Planning and Implementing Hybrid Network Connectivity
Ok. Let me get started and be very swish here in timing-wise. Hooter, more huh. That. That's. It we. Can definitely, do better than this I practice. The whole night saying. Goedemorgen. So I need to be better than that ok. Guten. Morgen. Ok. Thank. You very much so. My name is Thomas Muller and I welcome you this morning at the Ignite on tour again happy, that you all chose. My session, I don't, really know why you come to my session but that's fine. So, it's all about this. Session is all about implementing. And planning, a hybrid network connectivity right and that's, what I'm going to talk about so. First. Of all again my name is Thomas Muller I work as a cloud. Advocate, for Microsoft, now. Stunningly. One. And a half month I think I started yeah around one and half months I'm pretty new to the team. But. I'm super excited and super fun, you probably know me before from the, MEP community, and things, like that so. Perfect. When, I came here first of all they told me that I should probably not do, some inappropriate jokes, right and gave me some speaker training, things what to do on stage and what not to do they, also told me I cannot bribe my, audience anymore with Swiss chocolate I'm, like ok that's bad. However, I have. Some stickers which. I will provide to the audience I don't have, thousands. Of them so I don't have only a couple of them so if you then join after my sessions, or my sessions the in, the afternoon. To. The Microsoft. Pouf over there I have and asking for some stickers I will happy, to give them to you I will give you all of the stickers I have. Yeah. Perfect. So. You're. Sitting here in the learning track for hybrid, cloud right and you will see that, we will talk about the. Tailoring, traders, as a demo company and what they want to achieve and, over, the next five session, in that track we will tell you okay look that are the steps, need to take starting, with the hybrid networking. So. Some background to tailing traders their company, they have a significant, growth. Their. Existing, company they found premise investment, so they have some stuff on Prem but, they're now moving to the cloud because, they want to use the benefits of the cloud so. They do need, to do a couple of different things including. Networking, and that's basically the story we'll go through in. Those five sessions, in. That learning track. Good. So this session has a. Couple of learning points, we want to spend time on first. Of all. Assessing. A hybrid network the, requirements, for hybrid networking, right this is very important, if. You do any project, or sort. Of project. It's, super important to basically know, your requirements, and, then we will show you how, to overcome, and plan, some, of the network. Configurations. And plan the. Integration, of that and. Show you some of the features how you can do high availability and, performance improvements. And you walk through this. Kind of network. Design. So. But first of all before we start talking about the networking part so why actually does, a company go a hybrid cloud right why would we not just move. Everything to the cloud why just we stay. On Prem I. Think, there are multiple reasons for that and if you today probably. Are a start-up. You. Probably be a cloud only company, right if you start fresh you, don't have any legacy depending, the industry, you're in and the, things, you do you probably, start in a cloud however that's. Not how most companies today operate, right we have a legacy we have, on-premise. Systems. So. That's the definite point so. Definitely we have some workloads, on-premise, we want to connect to a sure we. Want to leverage, the benefits a, cloud can have right like like spinning up new virtual machine basically, instantly, scaling, down scaling up all that stuff, so.
We Need to make sure that our own, Prem. Workloads. Can actually talk to our workloads, running in Azure. We need to be need, to be secure and need to be reliable, you, don't want to end up in a situation where, your main workloads, rely. On the cloud and suddenly. You cannot access it anymore right for, some network disconnect, or, something like that, so. We, need to plan that carefully, and see, what hybrid, cloud networking, Rek. Implementing. And, there. Is not one right answer as you probably know if you're in the car if you worked with cloud there's not one way or if you worked in IT there's, not one way of doing it there. Are multiple ways of basically, doing it depending, on your needs and requirements. So. First let me talk a little bit about what, we actually offer so first of all we have this massive, global, network, I'm. Sure you have heard of that we have like 54. Ash regions. Worldwide. We. Have hundreds. Thousands, of miles of. Fiber, optics, all over the world and this is basically our, Microsoft. Back-end. Which. We use for our SEO services but, also offer, for, our customers. To. Use that as well for their workloads, right, and. Next. To that we, also offer a ton, of, actual. Networking, services, right we, will not cover everything, in that session so for example we are offering protection service. From denial. Of service attacks, firewalls. Security. Appliances. In, terms, of delivery, we basically have. Like CDN, content, delivery. Networks, load. Balancers, and things like that we, also offer a rich set of monitoring. Solutions, to make sure that you know what's actually going on and then. We, have our connect part and this is basically the thing we're going to talk about today, this. Is like virtual, networks, virtual, when extras. Root VPN, connectivity. Just. To make sure that how do we actually, connect our on premise system. To. The cloud. And. Those are the services we spend all strand time on in the, next couple. Of minutes so. First. Of all it's very important, to assess your. Hybrid network requirements, right as said before it's very important to understand, what are your needs what are you planning to, put in the cloud and, and what, are you relying on and things, like that. This. Is very important, so you have to think about different things and just to make. Sure what's, involved, in all the networking part if you, could do if you think about it this slide shows pretty, good what like, a lot of technologies, which are involved some of them you, will not really touch like, you will not really need to think about it because we as Microsoft, provided to you so for example if you look at our smart. FPGA. NICs for, example, or our sonic, which is our open-source. Networking, operating. System and. Those are things they're just there you don't need to take care of however. If you move more to the right you, will see after. Virtual. Networks, load, balancers, firewalls, your. Pairings, your internet connectivity and, then, to end monitoring, solutions those are things we. As customers of azure we need to think of right you need to plan we need to have a look at how do we connect how, do we do that. So. We have a couple of questions so the next thing are I'm really gonna through a list of questions you have to ask yourself, basically, if you were setting, up connectivity. So, first of all two.
