Extending Enterprise Networks to Windows Azure 11/22/2018 3:51 PM AZR316 Extending Enterprise Networks to Windows Azure Ganesh Srinivasan Program Manager, Windows Azure Networking Microsoft Corporation © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Overview of Hybrid Options in Windows Azure Overview of Windows Azure Virtual Network Typical use cases and scenarios Setting up Virtual Networks What’s in our preview release

Windows Azure Hybrid and Connectivity Options ENTERPRISE Data Synchronization SQL Data Sync Application-Layer Connectivity & Messaging Service Bus Secure Machine-to-Machine Network Connectivity Windows Azure Connect Secure Site-to-Site Network Connectivity Windows Azure Virtual Network Secure Site-to-Site Network Connectivity Windows Azure Virtual Network

Azure Cross-premises Connectivity WINDOWS AZURE CONNECT WINDOWS AZURE VIRTUAL NETWORK Windows Azure Windows Azure On-premises On-premises SIMPLE TO SETUP AND MANAGE E2E SECURITY RAPID PROVISIONING EASY COMPLETE CONTROL SCALABLE COMPLEX SCENARIOS ENTERPRISE-READY

Windows Azure Virtual Network Networking on-ramp for migrating existing apps and services to Windows Azure Virtual private networks in Windows Azure Connect to on-premises resources securely over industry standard site-to-site VPN Currently Available in Preview A protected private virtual network in the cloud Setup secure private IPv4 networks fully contained within Windows Azure IP address persistence Inter-service DIP-to-DIP communication Extend your Enterprise Networks to Windows Azure securely over S2S VPN Run “hybrid” apps that span cloud and their premises IP level connectivity between Windows Azure and your premises Your “virtual” branch office / datacenter in the cloud Enables many new scenarios Hybrid Public / Private Cloud Enterprise Identity and Access Control Monitoring and Management SharePoint in Windows Azure PaaS and IaaS working together

Virtual Network Features “Bring your own IPv4 addresses” Control over placement of Windows Azure Roles within the network using IP subnets Stable IPv4 addresses for VMs Customer-managed private virtual networks within Windows Azure Use on-premises DNS servers for name resolution Use your on-premises DNS servers for name resolution Join VMs running in Windows Azure to your corporate domains (running on-premises) Run DNS servers in Windows Azure Run Active Directory Domain Controller in Windows Azure Automated provisioning & management Support existing on-premises S2S VPN devices Hosted VPN Gateway that enables site-to-site connectivity

Example: Contoso’s Deployment Contoso Production VNet in Windows Azure (10.1.0.0/16) 10.1.2.0/24 10.1.3.0/24 Contoso HQ (10.0.0.0/16) SQL Farm IIS Servers 131.57.23.120 65.52.249.22 10.1.0.4 10.1.1.4 AD / DNS 10.0.0.10 10.0.0.11 S2S VPN tunnels Contoso Test in Windows Azure (10.2.0.0/16) S2S VPN Device BRK Gateway Exchange 10.2.2.0/24 10.2.3.0/24

Windows Azure Virtual Network Scenarios Enterprise app in Windows Azure requiring connectivity to on-premise resources Phased Migration of services from premises to Windows Azure Hybrid Public/Private Cloud Monitoring and Management Remote monitoring and trouble-shooting of resources running in Windows Azure Manage identity and access control with on-premise resources (on-premises Active Directory) Enterprise Identity and Access Control Advanced Connectivity Requirements Cloud deployments requiring persistent IP addresses and direct connectivity across services

Application Migration The Corp. HQ IIS Servers AD / DNS SQL Farm App Servers WA Web Role VPN Tunnel

Domain joining VMs to a domain on-premises

Deploying VMs using PowerShell $dns1 = New-AzureDns -Name 'DCReplicainVnet' -IPAddress '10.100.4.4' $vmname = 'TechEdVNetVM4' $imagename = 'MSFT__Win2K8R2SP1-120514-1520-141205-01-en-us-30GB.vhd' $servicename = 'MyTechEdVNetDemo' $TechEdVNetVM4 = New-AzureVMConfig -Name $vmname -InstanceSize 'Small' -ImageName $imagename | Add-AzureProvisioningConfig -WindowsDomain -Password 'rdPa$$w0rd' ` -Domain 'vnetdemo' -DomainPassword 'rdPa$$w0rd' ` -DomainUserName 'ganesh' -JoinDomain 'vnetdemo.com' | Set-AzureSubnet -SubnetNames 'TestSubnet1' New-AzureVM –ServiceName $servicename -AffinityGroup 'VNetDemoAffinityGroup' -VMs $TechEdVNetVM4 -DnsSettings $dns1 -VNetName 'MyvNet'

Monitoring The Corp. HQ VPN Tunnel IIS Servers AD / DNS SQL Farm Monitoring Service WA Web Role VPN Tunnel

SharePoint in Windows Azure On Premises Virtual Machine DC DNS Server Account IPsec Tunnel Local DNS 10.0.0.x User Accounts Virtual Machine SharePoint FrontEnd DC DNS Persistent VM Role SQL SQL Mirroring Load balancer Internet Virtual Machine SharePoint FrontEnd Virtual Machine SQL Virtual Machine Search and Index SQL Persistent Disk Domain Joined to On-Premises Network

SharePoint in Windows Azure 11/22/2018 3:51 PM Demo SharePoint in Windows Azure © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Connecting Cloud Services with Virtual Network More Secure Low Latency Cloud App Autonomy VIP Swap (stateless roles) Advanced Connectivity Requirements Strengths Contoso VNet (10.0.0.0/8) Cloud Service1 80 WA Web Role FrontEndSubnet (10.0.0.0/16) Load Balancer DIP level Direct Access Cloud Service 2 SQLSubnet (10.1.0.0/16) AD SQL Mirror AD Subnet (10.2.0.0/16)

