Design, implement and manage a Point-to-site VPN connection (AZ-700)

In the previous blog post, we covered Azure Site-to-Ste VPN. As part of the Azure AZ-700 Study Guide, this blog post continues with another hybrid networking technology that allows client endpoints to connect to Azure vNet infrastructure. Besides connecting your headquarter and branch office networks to Azure, it is also vital to have an infrastructure to provide connectivity to your mobile users. Using Point-to-Site Virtual Private Network(P2S VPN), client endpoints can connect and use Azure services. You can implement P2S VPN on Route-based Azure VPN gateways and provide a secure connectivity option to your users.

Continue reading “Design, implement and manage a Point-to-site VPN connection (AZ-700)”

Design, implement and manage a site-to-site VPN connection (AZ-700)

Design and implement a hybrid networking infrastructure is part of every cloud adoption project. Organizations planning to embrace public cloud services and migrate resources to Azure usually need communication channels between the on-premises environments and Azure. One of the widely used technologies that provide the required communication channel is Site-to-Site Virtual Private Network (S2S VPN). To deploy such a communication channel, you will set up a VPN IPSec tunnel between an On-premise gateway and Azure VPN gateway. As part of the Azure AZ-700 Study Guide, in this blog post, we are going to explorer Azure S2S VPN

Continue reading “Design, implement and manage a site-to-site VPN connection (AZ-700)”

AZ-700 Azure Network Engineer Study Guide

A few days ago, Microsoft introduced a brand new certificate titled Azure Network Engineer Associate. Since networking is one of the core elements of any cloud infrastructure, it is crucial to educate the Subject Matter Experts in planning, implementing, and maintaining Azure networking solutions. AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam should be taken and passed successfully to achieve this certificate. As a firm believer of certification programs and someone who has been working in the IT industry for quite a long time, I would recommend taking the training and AZ-700 exam to those who work with Azure networking. The reason behind believing in the certification programs is you will learn the required concepts based on a proven learning framework.

Continue reading “AZ-700 Azure Network Engineer Study Guide”

Site-to-Site VPN between NSX-T and Azure VMware Solution – Part 2

In the previous blogpost we went through Azure VMware Solution(AVS) IPSec VPN setup and to complete hybrid networking between on-prem and AVS we need to configure NSX-T gateway too. As we discussed the target architecture would look like the following diagram.

Continue reading “Site-to-Site VPN between NSX-T and Azure VMware Solution – Part 2”

Site-to-Site VPN between NSX-T and Azure VMware Solution – Part 1

When it comes to connecting an on-premises VMware environment to Azure VMware Solution(AVS), ExpressRoute is the recommended & preferred connectivity method. But in some cases using a VPN tunnel is the only viable connectivity solution to AVS environment.

NSX-T Tier-0 or Tier-1 gateways could be used to connect on-premises VMware environment to AVS. On the Azure side, Virtual WAN(vWAN HUB) will be provide the transit connectivity through a ExpressRoute Gateway into AVS infrastructure. I am going to walk you through the configuration of both NSX-T Tier-1 GW and Azure Virtual WAN to have a complete setup.

Continue reading “Site-to-Site VPN between NSX-T and Azure VMware Solution – Part 1”

AVS Hybrid Networking with NSX-T

When it come to setting up a hybrid cloud environments, one of the most important topics is networking. It is usually comes down to stretch on-prem network segments to the public cloud environment. This blog post is going to simply describe NSX-T architecture on AVS as the default networking and security stack. If you are new to AVS you can read Introduction to AVS blog post first, and then continue with this article.

Continue reading “AVS Hybrid Networking with NSX-T”

Azure VMware Solution goes into GA

On September 22nd 2020, during Ignite 2020 , Microsoft announced the general availability of next generation of VMware Azure Solution(AVS). If you want to learn about basics of AVS, you can read my previous blog post on Introduction of Azure VMware Solutions. Now AVS is now generally available in four Region at US East, US West, West Europe (Netherlands) and Australia(NSW). AVS also going to be available in Japan East, UK South and South Central US in the near future. You can check the availability of Azure VMware Solution by checking Azure Products by Region page for details.

Continue reading “Azure VMware Solution goes into GA”

Introduction to Azure VMware Solution (AVS)

Azure VMware Solution (AVS) enables you to run VMware SDDC stack natively on Azure to build-up a hybrid cloud infrastructure. AVS is a VMware validated solution that being delivered by Microsoft on Azure environment. According to Microsoft’s release statement in May 2020, “You can provision a full VMware Cloud Foundation environment on Azure and gain compute and storage elasticity as your business needs change”. Popular scenarios for this solution are datacenter footprint reduction, On-demand datacenter expansion, disaster recovery & business continuity and finally application modernization.

Continue reading “Introduction to Azure VMware Solution (AVS)”

NSX-T 3.0 SSL Certificate Replacement – Part 1

NSX-T installation comes with a out of the box self-signed SSL certificate. Because of security and compliance reasons, most of customers want to replace default self-signed certificate with a CA signed certificates. We have been looking for guide that explains how to do this step-by-step but unfortunately we couldn’t find one! There are some very useful guides like this one from VMware but as you read through, you realize the documentation is not complete. So to make story short, we looked around and ran SSL certification replacement.

https://miro.medium.com/max/1200/1*3Ntz8MAEObg_dW10I9-RfQ.png
Continue reading “NSX-T 3.0 SSL Certificate Replacement – Part 1”

Configure Virtual IP for NSX-T Management Cluster

Now that we have finalize deploying three managers in NSX-T management cluster we can go ahead and configure a Virtual IP(VIP) on it. We can use NSX-T internal mechanism to set an IP address on the cluster or setup an external load balancer in front of NSX-T managers. Configuring VIP which is recommended by VMware is more simple but using a LB would load balance traffic among NSX-T managers. This is a design question and should be chosen based on requirements and customer needs.

Please keep in mind that if you want to choose this approach, you need to have all NSX-T managers are on the same subnet. In this case, managers are attached to SDDC Management network. To configure Virtual IP, login to NSX-T Manager UI, choose System and on the left panel select Appliances then click on SET VIRTUAL IP option.

Continue reading “Configure Virtual IP for NSX-T Management Cluster”