Senior Program Manager Lead Senior Program Manager Whats new in Azure Networking 2617 Building highly available services Loadbalancing in Azure Traffic Manager ACLs and IP addresses ID: 531916
Download Presentation The PPT/PDF document "Jonathan Tuliani Ganesh Srinivasan" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Jonathan Tuliani Ganesh SrinivasanSenior Program Manager Lead Senior Program Manager
What’s new in Azure Networking
2-617Slide3
Building highly available servicesLoad-balancing in Azure
Traffic ManagerACLs and IP addresses
IP ACLs
Virtual NetworkCloud ConnectivityVirtual Network connectivityExpressRoute
Agenda slideSlide4
Traffic Manager General AvailabilityTraffic Manager support for Web Sites
Static private IP addresses for VMs
VM Subnet migration in
VNetsPoint-to-site connectivityDynamic routing gatewaysMore VPN devices
ExpressRoute previewWhat’s newSlide5
Load-balancing in AzureTraffic Manager
DNS
Building Highly available applicationsSlide6
Overview: Existing Connectivity in Azure
LB
VIP
:Input
Endpoint
Internal Endpoint
Load-balanced
endpoint. Stable VIP per service.
Single port per endpoint
Supported protocols: HTTP, HTTPS, TCP
Input Endpoint
Instance-to-instance communication
Supported Protocols: TCP
Port ranges supported
Communication boundary = Deployment boundary
Internal Endpoint
Windows Azure-provided DNS service for service-level
name resolution
Runtime APIs
or DNS for
instance identification
Name Resolution
foo.cloudapp.net
VIPSlide7
Fault Domain
Rack
Virtual Machine
IIS1
Virtual Machine
SQL1
Fault Domain
Rack
Virtual Machine
IIS2
Virtual Machine
SQL2
Loadbalanced
Set
SQL Availability Set
Make VMs Resilient to Failures with Availability Sets
Get SLA by deploying multiple instances in availability sets
Ensure availability during updates & maintenance
Continue to architect availability into the application Slide8
Azure Traffic Manager
DNS with a policy
engine
Active health monitoring and automatic failover
Traffic Manager is
Load balance incoming traffic across multiple
Azure
services to provide your applications
high
performance
Automatically fail over between deployments, for
high availability
Easily add/remove deployments from active use, allowing
seamless upgrades
With Traffic Manager you canSlide9
Traffic Manager Overview
www.contoso.com
CNAME
Cloud Service
Cloud Service
Azure Web Site
Load-balancing
Endpoint monitoring
contoso.trafficmanager.net
Performance
- Direct traffic to “closest” service based on network latency
Round-robin
- Distribute traffic equally across
all services
Failover
- Direct traffic to “backup” service
if primary service
fails—also included in other policies
Load balancing policies
Now supporting Azure Web Sites
Brings Traffic
Manager benefits to Azure Web Sites
Manage traffic between Azure Web Sites deployed in different regions
Combine Azure Web
S
ites with Cloud Services (e.g. failover to static Web Site)
Web sites must be in the ‘Standard’ tierSlide10
Traffic Manager DemoSlide11
IP ACLsStatic Virtual Network IP addressesSubnet migrationACLs and
IP addressesSlide12
IP: 101. 121.---.255
IP: 127.255. ---.---
IP: 2001:4898:9:2:---:e60c:b118:---
IP: 111.111. ---.---
Getting tighter on Security with Public Endpoint Access Control Lists
12
Virtual
Machines
IP: 101. 121.---.255
IP: 127.255. ---.---
End Point ACL
P
P
Slide13
Virtual Network
<subnet X>
<subnet Y>
<subnet Z>
Virtual Networks
DNS Server
Logical
isolation with
full control
over
network
Create Subnets, use your
p
rivate
IP
addresses
Stable and persistent private IP addresses
Use Azure-provided DNS, or bring your own
Secure VMs with input endpoint ACLs
Ideal for large scale cloud-only deployments
Connectivity options
AzureSlide14
Static Virtual Network IP Addresses
Previously
Vnet
IP addresses are persistent, but not predictable in advance (dynamically assigned)
Now
Static
VNet
IP addresses can be specified at deployment time
Static
VNet
IP addresses can also be assigned/changed/removed for existing VMs
Example scenario
Static IP for AD / DNS server
Available via PowerShell
Sample
New-
AzureVMConfig
-Name “
mydns
” ` -
ImageName
$img
-InstanceSize Small | Set-AzureSubnet -SubNetNames $subnet | Add-AzureProvisioningConfig -Windows ` -
AdminUsername $adm -Password $pwd | Set-AzureStaticVNetIP -IPAddress "10.0.0.8" |
New-
AzureVM -ServiceName $svc -VNetName $vnetSlide15
Moving VMs across subnets
Move VMs from one subnet to another without requiring a redeployment
Migration enables you to re-plan and reorganize your subnets within a
VNet for optimal address usageMigrate VMs to appropriate subnets for policy enforcement and routability
Simplifies ACL definition
$
MyVM
= New-
AzureVMConfig
-Name $
VmName
-
InstanceSize 'Small' -ImageName $ImageName
| Add-
AzureProvisioningConfig -
AdminUserName $UserName
-Windows -Password $Password |Set-
AzureSubnet -SubnetNames
$
SubnetSlide16
Point-to-site connectivitySite-to-site connectivityExpressRouteConnectivitySlide17
Windows Azure Hybrid Offerings
Cloud
Customer
What’s new
Secure p
oint-to-site
c
onnectivity
Virtual Network (Point-to-Site)
Announcing General Availability
Secure
site-to-site
VPN
c
onnectivity
Virtual Network
(Site-to-Site
)
Announcing General Availability of Dynamic routing VPN Gateways
New VPN vendors
Private site-to-site
c
onnectivity
ExpressRoute
Preview service
GA in early summer
AT&T, Equinix, Level3Slide18
On-premises
Your datacenter
Individual
computers behind
corporate firewall
Point-to-Site
VPN
Route-based
VPN
Azure
Virtual Network
VPN
Gateway
<subnet 1>
<subnet 2>
<subnet 3>
DNS Server
VPN Gateway
Remote workers
Site-to-Site
VPN
Point-to-Site
VPNsSlide19
Virtual Networks & P2S Connectivity
Connect from anywhere securelyNo software installation required!
