https://aka.ms/IaaSSeries is where you can catch up or review the previous posts in the 31 Days of Windows Servers (VMs) in the Cloud series
As businesses start to understand how to leverage the power of Windows Azure, customers find that the Virtual Networking component is an extremely valuable asset that assists with integrating the cloud into your existing IT infrastructure. When an organization considers moving either an application or servers to the cloud, our customers tell us time and time again that one of the most important aspects of this move to the IT Pro is being able to leverage the assets of the cloud as if they were corporate-owned assets. Being able to seamlessly interface with the servers in the cloud using your corporate DNS namespace and existing IP addressing scheme allows machines on premise and machines in the cloud to appear on the same network. The Virtual Network component of Windows Azure does just that, and happens to be core to the Windows Azure Platform.
The Windows Azure Virtual Network allows businesses to create secure site-to-site connectivity between the company’s existing network infrastructure and Windows Azure, as well as to create protected private virtual networks in the cloud. Businesses can specify the address space that will be used for both your virtual network and the virtual network gateway. Additionally, the Windows Azure name resolution features allow you to connect directly to role instances and virtual machines via hostname just like the virtual machines were on-premise. These features allow you to use Windows Azure as you would a branch office, or as a protected private virtual network in the cloud. Windows Azure Virtual Networking is just one of the ways that your on-premise applications and servers can interact directly with applications and virtual machines in the cloud.
So, let’s expand on this a bit. Windows Azure Virtual Networks allows for customer-managed private virtual networks to be setup and configured with your corporations existing IPv4 addresses. In addition, customers are able to use their existing on-premise DNS servers for name resolution of applications and virtual machines hosted in Windows Azure. How are we able to do this? First we need to establish secure site-to-site network connectivity between your company’s network and Windows Azure.
Windows Azure provides a hosted VPN gateway that enables site-to site (S2S) connectivity through a supported on-premise VPN gateway device. This hosted VPN gateway provides automated provisioning & management on the Windows Azure side and connects to an existing on-premise VPN device from either Cisco or Juniper. The supported VPN devices from Cisco or Juniper come with configuration scripts to make the process relatively straight forward.
Once the S2S VPN is established, customers can set up secure IPv4 networks that are fully contained within Windows Azure by using persistent IP addresses from your corporate IP addressing scheme. This means that the internal IP address (DIP-Directed IP) of your virtual machines will remain persistent and will not change, even when you restart a virtual machine. More on that in a moment.
Once the networking is configured, name resolution across the Virtual Network can be established. Businesses have the option to use the name resolution provided by Windows Azure, or you may use your existing DNS server. Configuring your virtual network to use Windows Azure-provided name resolution is a relatively simple option, however, a more full-featured DNS solution may be in order to support future complex configurations.
Since Virtual Machines running in Windows Azure will have persistent IP addresses and DNS name resolution is configured between the on-premise network and Windows Azure, these VMs can join your existing Active Directory domain and function in the same manner as other domain-joined machines do. Windows Azure also has the ability to host Windows Server Active Directory domain controllers, or implement Active Directory Federation Services to allow virtual machines hosted in Windows Azure to authenticate locally.
What are some of the other scenarios that the Windows Azure Virtual Network enables?
- Hybrid Public/Private Cloud - Enterprise app in Windows Azure requiring connectivity to on-premise resources
- Enterprise Identity and Access Control - Manage identity and access control with on-premise resources (on-premises Active Directory)
- Monitoring and Management - Remote monitoring and trouble-shooting of resources running in Windows Azure
- Advanced Connectivity Requirements - Cloud deployments requiring persistent IP addresses and direct connectivity across services
Tune in tomorrow for the next post which is Windows Azure and Virtual Networking – Getting Started
Sign up for a FREE 90 Day Windows Azure trial today and get started!
Read the other posts in the 31 Days of Windows Servers (VMs) in the Cloud Series by visiting https://aka.ms/IaaSSeries