Workloads. Host of the nature, are the only Bieksa, bill SS, accessible. Over our corporate, network or are, there also accessible. From the internet right you have for example hosts, web sites or web apps which, are in Asia which. I want customers, or employees. To, access from everywhere, so do. I do that the, next thing is do, I need to restrict, workloads. I'm running in Azure from, accessing, the Internet right today you're probably working for a company which, server systems, do not really have access to the internet so do I need to do that in Asia as well and how we're gonna do that. The. Other thing does the asian network traffic need a single entry point and do, I need to check like do I want to have the single entry port or can have multiples, of those to better get better performance out of it. Another. Big question we have and I think that's also a big topic in the Netherlands, as, well as in other country in Europe we see that a lot is are. We trusting, traffic. Over the internet right are we trusting traffic, going over the Internet this can be compliance, or even regulations. Reasons. Why. We need to have a look at this right and we have a, couple of decision, to make to, make about. That. So. What, traffic, types go, through public internet right we can still encrypt those if you for example using, HTTPS, we, can encrypt the traffic, from, one point to the other. We, can use VPN. With. IPSec tunnels, for example, to encrypt, the network traffic or. We. Can use Express route and I will talk later in the talk a little bit about Express route, what. That what it actually means is. A private, connection to. A sure and. Not crossing the internet right it's, another option and the. Third option can be simply be that workload, I don't trust that going. Through communication, any way outside. Of my building so, probably that workload stays on prep right so, there are certain decisions, we need to make if we can have traffic the, traffic flow going over the internet I. Have. One. Thing I realized when I did projects, with customers, one. Thing a lot of time. People. Think it's not that important, we do that later is IP, addressing, right so we need to be sure what are we actually doing with our IP addresses. We. Have existing, on-premise IP, addresses, we need to make sure that we know what they are and that they probably not gonna be overlapping, with. The IP addresses we use in the cloud right, we. Will don't want to end up in situations where, we gave like two servers or two systems and different clouds or even on Prem the same IP address so in the cloud this becomes important, as well so we need to do an architecture. And figure out okay where do our workloads, on. Do. We need public IP addresses, for our services, or are there just all internal, as mentioned before and. Then how many of those and do we need to protect them, like. From outside, using, application, firewalls. And things like that, and. Another thing is if you are multi if. Your company with multiple locations. Do, we need connectivity, just. To Azure from, each of those things. Or do we need to have a branch. Talking, to another branch and not one location to them like sharing data with another, location. Or. The still we dad do that version. Another. Thing to think of and that's where I like by the way to mention something very, important, to me I, have seen a lot of implementations. Out there customers. Just starting, because in, Azure you can really, start really. Really quickly to deploy virtual networks VMs, you're really super fast deploying, is not the challenge and not the time critical part anymore it's designing, stuff right so, what I see from projects, they move from, classical. Infrastructure, projects, where, we did a small. Small design, phase where, we have, written the concept, the architecture.
