Connecting Clouds

(Dieser Artikel ist auch auf deutsch verfügbar)

Microsoft Azure Germany is - as you might already know - a separate instance of Azure, with different subscriptions, datacenters, and without connection to the datacenter backbone. So questions came up if it is possible to connect networks between Azure and Azure Germany, and here is the blogpost about this...

To connect a network to or within Azure, there are basically 4 ways:

• VNet Peering
• VNet-to-VNet (V2V)
• Site-to-Site (S2S)
• ExpressRoute(s) (only listed here for completeness)

We will have a closer look at each of this possible solutions to find out if we can use them to connect a virtual network (VNet) form Azure to a VNet in Azure Germany.

VNet-Peering

One pre-requisit for VNet peering is, that both VNets are inside the same Azure region. Since this is obviously not the case in our scenario, so we don't need to investigate any deeper. If you are interested in VNet peering anyways, there is a super article about it.

VNet-to VNet (V2V)

VNet-toVnet (V2V) is similar to the Site-to-Site covered further down, but here both endpoints are inside Azure. You can use V2V to connect VNets in different regions, even in different subscriptions (with PowerShell, but who cares :-)). Setting up a V2V is super easy and perfectly covered in another article, but unfortunately both endpoints have to be in the same Azure environment. That means you can use V2V to connect VNets with both in Azure or both in Azure Germany, but not with one VNet in Azure and the other one in Azure Germany. So V2V is not a solution for our goal...

Site-to-Site (S2S)

Normally S2S is used to connect VNets in Azure with on-premise networks over a secured (IPSec) tunnel. You kind of merge both networks to one by defining a gateway in each of the networks and tell them how to communicate with each other (IP addresses, IPSec parameters etc). Again there is an easy to understand article, from where we only take the major steps here:

1. define a virtual network
2. define address space
3. define subnets
4. define gateway subnet
5. define gateway for VNet
6. define gateway for local network (represents your local VPN device)
7. configure local VPN device
8. build the connection

To connect VNets between Azure and Azure Germany you prepare everything in both environments (step 1-5) just like connecting the VPN gateway with an on-premise device, and simply connect them together in a final step. Or in other words: Instead of step 7 just repeat step 1-6 in the other environment and enter the public IP address of the gateway as the gateways address in step 6 of the other environment. Understand? No? Ok, again:

• do step 1-5 in Azure
• do step 1-5 in Azure Germany
• do step 6 in Azure by entering the public IP address of the VPN gateway in Azure Germany
• do step 6 in Azure Germany by entering the public IP address of the Azure gateway
• finish with step 8 (leaving out step 7)

So from now on VMs in one of the VNets can communicate directly with VMs in another VNet in the other environment over the IPSec tunnel.

Caveat

The pricing is different between V2V and S2S, check it out before you start.

The tunnel uses the normal Internet, so drop-offs or changing bandwidths might occur, just the same when connecting on-premise with Azure over S2S.