Hosting Multiple Customers with Overlapping Address Spaces Contoso (10.0.0.0/16) Contoso’s VNet in Windows Azure (10.1.0.0/16) 131.57.23.120 SQL Farm IIS Servers S2S VPN Device 65.52.249.22 Exchange AD / DNS Svc1 10.1.2.0/24 Svc2 10.1.3.0/24 Woodgrove (10.0.0.0/16) Woodgrove’s VNet in Windows Azure (10.1.0.0/16) 132.27.23.20 SQL Farm IIS Servers S2S VPN Device 65.22.192.5 Exchange AD / DNS Svc1 10.1.2.0/24 Svc2 10.1.3.0/24

Setting up Virtual Networks

Configuration steps ContosoCorpOffice (10.0.0.0/16) Network Admin Windows Azure Portal (API) Network configuration VPN device config script Deployment package IT Admin ContosoCorpOffice (10.0.0.0/16) ContosoVNet (10.1.0.0/16) MyAffinityGroup S2S VPN device 131.57.23.45 FrontEndSubnet (10.1.1.0/24) ADSubnet (10.1.2.0/24) GatewaySubnet (10.1.0.0/24) SQLSubnet (10.1.3.0/24) BESubnet (10.1.4.0/24) GW IP 65.57.23.45 DNS2 10.0.0.21 DNS1 10.0.0.20

Portal Experience, APIs and Service Models Wizard to create, and update virtual networks Manage Gateway Lifecycle Portal Operations on Net Config Set Network Configuration Get Network Configuration REST APIs PowerShell Cmdlets APIs and Scripting Create Gateway Delete Gateway Get Gateway Get Gateway SharedKey Reset Gateway SharedKey List Connections Operations on GW Manager Connect To Local Network Site Disconnect From Local Network Site Test Local Network Site List Operation Status Network Configuration Service Model

Setting up Virtual Networks using the Windows Azure Portal 11/22/2018 3:51 PM Demo Setting up Virtual Networks using the Windows Azure Portal © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Deploying PaaS instances into a VNet Service Definition Schema <ServiceConfiguration …> <NetworkConfiguration> <DnsServers> <DnsServer name=“MyDNS" IPAddress=“10.1.0.5" /> </DnsServers> <VirtualNetworkSite name=“MyVNet"/> <AddressAssignments> <InstanceAddress roleName=“MyWebRole"> <Subnets> <Subnet name=“TestSubnet1" /> <Subnet name=“TestSubnet2" /> </Subnets> </InstanceAddress> </AddressAssignments> </NetworkConfiguration> </ServiceConfiguration>

Deploying PaaS Services to a VNet

Supported VPN device families IKE v1 3DES, AES128 SHA1 Industry standard VPN devices Juniper SRX Series Routers J Series Routers ISG Series Routers ASA 5500 Series (Adaptive Security Appliances) ASR 1000 Series Aggregation Services Routers ISR Series Integrated Services Routers Cisco More VPN device families soon

Preview release capabilities Up to 5 VNets and 5 sites per subscription Up to 9 DNS Servers per subscription Subscription Limits (soft limits) Local Network Site Public and Private IP addresses allowed Only one gateway per site Only one active tunnel between site and VNet IPv4 addresses limited to IP addresses in RFC1918 Can connect to only one site per VNet No limit on subnets Virtual Network Site

Summary Windows Azure Virtual Network is Feedback and Support Enables you to run hybrid scenarios in Windows Azure Networking on-ramp for migrating existing apps and services to Windows Azure Windows Azure Virtual Network is Feedback and Support Feedback to vnetfeedback@microsoft.com Support Forum: http://social.msdn.microsoft.com/Forums/en-US/WAVirtualMachinesVirtualNetwork Customer-managed private virtual networks within Windows Azure Hosted VPN Gateway that enables site-to-site connectivity On-premises DNS servers for name resolution Windows Azure supports

Call To Action Sign up for Windows Azure Virtual Machines and Virtual Networks preview Use Windows Azure Virtual Network features and provide feedback to vnetfeedback@microsoft.com Visit Virtual Network Support Forum for support and tips Useful Documents Online Overview of Windows Azure Virtual Network Configuring a Virtual Network using the Windows Azure Portal Network Configuration schema documentation Notes on supported VPN devices Name resolution support

Related Content AZR201 Overview Windows Azure Virtual Machines and how they work AZR304 Overview of Windows Azure Networking Features AZR203 Business Continuity in the Windows Azure Cloud AZR313 Deep Dive into Windows Azure Virtual Machines AZR314 Migrating Applications to Windows Azure Virtual Machines AZR204 Hybrid Will Rule: Options to Connect, Extend and Integrate Applications in Your Data Center and Windows Azure AZR307 Running Linux in Windows Azure Virtual Machines AZR319 Monitoring and Managing Your Windows Azure Applications and Services

Track Resources @WindowsAzure @ms_teched DOWNLOAD Windows Azure Meetwindowsazure.com @WindowsAzure @ms_teched DOWNLOAD Windows Azure Windowsazure.com/ teched Hands-On Labs

Resources Learning TechNet http://europe.msteched.com Connect. Share. Discuss. http://europe.msteched.com Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

Submit your evals online 11/22/2018 3:51 PM Evaluations Submit your evals online http://europe.msteched.com/sessions © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/22/2018 3:51 PM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/22/2018 3:51 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.