Easy to setup and use
Ideal for prototyping, development, demosP2S and S2S coexist
P2S
VPNs
Active Directory
SharePoint
SQL
Server
Azure
Existing
Datacenter
S2S VPNSlide20
Configuration steps
DNS1
10.0.0.20
DNS2
10.0.0.21
S2S VPN device
131.57.23.45
IT Admin
Network Admin
ContosoVNet
(10.1.0.0/16)
MyAffinityGroup
FrontEndSubnet
(10.1.1.0/24)
SQLSubnet
(10.1.3.0/24)
ADSubnet
(10.1.2.0/24)
BESubnet
(10.1.4.0/24)
GatewaySubnet
(10.1.0.0/24
)
GW IP
65.57.23.45
Azure
Portal (API)
VPN device
config
script
Network configuration
Deployment
package
ContosoCorpOffice
(10.0.0.0/16)
VPNClientAddressPool
(10.1.200.0/24
)
VPN
Profile
Configuration ToolSlide21
On-premises
Your datacenter
Hardware VPN or
Windows RRAS
Azure
Virtual Network
VPN
Gateway
<subnet 1>
<subnet 2>
<subnet 3>
DNS Server
VPN Gateway
Site-to-Site
VPN
Site-to-Site Connectivity
Extend your premises to the cloud securely
On-ramp for migrating services to the cloud
Use your on-
prem
resources in Azure (monitoring, AD, …)Slide22
IKE
v1, IKE v2
AES 128, 256
SHA1, SHA2
Generic VPN devices
must
support
Windows Server 2012 RRAS
Open Swan
Software based
VPN gateways
More Options for Getting Your Virtual Network StartedSlide23
Cloud on your
WAN
Avoids
risks from exposure to Internet
Avoids
complexity and added costs
Provides lower latency, higher bandwidth and greater availability
Public cloud
WAN
Customer DC
Customer site 1
Customer site 2
Public
internet
Customers want Windows Azure on their network
IPsec VPN over Internet
Greater
networking costs and latency since data is
hair
pinned
through a customer data center
Data travels over the open Internet to connect to
cloud
Bandwidth is limited
Public cloud
WAN
Customer DC
Customer site 1
Customer site 2
Public
internetSlide24
ExpressRouteSlide25
High throughput
Security
Lower cost
Predictable performance
What is
ExpressRoute
?
ExpressRoute
provides organizations a private,
dedicated
, high-throughput network connection between Windows Azure datacenters
and their on-premises
IT environment.Slide26
Windows Azure
Public services
(Storage, SQL DB, …)
Windows Azure Compute
(Virtual Machines, Cloud
Services, virtual networks)
Azure Edge
Carrier / IXP Infrastructure
Customer’s network
Traffic to public IP addresses in Windows Azure
Traffic to Virtual Networks in Windows Azure
Customer’s dedicated connection
Customer Connectivity
Make shapes consistent and icons throughout deck similar
Windows Azure
Public services
Windows Azure
Compute
Azure
Edge
Connectivity Provider
Infrastructure
Customer’s
network
Customer’s dedicated connection
Traffic to public IP addresses in Windows Azure
Traffic to Virtual Networks in Windows AzureSlide27
Summary
Use Traffic Manager to build highly available services
Use Virtual Network to create virtual private networks in Azure and extend your premises to Azure
Use Point-to-site connectivity to simplify prototyping and
dev
/ test / lab scenarios
Use ExpressRoute for Enterprise grade connectivity to Azure
New features
Traffic Manager, traffic manager for websites
Static private IPv4 addresses for VMs
Migrate VMs from one subnet to another without having to redeploy them
Point-to-site and dynamic routing generally available
New VPN device vendors validated
ExpressRoute in preview
In SummarySlide28
Windows Azure page for Networking servicesTraffic ManagerVirtual Network
ExpressRouteTutorials and How To guides
Getting started with traffic manager
Virtual networks and connectivityExpressRoute with Exchange ProvidersWhitepapersWindows Azure Network SecurityResourcesSlide29
Your Feedback is Important
Fill out an evaluation of this session
and help shape future events.
Scan the QR code
to evaluate
this session on your mobile device.
You’ll also be entered into
a daily prize drawing!Slide30
©
2014
Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.