1. Windows Azure Virtual Network Basics4
Cheryl McGuire | Technical Writer – Microsoft
Ronald Beekelaar | Founder – Virsoft Solutions

2. Lessons Virtual Network Basics Name Resolution (DNS) Traffic Manager
This should also be a review for the

3. Virtual Network Communication Basics

4. Windows Azure Virtual Network
Your “virtual” branch office/ datacenter in the cloud
Extend your Enterprise Networks into Azure networking on-ramp for migrating existing apps and services to Windows Azure
Enables “hybrid” apps that span cloud and their premises
A protected private virtual network in the cloud
Set up secure private IPv4 networks fully contained within Windows Azure
IP address persistence
Inter-service DIP-to-DIP communication
Windows Azure
VM 1
VM 2
ROLE 1
Subnet 2
Subnet 1

5. DIPS and VIPS There are multiple ways to access a VM by IP address
VIP – Virtual IP address
An internet-facing IP address that is not bound to a specific computer or network interface card.
The cloud service that the VM sits within is assigned the VIP.
You can have multiple VMs in a cloud service. They share the same VIP.
DIP – Dynamic IP address
This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You rely on DHCP – Do NOT statically configure your IP address. Even for DCs.
The IP address lease directly equates to the lifetime of the VM.
If you create a virtual network, the VM will receive its DIP from that range.

6. IP addresses Cloud Service VIP- 137.135.64.110 VM1 VM2 Virtual Machine
DIP
DIP
VM1
VM2
Think of a cloud service as a container. Every VM has either a cloud service created for it automatically, or you can choose a cloud service for it to belong to.

7. Inbound Through the SLB
Software Load Balancer
supercoffee.cloudapp.net
VIP
supercoffee.cloudapp.net:55736
supercoffee.cloudapp.net:52539
DIP
DIP
Switch to quick Demo on desktop
VM1
VM2

8. Within a Virtual Network
Can communicate within VNet and within Cloud Service. V
Cloud Service
VIP
Cloud Service
VIP
DIP
DIP
DIP
VM1
VM2
VM1
Don’t go into Vnet any more than to say it’s an IP address overlay if you want to keep traffic from needed to go out through the SLB. It also is required if you want a secure VPN.
Check with Ronald on this one. The VM name can be the same host in both VMs. That’s why you need FQDN to have name resolution.
Virtual Network

9. Multiple Virtual Networks Within a Subscription
Software Load Balancer V V
Cloud Service
VIP
Cloud Service
VIP
DIP
DIP
DIP
VM1
VM2
VM1
Can have the same IP ranges and the same hostnames. Can live on the same piece of hardware. Do not communicate directly with each other.
VNet1
VNet2

10. No Inter-VNet Communication
Software Load Balancer X X
Internet standard body (IETF) as a special IP range for carrier usage /10

11. Secure Cross-Premises Communication
Software Load Balancer X X
Internet standard body (IETF) as a special IP range for carrier usage /10
In April 2012, IANA allocated /10 for use in carrier grade NAT scenarios in RFC 6598.[3] This address block should not be used either on private networks or on the public Internet: it is intended only for use within the internal operations of carrier networks.
Also, things get trickier when we talk about where traffic routes to as soon as you introduce Vnet gatways.
VNet Gateway
VNet Gateway
Company A
/24
Subsidiary
/24
Not on the same network
No IP address overlap X X

12. Traffic Routing from the VNet
Traffic through the gateway, or the SLB?
Is it within the same VNet? Yes? Send it to the host within the VNet.
No?
Is it listed in Local Networks? Yes? Send through the gateway.
If it’s not either of those, send it outbound through the SLB.
Important-
List your IP ranges in Local Networks
Verify that your names are resolving to the correct destination IP

13. Windows Azure Name Resolution

14. Windows Azure provided DNS (IDNS)
You can create your own hostnames
You don’t need to configure anything
Resolves VMs by hostname within the same cloud service
Resolves VMs by FQDN within the same virtual network
Machine names are modeled explicitly and registered in the DNS service
Standard DNS lookups are supported

15. Bring your own DNS for: BYODNS Name resolution between cloud services
Multiple hostnames for the same VM
Cross-premises name resolution
Reverse lookups (PTR)
Wins and NetBios name resolution

16. DNS Server Requirements
Requirements for your DNS server:
Must accept dynamic DNS registration -DDNS
Record scavenging must be off
Recursion must be enabled
Accessible on TCP/UDP port 53 by clients requesting resolution and by services/VMs registering their names

17. Specify your DNS Server
Network Configuration file or Management Portal
DNS Element
Virtual Network Sites Element

18. Demo Demo hostnames and FQDN
Switch to desktop Microsoft.com logon to show hostnames for the VMS. Discuss how the cloudapp name is different, but the hostname can be the same. Show NetConfig file on the desktop. Show how if you add a DNS server to the registered DNS servers, it adds it to the Netconfig file. Change order of the DNS servers and then re-export and show how the order changes.

19. Traffic Manager

20. Traffic Manager – Now Generally Available!!
Build high performing cloud applications
Planning for disaster recovery
Upgrade Cloud Applications seamlessly
DNS-based service load balancing
Direct user traffic to services running across Windows Azure datacenters based on policy:
 Performance/latency
 Round-robin
 DR / Failover

21. Traffic Manager What does Traffic Manager do? Why is this useful?
Allows you to control the distribution of user traffic to your cloud services.
Why is this useful?
It improves on the availability of your critical applications by monitoring and providing automatic failover capabilities if a service is unavailable.
If you are running cloud services all over the world, it can direct users to the cloud service closest to them, improving the responsiveness of your application and delivery times.
If you are doing maintenance on a cloud service and need to bring it down, it will route traffic to the other cloud services that you define in your profile.
How does it work?
It applies an intelligent policy engine to the Domain Name Service (DNS) queries on the domain names of your cloud services. Your cloud services can be running in the same datacenter or in different datacenters across the world.

22. How does Traffic Manager Work?
User requests info using the company domain name.
The DNS RR for the company domain points to a Traffic Manager domain in Windows Azure Traffic Manager. This is done by using a CNAME record.
The Traffic Manager domain is part of the Traffic Manager profile that you create. You also create rules within this profile. The rules you select dictate the load balance method you want to use and what you want to monitor for health.
Traffic Manager processes the rules and returns the DNS name of the cloud service, which is later resolved to the IP address.
The User contacts the service directly, by IP address. This information is cached on the client’s computer. Thus, the client will continue to interact with the selected service until that TTL expires.

23. How do I configure Traffic Manager
You can configure Traffic Manager in the Management Portal
Create a Traffic Manager Profile
Add endpoints
Configure the DNS TTL
Select the Load Balancing Method
Round Robin
Performance
Failover. Be sure to adjust the failover order.
Configure Monitoring.
You can either monitor ‘/’ (default directory of the services) or create a file with the same name in each cloud service and allow Traffic Manager to perform an http(s) GET on the file. Then specify in Traffic Manager.
Save your changes.

24. Demo Traffic Manager Demo
Switch to desktop Microsoft.com logon to show hostnames for the VMS. Discuss how the cloudapp name is different, but the hostname can be the same. Show NetConfig file on the desktop. Show how if you add a DNS server to the registered DNS servers, it adds it to the Netconfig file. Change order of the DNS servers and then re-export and show how the order changes.

25. 9/18/2018 8:58 AM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.