And Then we had a couple of months of deployment, to, a completely, different model where we. Still do the architecture, and then, the deployment, only takes probably a couple of days because everything is so fast and it's, so easily to do so. The design becomes even more important. Right. If. You, do a mistake there and you deploy production, workload making, the things go way, and. Changing everything is more work than just the deployment, right so make sure they do the design for, everything right and what I do with most or we did with most customers, is we, started drawing in Visio where we like basically data visual design of the architecture, and we, took that and then, deployed, it in Azure, with different ways you can do that okay. Something. Else we need to talk about is also, namespace. And name resolutions, one. Thing I learned working in IT it's always DNS, so. This, becomes also very important, so if I have connected, my on, premise network - yeah sure I want. To make sure that, actually a server running, on premise can, actually, reach. The servers, running in Azure right so we have to think about name resolution we just don't want to talk with IP just IPS and then. In addition there. Are probably some remote clients, connecting, to VPN, to, your on-premise. Site, so. You want to make sure that. You, connect that as well. Good. We. Have some other questions we need to go through, is. To deploy, on, premises, deployment. Across, multiple locations so, again do I have, different. Locations. Not just one headquarter. Is. That something we need to take care of is. The azure deployment. We do for, certain, reasons in multiple regions regions, this can be performing, the region, performance. Reasons which. You can actually have like you deploy workloads, closer, to, your customers, or, it, can be disaster, recovery regions. By where. You say okay my workload is running. In West Europe which, by the way is the best region. Ever. And. Then I have disaster, recovery for example to North Europe right so in case of on one actual region is failing or something or workloads are failing I can still, do. That and. Then. If. I have multiple, sites do they all need to have connectivity to Azure or is it just for example my headquarter, right. And. Then. Again what do I use, VPN, connection, or Express route connection, from each of, the air to do each of the actual reasons if I it, regions, if I use multiples, of those. Good. Let's start with. The basics here I, think, probably, in that room and I like that about the Netherlands a lot of people already try - sure and they played around with it or, even working in production with it. But. There are also a lot of in-depth learning track new people to Azure so I want to show that first of all so, let's talk about virtual networks this is basically, a, secure. Boundary, network. Design between different services, and you. Can the, service is running in one v-net are basically isolated. From, services, running in Auto v-net as well you. Can obviously have multiple, V nets in your, subscriptions, and in different regions and. You basically think, that the limits is a couple of thousand, V Nets you can have there. In. That in those Ronettes you can can create like virtual subnets which. Allows you to do segmentation of, your different workloads, and we're gonna have a look at that how that looks like.
So. First of all virtual. Network you choose a custom IP, address, space, this. Is a private. IP address space you choose, to. Basically say okay those are all the IP addresses and this is again very important, usually, what we have is customer, defining, an IP address space and say ok all those, IP addresses, they are reserved for workloads, running in Azure right, makes it very easy, like. In design phase I say okay but this VM as this, in this IP address because it runs in Azure. Good. Another thing is asier. And virtual. Networks are assigning IP addresses. To those VMs automatically. There is no need for you to deploy a DHCP. Server in, Asia right as your virtual, networks and the software-defined networking, we use an azure if you create a new VM, and you join it to a virtual network it. Will automatically, get an IP address from that virtual network, and from a virtual subnet. And. Then again as I mentioned you, can do segmentations. Using, virtual subnet so you can say ok I want to have, a front-end subnet, middle, tier subnet, and database subnet, and. You can then use network security groups to, basically. Lock. Down those subnets and say ok the front-end can only talk to the middle tier using. That specific. Port and again. The application, tier can for example only use the sequel, port to basically connect you to see 2cool server database, system, or cluster. In the backend let's, becomes also very important if you want to do some. Some sort of segmentation, and. It also does some name resolution you, manage basically. The DNS. Servers, within the virtual network and, they, get assigned. Automatically. When you deploy a new VM. So. Let me quickly show you a quick demo nothing. Super fancy but, we're. Gonna get started. How. To create a virtual network, so. This is the azure portal I hope everyone. Has seen that one I already. Went to virtual networks. And what. I do is basically just simply say add a new virtual network I, give. It a name let's. Call that AMS. Net. And then, it gives me an address space I can choose that one or can change it to whatever I want I can have basically everything. Like. Whatever I like or whatever I think for the design is important, there, is no need for like, different. Customers, to have different, subnets, this. Is all multi-tenant. You, choose your subscription, you give it a resource group so, I will ignite. Like. Let's create a new one for this. IMS. They move Archie. And. Then I need. To create a default, subnet. Which. Is basically the first subnet, it will use for VMs right it does not make sense to have not a subnet, because I cannot, use it with anything. In. There and then you can also see that this is a slash 24, to, have a zoom in and. My recipe, which is part of that /. 16. Address, space the, next. Cool thing and I want to quickly highlight that I cannot talk too much about it it's the service endpoints so if you're using Azure services. Like Astro sequel and things like that they're using usually, a public, IP address, and if you write if, we have the discussion, about staying. Just on, like with our private, network we don't need to expose anything, to the public, Internet and we, can you know use service endpoints, for different services. And. We can say okay for. Example I do a, sequel. I expose that only to my. Service. Endpoint from. That virtual network I can, do that as well. Perfect. And then we create that virtual network I'm. Sorry. That's. Just so like a sequel for example. Or. Disable, it. And. I create that virtual network and in a couple of seconds after virtual, network on to network created so. What. For, those who haven't worked with that yet, what, is mind-blowing, is if you were coming. From the on-premise world and you, needed to do that with, your networking, team right on premise that, took probably, to create a new network and you VLAN that depending, on your processes. And structure, and organization. That, takes for air it takes a lot of time right. So a measure that really, can take the, cloud can really speed, things up here, okay. If. That go back to the slide. Nobody's. That was the simple stemmer I had another, thing, okay. So, how do we know we have the virtual network now in the cloud we can deploy services. In, that virtual network, how, do I now connect from on-prem and I. Have basically three. Primary. Connectivity. Options to. Connect it first. Of all I can use VPN I can. Use Express, route or I can. Even use and extend it Express. Route with VPN failover right those are basically the options I have for. That. Okay. So, I can deploy, a site-to-site VPN. From. Our on premise network to action so and usually I have an on-premise Network I have servers I have network appliances, I have clients, in. My own premises, network, and.
