. Some of the unique benefits of the product are: • Every container gets a directly addressable private IP addresses from the Vnet • The containers can communicate with one another by using the private IP address. No overlay or complex routing will be required. • The containers can be configured behind the Azure Load Balancer • The container IP addresses can be programmed in Azure Network Security groups to provide fine grained access control across VM instances. • The containers will have full connectivity to rest of the Virtual as well as on-premises through ExpressRoute or S2S VPN Operating System (Windows, Linux) OS environment IP1 IP2 IP3 Containers as first class citizens on Network Azure SDN Service Chaining, Security, Connectivity © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Container Service 5/5/2018 11:05 PM Azure Container Service Azure CNI plugin integrated and available through settings on ACS engine, allowing users to turn on CNI plugin on the settings template and start using with their container orchestrator. https://github.com/Azure/acs-engine © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/5/2018 11:05 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Setup Azure VNet Kubernetes Cluster Subnet 10.240.0.0/12 5/5/2018 11:05 PM Demo Setup Kubernetes Cluster Subnet 10.240.0.0/12 Database Subnet 10.10.10.0/24 Master 10.240.255.5 NSG Linux Agent Linux Agent LinuxVM 10.10.10.4 HR VM 10.10.10.6 Pod1 (nginx) Pod2 (nginx) Pod3 (nginx) Azure VNet © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Takeaways One SDN Performance Integration On premises & Cloud 5/5/2018 11:05 PM Takeaways One SDN Performance Integration On premises & Cloud VMs & Containers Linux & Windows Benefits: - Battle tested - Designed to scale High performance networks – Azure Accelerated Networking Low-latency, high- bandwidth connections on Linux and Windows Click of a button, fully integrated to ACS Benefits: Battle tested, enterprise-grade network Routing, security, NFV Uniform policies, designed to scale © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/5/2018 11:05 PM References GitHub - https://github.com/Azure/azure-container-networking Azure VNet - https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview Azure Container Services Engine - https://github.com/Azure/acs-engine © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.