I. Have, a gateway. Which. I then can. Use to good connectivity I have, an Asha subscription. With. A virtual network in there the things I just created, and, I. Can then create a virtual, network gateway. And. Connect that using site-to-site VPN to, basically reach the, services, and servers. I created in that virtual network right very, simple, that's basically I would just do the same thing if I have two officers, and I want to connect them to each other the, same same, principles, apply here as well. So. This can look like this if you look a little bit more in design face so you can see we. Have like 10.1. In. Azure behind. The virtual network gateway, those of the 10.1, networks, are. Our virtual, networks in Azure and then we have our on-premises. Side 10. Dot 101. These. Are basically our our. Networks, we use on. Prem. Good. So, a couple of things to deploy. The site to site VPN connection. So, we need a device obviously on Prem to do that or an, appliance to basically do the VPN connectivity from, our network. It. K we had we gave a guarantee of 99.9%. Availability. But. Only for the VPN gateway right since you're connecting, over the Internet we cannot, guarantee you, the, internet connectivity. We. Cannot tell you that like you're not responsible, for the end-to-end. Scenario. In that case so we can only tell you ok that's, that's the SLA we gave you for our VPN gateway running in Azure and. Then. Something else to, mention is that VPN. Connections, one connection can only go up to one gigabyte, so. Probably we need to do, multiple. Connections, to copy or overcome, that limitation. And. Then. This, is basically encrypting. The traffic, which, goes over the internet from, our on, Prem Network. So. Again we, quickly go and have a look how, that can look like in a full deployed, environment. However. Yet so first of all our on Prem network. Again. With servers, and an hour gateway and then, we have the virtual network in. Azure. We. Create a gateway, subnet, this is a subnet, inside, the virtual network, which. We deploy, the gateways, on write the gateways get the IP address out of that subnet and I will show you that in a second, how that works this, is a predefined. Subnet, and it also needs to have that specific name, right you cannot change that name for a VPN gateway. Subnet. And, then we have our other subnets, like. As I mentioned for the web tier business, tier or and dated here which. We have for example load balancers, in front of it to basically distribute, between, the networks. Good. So let me quickly show you how you create a virtual network gateway. And. That we have a quick video so, here is the network we, the. Tailwind traders use. If. We go in here the first thing we need to do is basically as. An additional, subnet right, so, we go in here and you can see there is a button called gateway subnet, can. Use that and then the name is grayed out that, is where the subnet where our virtual, network gateways get deployed, I can. Define the range there the South IP addresses, whatever I like and. Deployed. A specific, subnet. Again. This will take a couple of seconds to deploy and the. Next thing is now I actually. Need to deploy a virtual gateway, right so. I'm going to deploy that. Let's. Say create a new, one. And. Then. You can see here that I need to give it a name I can also choose the type can. You say VPN, or Express route gateways, I can do route based or policy, based. VPN. Configurations. And. I. Can also select the sku so, there are different skews and I will show you that in a minute with different performance, and availability levels. I, can, now say okay I want to connect it with a specific v-net I just created and I, can also if, I do choose. To write skew I can say I want to have an active, active, VPN. Gateway deployed measure instead, of an active passive configuration. I can. Give that. VPN. Gateway a public IP address, or I can, use an, existing one I already use the Nasher and.
Then, I can just go and deploy to do, so this, will now create the, virtual network or. VPN gateways. In Azure and, with. The magic, of video, editing it's already there. For. The people who like. Denote. The, time it takes a couple of you cannot take it up to an hour to deploy a virtual network gateway, this. Is because in the backend we deploy kind, of like virtual machines which, to the. VPN configuration, and. Basically. The gateways. And. Then, I can go in now and do the VPN. Configuration, form. With my own premise side and manage, that. Good. So. This. Will basically this, subnet I talked about this, will basically host, as I said weep, the IP addresses, of that virtual gateway. To. Use. Some. Hints here do, not deploy, any other workloads, in that gateway subnet, it is only designed to beaver to, be used for this gate 4 gateways. As. Mentioned. It needs to be exactly, called. Gateway subnet, and. The. Size of edges recommend to be is less 26, 27, or 28 depending. On your needs but those, are basically it doesn't need to be a 24. Like in the demo. Depending. On how, much our users and please. Don't also don't assign, any network, security groups to that subnet right, if you have all the subnets you do that that's one of our press practices, but, don't, do that to the Gateway subnet otherwise, you will break things I. Was. Talking about a different VPN skews this is a print screen from the azure. Website. The documentation, page which is by the way fantastic. So. You get there the information which skew to choose and you can also check you, think that they have different pricing, depending. On what I pick right. So. You can see here different gateways. And I mentioned, that our Gateway only can have one gig but, a gate we can have multiple connections. Right so you can go up and take the highest queue you can have one point two five gigabits. Throughput. For that gateway however. Again. It needs to be done multiple connections. So. VPN. Is one thing but what if I need like a little bit something, like let's, call it faster, or more secure, or I, don't want to go over the Internet there's, something called extra, suit right, this is our solution which basically connects, customer, and gives them a private, connection to. Our cloud, services. So. What. It does it gives you more performance, usually more fruit put low. Latency. And. Again, no, connect, node not, traffic over the Internet there are two flavors, one. Is the azure private, appearing for virtual networks the blue one here this. Is the one that you can think of like replacing. Your VPN, connectivity it's just the same things I just did there, is also a flavor which, is called the Microsoft peering, this. Can be used to peer to office 365 and. Azure services, which use public IP, services like if you do appearing. For example if you use a short backup or a backup, as a service, those, can be, leveraging. Those peering, solution so, a quick question in, the room who. Is who is using or who is using express. Route in their company, awesome. That's good that's what I like a lot of hands going up, means. That those companies are usually very serious, about, your error and cloud deployments. So. Extra suit it. Offers up to 10 gig and. I will talk a little bit more about that in. A second, of. Corrective, 'ti again. It's more reliable it's faster, and it, has lower latency, than when you connect through, the internet I mean in, the end in the Netherlands you're pretty close to arrest your datacenter. However. Think, about other countries which are further away they have sometimes a lot of latency. To. A national data center that's why we are bringing the data centers, closer to the customers, and. Again. Traffic does not pass through the public Internet and here. We can give you an SLA, for, an entire connectivity. Together if the service provider you're using or partner you're using we, can guarantee you an SLA, and, all the way down to your connection. So. What are the challenges with. Extra, suit extra, suit is not available, in all the locations we are offering there are some specific, extra suit locations, and regions where we can. Go to. It. Can be complex, to configure, the people who just raise their hands, probably know what I'm speaking of and. A little bit more work than just deploying a VPN gateway, and. There's, usually a third party provider involved.
In Connect, building, the connectivity, to Azure and. To do so and. It. Usually, also needs like if you want to go up the chance of 10 gig networking and things like that you also need a little bit more equipment than. You. Had before with. A one gig link right. So. How does in architecture, with extra, suit look like so this is the same thing we just talked, about a little, bit in our talk, extended. With extra suit so, again you have all your on-prem network every, gateway and. Then you have something, called the Express route circuit, which is basically the configurations. From. The local, edge routers to the Microsoft edge routers, and then, you have basically the same thing as you had before with, the with. The gateway the, virtual network and. Your application, peers. And. What we can also do is in case, of that fails we can create a VPN, gateway, as a backup, or failover scenario, so when that connectivity. Which is usually. Highly redundant, if that, should fail we. Can still set it up and use a VPN gateway, to do that as a fallback. So. For. Those who are already deployed workloads. It's like Thomas. Yeah. But who, only deploys, a web to your business to your data tier just. Like that in Asher and does not have different departments does not have different teams, we. Probably use multiple, virtual networks, and, things like that to split to isolate, different things do. We need then have a gateway for, every, single subnet or for, every single v-net and so. If, you're, a bit more of that we have to hop and spoke model which. Addresses, exactly that so, think about you, have an on-premise network again you, have your ashes description. And you, create something called the hub be net very deploy your gateways, in and also, some shared services, like domain controllers, or other, azure services, in, there this can be as your basically your shared subscription. And. Then you have other ones right, you have for example a B net or a subscription, for a specific application. You. Have AV. Net for for example a specific team, or a subscription, for a specific team which creates a V net where they deploy their services, and then. Or for, a different service as well and then we use oh sorry. For that, we use V net peering to basically peer to that hub network, so all the traffic, and it's. Basically routed, over that hub network, and we, have connectivity to our on-premise, network using, the same gateway right, I'm.
Sure A couple of people in the room have deployments. Like this this, is definitely something to do when. You're doing, that at scale. Good. Something, else to mention at ignite, last. Year in Orlando, Microsoft. Announced expressroute, direct, this, gives you, a direct connection, to Azure with up to hundred, gigabyte. It's. Designed, for customers. Which. Are have this massive data. Requirements. Or for. Service providers which probably have multiple customers. Which, one to connect to a sure. And, again, it's right now in preview, so you can basically, contact, us and, talk to us about that, Express. To direct. Another. Thing we also announced back there is extra, exclusive. Global, reach so, you can use our back-end Network basically, and connect with Express, route to also connect your different. Locations, using. Express route. And. Then. The, next announcement and this is already a part. A part of it is already GA is as, your virtual LAN so, you can imagine if you ever set up the hub and spoke model you. Know that's a lot of like still a lot of work a lot of configuration happening. So. We try to make that easier, and like. Words, like Estevan, or we, call it virtual when. Coming. Here to help so, what you basically set up you set up a hub in a region and then you can connect via nets you can connect different offices. Branch offices, Express, route connections, even, point to site connections, today. Supported, with VPN connections, and its. General available, with VPN connections, and v-net. Express. Route and point, aside connections. I think are in preview, or will be coming later to. That but, it should make it easier and it, can be even automated, so if you do a new, location, or add a new location, you have automated, set up to do that and. The. Next big thing you have also is you get a dashboard where, you have a great overview, of all, the locations all, the services, connected. To. That hub network, fortunate. We cannot spend too much time on it because I have a couple of other things I want to show you but. This, is a pretty cool way if you want to do it and it also is works. Together with, for example a virtual firewall which, we will talk in the next session a little bit about it. Good. So. Those are two things. When. You think about networking, you should have a look at right there a couple of things and you can see we can go from virtual network which is a very simple example then. All the way up to a hub-and-spoke. Design, and. Using, virtual, van and and other technologies, as well but. We have other things as well so let's talk a little bit about hyper networking, and you probably, all familiar that Windows Server 2019, was released, together. With, Windows. Admin Center we offer something called the area network, adapter, and. What that does is basically it's. Designed, for your single, server instance, very host somewhere, at, a service provider in one branch office, where, there's no real need to deploy in a VPN. Appliance or, something but you still want that server to, talk to your error services. Right. So. This can help and. Basically what it does it sets up a point to site VPN, connectivity. With. The Azure virtual, network, gateway. So. For that I want to quickly do a demo on that one. So. I have, here a. VM. Running on, my notebook here right and I this is just a simple hyper-v, VM no tricks here it's Windows Server 2019. And. I want to connect that to my Ash's services, or my, virtual network in Azure that they can talk to VMs, so. Let's have a look at quickly at that VM. I'm. Running Windows admin, Center on it for those who haven't seen it this is basically a web-based. Server, manager, where. You can manage your servers, multiple, servers of those you. Have a replacement for local only tools you can see and. Have some metrics, here about what's going on I also. Have some tools here, if. I can zoom in like. Registry, and things like that how cool is by the way a web-based, registry. Editor just the, thing. The. Only thing I did, in. That demo which I prepared basically, was, I already set, up the. Windows admin center to be connected, to a sure or registered. With Azure right. I use. This registration, so the admin Center can now out directly, deploy, services. And configure services, from, this console, I don't need to go to the azure portal, to. Do that. So. What, I have in Asscher I have, a VM. The. VM serum. One which. I want to connect to from my system right and you can see it does not have a public IP address and if I go to the network configuration, if. I zoom in here oh. Sorry. About that. To. Do this.
Okay. Go. Back to that so, you can see I don't have a public IP address, but I have a private, IP address now what do you think what happens if I ping that IP address. Surprise. I will, not be able to access that server, in. The running in Azure from, my system. Here right because how would I how. Would that work, so. When. I go back to Windows admin center I have. An option here under the networking tab to. Basically create a a sure network, adapter. Click. On that one quickly. The. Login screen and. This. Now allows me to set up this point. To site VPN connectivity. I basically. Choose my subscriptions. You can see I see all the subscriptions, with my account I can, then select, the. Specific region, where. We deploy things and. Choose the best region, again. I, see. Then automatically, see all the virtual networks which are running in. That region or I have created in that region. You. Can also see the AMS, net, I created before. So. On I can choose one of these networks and if. I choose a new network, which does not have a gateway deployed, it, will automatically, ask me what kind of like Gateway do you want to deploy if, I for example select one, which. Already has a gateway the, fields are obviously grayed out and I can basically not, change that because the Gateway already exists I can, then say ok please Auto generate, a self-signed, certificate, or please use some other certificates, I provide I, already. Created that so I have my own network, adapter. Here you say it's at the moment it's disconnected, so. What I can do here is I can click on connect. This. Basically, starts up the site-to-site VPN connectivity. And. When. It works yes. Successful. You. Will see that, I now have connectivity. To that VM directly, from my machine here which. Is pretty cool if you have the single service systems you quickly want to do something or you want to even, in the long term connect, that to a national network very. Simple, completely. Baked in to Windows Server and windows admins enter. Quickly. Go back to the slides. Ok. The. Next thing there's. Not just like, moving, traffic over, VPN, and Express route right we can also use Azure services. To do so and we can use HD leverage 80 HTTP. Connections, to, do that so, we, have a hybrid, file, share solution, there which.
We Have to, basically help you with those file servers, you may have. So. Who. Has file servers, who is using faster than the company like I think all the hands usually go up and it's good. We. Use technologies. Like DFS, and DFS, r2 for example replicates, or who is using DFS, are to replicate ok, awesome loss fans who likes using DFS, are to replicate, Oh. A. Couple. Of hands ok but, still yeah. It's not that much fun I think if, you see this you will definitely. Like this better I can promise you that so. We have some challenges again the ftfs, or. DFS are for their applications. We. Have problems, for example that volumes run out of space right, we need to check all the time like do we still have enough space on our file servers or a monitoring, solution gives us the information however. We need to check that we have enough space and data. Can also get, corrupted and then we need to restore, and and, basically go from a backup and things like that and usually restoring. A large. Amount of files and file service also takes a while. So. Again. What. We are dressing with that is replicating. Files and folders and making them available to, all the locations you want to. We. Want to make sure that your volumes do not run out of space, I'm sorry, say ok I set up a file servers 10 terabytes of storage I want to make sure that even, if people store massive, amounts of data I don't want to run out of that and, then I want also what I also want to do is make the backup, process, a little bit easier and, better especially, also for disaster, recovery when, you lose a server or used to lose. The whole file server. So. What. We have here basically is, a. Chef I think that's the thing basically. Which addresses, that so, think about having, a on-prem file server this one is in New York we call it a server one. And. Obviously, clients, are accessing, that file servers, users, are accessing that file service applications, they use SMB, or NFS, or whatever it's a normal file windows, file, server as we had it can also be having those files over cluster. So. What we want to do is you. Want to replicate that. File server, to. Actual files all right as your files is basically an SMB file share. Which. Is hosted in Azure and we want to replicate that data today that, has a couple of advantages so.
First Of all we, can do cloud tearing, so. We can say ok, I want to keep like I have 10 terabytes of storage I want, to only use 8 of them two, of them are kind of like a resource, and so, all the old files I have files, which are probably old not used for 30 days or even longer I. Want, to tear them off to the cloud right they should stay in the cloud if someone, wants to access it we, get it down from the cloud you, can access it you, can work with it but. If I don't need it like then. It's stored in the cloud and does not take any disk space on Prem. Another. Thing is we have cloud access so. Whenever, for example someone needs to have to access to the file into file service for example not available, I can also go and access, that Asha file share directly, from a machine if I want to if I have to write credentials, obviously, and things, like that and. Then. What, we also allow is to do multi-site. Replication. So, we can replicate, that. Files. Over that specific file share to. Another location let's say it's server 2 which is hosted in Seattle, so, we can replicate that so both of those, officers, have the same type of files, at all the time available right. And. Then. Why we store the files in Azure so why not just back it up using Azure backup so why not just take, the whole file share and pack it up in Azure. And. Then. This, has a lot of advantages so. What if for, example now file server 2 fails all right what I'm gonna do I can, say ok everyone can go home, we. Will see you tomorrow maybe if the restore was fast enough, we. Found your file sync what, we do is we, set up a new server, we. Install the azure files engagement, and connect. It to the specific file share and it immediately downloads. All the metadata so all the folder structure and the, files, are basically. There so, people can already access see, them and access them and when a person access, that specific, file it will download it directly from, the cloud so you have a super-fast disaster, recovery for, your, file. Servers, and. Then you can always say I want to cache the newest, files again and if it has time and bandwidth, it will will download, all the files again. So. That's pretty cool right it's. Kind of like I compared, with I don't know if the team likes that but I compare, it with onedrive, for servers or file servers, right. So. What. Do we need to do to set something like this up it's pretty C pretty easy so, first of all we deploy a storage. Sync service that's what we call basically that, the. Container, very very, add all those servers and and file shares we. Then install, the, edge of file sync agent, and register. Our servers. Our Windows servers together. And. We create a cloud endpoint. Which is basically the edge of file share where we put over all, the stuff that's stored in the cloud and we create a sync group. Using. Those servers and the, a file share make sure that interesting they are in sync and, as. Add that first server and, then. We can add other servers, to it as well right, that's basically the steps and I'm going to show you that. In a quick demo how. That looks like. Before. We do that here are some of the requirements, you basically just download this ashraf as an agent, the portal will walk you through the, only thing we need basically in terms of network is outbound, of port 4 for free it. Can be configured also. Using a proxy I highly. Recommend that you update, the agents when there are new versions available because, they improve performance, and reliability obviously. So. Let's switch, quickly. To, a Asha fasting. Demo, so. Here. We go again. Let's. First create. That file sync, service. I was, speaking about so, that's. Very simple we just select a give it a name. We. Choose again a resource, group or create, a new one and then, we deploy, that. Filing service this. Will take a little. Bit of time. And. When the deployment, is done I basically, can go and things like that so next thing I install, the, Ashraf, as engagement, on the Windows server and, downloaded, that already I go basically to the Installer to next next finish.
Go. Through and after they installed now, this is just a software the piece of software we are using now. The next thing we need to do we need to register that server. So. We can see that Nasher so I need to authenticate with my user this. Is only a one-time thing this is just the right thing obviously gonna, use multi-factor authentication do. That select. The subscription, and then. I picked the resource group and the storage sync service I just created. Alright I select, that one so I can have multiples, of those different, servers. Different, sync groups and things like that and, now, this server is registered. Now. The next thing we need to do is creating, that cloud endpoint, which is again a storage. Account with an azure file share so, we create a storage. Account in. A sure. If. That storage account a unique name and. If. You're lucky it's unique. Create. That one. And. This will take a couple of seconds to create at a storage account. Validate. And. When the deployment was successful I, go and can quickly have a look at that storage, account if I, then, scroll. Down to, files to, Azure files I can go there and can, create a new file share, and. Then call that tail Docs and. Site. And, then I go back to the Azure filing, service, to. Basically go and add that files or file, share to, the sink room so, first of all we create a sync group making. Sure that all the file shares in that some group those are the thing the the file shares which get synced I. Select. The storage account I. Just. Created and, use it specifically, the file share I just created this is my cloud endpoint. Which. I want to use and, if. I go back to the server you can see on. The blue. Server I had three folders. It's. Now already sinking, so, I add, the server to that and. Take the first server that's the blue server I. Say. Ok the path and you have seen those free folders, right so. Those are the three folders, which are hosted on this, fs0. To. Enable. Cloud tearing, ok, I want to have 50% of, the volume should be empty and I, want to cache all the files which are newer. Than 30 days. So. Now I added my first server its, provisioning. And it, says ok it's synced so. If I now go back to my file share guess, what. Those. Free servers I just had on the blue server they showed up right they were soon they are now assumed, to that as a file share if I modify them, they, will show up there. Now. Let's go back to the sync, group and add another server, I now, are at the purple server which had note files on it right no folders in that phone scenario. And. Again. Configure, cloud tearing. Enable. That and. Configure. Caching, and way I like it, and. Again. It's a provision, in this I now go back to my server the purple server it now also has those free folders, and, the. Blue folder the, blue servers as well so now let's create a new folder, folder. For and. Let's. Go to the purple server and create a folder 5. If, I now hit refresh. You. Can see I've had all five folders, on the purple server and I. Also have all five folders, on the. Blue, server right and obviously, this notice does not just work with folders this also works, with. Files as well. So. This is basically a super easy way now to replicate. Those files and you can see you now with that demo you can see why I call it like a little bit of onedrive for file servers, because it does apply the same principles, it syncs your folders. It, has tearing and all those options, just. For a little bit more. Bigger. Amounts, of data. For. Those who have to look at a file so you probably, have, seen that there is a limitation of the ash of file share which you can deploy right now I.
Think, At ignite we announced that as your file. Shares. Become bigger I think up to 100 terabytes so if that was the case we could not really use it because your files shares. Were bigger than five I think five terabytes. You. Can now when as soon as it becomes available you can, use that. With. If. Your file servers. Good. So. We have a couple of minutes left I want to do some housekeeping here so in this session we basically talked about what. Are your hybrid networking, requirements. How, do we connect, our hybrid network using. VPN, next recruit we. Talked quickly, about, the actual network adapter, which is built-in, in Windows, Server which does a point. To site VPN connectivity. To, rasher environment. And, we. Also had a look at every, file sync which basically helps you to with. Your file servers you deployed and they have different locations, and backup, and disaster recovery. So. If, you want to learn more about those topics, I. Highly. Highly recommend, our, talks. Which. Have here we have a list created a list here of our Docs to. Specific, topics like for example the virtual networks VPN, gateways, as, your, files and side-to-side VPN, connectivity that's. One thing. The. Other thing I want also you can down this presentation, and you can get like the code and everything, everything is open source so, you can go and get that stuff and. Rebuild. It in your. Own environment, especially the demos if you want to try it out. We. Have the next four sessions, in that learning Trek one, is about securing, your Azure Network environment, which is in the auditorium, which I will be heading to it, right now after that session and then. We have Auto set very fantastic, sessions, in managing, and maintaining your environment. Adric. Governance, and also. The last session then of today business continuing, and. Planning. So. Very, important, that it's also something I learned by working for Microsoft now. Session. Evaluations, are super important, I definitely, want to come back to the Netherlands so. Please. Fill, out your session in relation tell us what we can do better but, also tell, us what we did well and. Then. I also want to give, a shout out to our team we run, a block called IT ops talk comm, we, are focused, on IT and, cloud operations. And we. Basically cover topics from Windows Server but also as your IT Pro topics, as well if. You have any interest, in a blog or something just let us know we, monitored, the Asch hashtag. Ac ops on Twitter so if you have any questions, you can always, bump. That out and use that hashtag and we will see if we can answer it and, then, obviously also. Follow me on Twitter and follow. That great fantastic, blog. Some. Of that thank, you very much and hopefully see you in the next session thank you very much. You.
2019-04-08 10:28
