vRealize Suite Lifecycle Manager – P1 Introduction & Deployment

If you are using vRealize Suite’s solutions like vRealize Operation, vRealize Automation, or vRealize Log Insight, then vRealize Suite Lifecycle Manager(vRSLCM) comes in handy into day to day operations. This product automates the deployment, configuration, and upgrade of the vRealize Suite. If you plan to deploy any of vRealize products or even automate the Day 2 operations like certificate replacement, then vRSLCM is a go-to tool for your use case. It is also worth mentioning that some products like vRelaize Automation(vRA) use this solution as a built-in tool for the deployment process. It is recommended to deploy vRSLCM first and then deploy and other vRealize Suite products due to ease of installation and configuration orchestration. But if you already deployed any of the suite’s products, you can also add them into vRealize Suite Lifecycle Manager.

In this blog post and following video tutorial, I show you how to deploy vRealize Suite Lifecycle Manager with Easy Installer and lay the foundation for the rest of vRealize Suite products deployment. The license for this product is included in any edition of the vRealize Suite licensing package.

Continue reading “vRealize Suite Lifecycle Manager – P1 Introduction & Deployment”

NSX-T Distributed Firewall – Part 2

In the first part of NSX-T Distributed Firewall, I explained the importance of embracing NSX-T DFW. In this post, I review how you can create and apply firewall rules to implement Micro-segmentation. To create firewall rules, first you need to define a Policy section which basically contains one or more firewall rules. A policy in NSX-T DFW can be defined as stateful or stateless. In the case of being stateless, you need to define the rules in both directions. Otherwise, the reverse traffic is not allowed to pass. On the other hand, in the default stateful mode, when you define a rule it will apply bidirectionally.

Then you need to define the rules under the policy section which evaluates the criteria of a traffic flow. DFW rules determine whether the traffic should pass or get dropped based on the protocol and ports.

Continue reading “NSX-T Distributed Firewall – Part 2”

HCX Enhancement for Azure VMware Solution

Earlier this month, VMware released a new version of HCX, the powerful multi-cloud migration solution. With the help of HCX, you can easily migrate your virtual workloads between private clouds and, more importantly, to public cloud environments like Azure VMware Solution(AVS). Additionally, when HCX is being used in conjunction with public cloud SDDCs like AVS, cloud migrations would be as easy as running a vMotion internally inside your data center. Sounds great, isn’t it!

""

It is also important to note that many enterprises are using only site-to-site VPN as the connectivity method for on-prem to public cloud infrastructure. Because of this, formal support of HCX over VPN underlay has been asked by many organizations and customers.

Continue reading “HCX Enhancement for Azure VMware Solution”

NSX-T FQDN/URL Filtering

NSX-T Distributed Firewall (DFW) is one of the most comprehensive solutions to provide micro-segmentation from layer 4 to layer 7. It can monitor all the East-West traffic on your virtual machines and build a Zero-trust model. To leverage the DFW, vNIC of virtual machines need to connect to NSX-overlay segment, NSX VLAN backed segments or vDS port group supported from vSphere 7.0. The benefit of using DFW is that firewall rules apply at the vNIC level of virtual machines. In this way, traffic does not need to traverse to a physical firewall to get identified if the traffic can pass or drop, which is more efficient. This article will focus on using DFW to enforce L7 (FQDN/URLs) filtering.

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRZKbXr1N2xyg1LZSgLbAcyotp7o28mhU6gnA&usqp=CAU

You can give internet access to a VM or a user who login to a VM by Identity Based Firewall or even take one step further and control which specific URL/URLs are allowed to get accessed.

Continue reading “NSX-T FQDN/URL Filtering”

Design and implement name resolution (AZ-700)

As cloud network engineers, we should ensure that name resolution functions properly both in on-premises environments and public cloud infrastructure. As part of the AZ-700 Study Guide, this blog post will discuss the deployment of DNS service on Azure. It is vital to set up the DNS service because, like Microsoft Azure, we still need to resolve FQDNs to respective IP addresses on public cloud infrastructure. In addition, we might also need to utilize DNS to discover services. Microsoft Azure provides both public and private DNS zone for Internet and internal name resolution. There is also a built-in Azure-provides DNS that works by default on vNets, and if needed, there are custom DNS zones available to use.

Azure DNS in Microsoft Azure
Continue reading “Design and implement name resolution (AZ-700)”

Design and implement private IP addressing for VNets (AZ-700)

The previous AZ-700 Study Guide blog posts covered Site-to-Site VPN, Point-to-Site VPN, and Azure ExpressRoute. In this post, we will explore private IP addressing in Azure Virtual Networks(vNets). The fundamental building block of private networking in Azure is based on vNets. This construct is a Layer 3 networking construct and has CIDR-block attached to it. This CIDR-block represents the private IP address space that network components can use on your Azure infrastructure. Proper design and implementation of this private IP addressing are crucial due to its effect on all other networking design decisions and deployment in Azure.

Continue reading “Design and implement private IP addressing for VNets (AZ-700)”

Design, implement and manage Azure ExpressRoute (AZ-700)

In two previous posts, we covered Azure Site-to-Site VPN and Point-to-Site VPN. The next objective of AZ-700’s Hybrid networking is designing and deploying Azure ExpressRoute. ExpressRoute is a method to extend your On-Premises network into the Microsoft cloud with the help of ExpressRoute service providers. If you need a private/high-speed connection to access Microsoft cloud services like Azure or Office 365, ExpressRoute is the right solution. This connectivity method doesn’t use the public Internet, and thus it provides higher security, more bandwidth, and higher reliability than Site-to-Site VPN. Many organizations want to avoid public Internet for cloud extension in terms of networking, and here is where ExpressROute could shine as the proper solution. The private connection is provided by specific connectivity partners, and based on your location; you have few options to choose from.

Diagram som visar hur ExpressRoute-kretsar ansluter din lokala infrastruktur till Microsoft via en anslutningsleverantör.
Continue reading “Design, implement and manage Azure ExpressRoute (AZ-700)”

Design, implement and manage a Point-to-site VPN connection (AZ-700)

In the previous blog post, we covered Azure Site-to-Ste VPN. As part of the Azure AZ-700 Study Guide, this blog post continues with another hybrid networking technology that allows client endpoints to connect to Azure vNet infrastructure. Besides connecting your headquarter and branch office networks to Azure, it is also vital to have an infrastructure to provide connectivity to your mobile users. Using Point-to-Site Virtual Private Network(P2S VPN), client endpoints can connect and use Azure services. You can implement P2S VPN on Route-based Azure VPN gateways and provide a secure connectivity option to your users.

Continue reading “Design, implement and manage a Point-to-site VPN connection (AZ-700)”

Design, implement and manage a site-to-site VPN connection (AZ-700)

Design and implement a hybrid networking infrastructure is part of every cloud adoption project. Organizations planning to embrace public cloud services and migrate resources to Azure usually need communication channels between the on-premises environments and Azure. One of the widely used technologies that provide the required communication channel is Site-to-Site Virtual Private Network (S2S VPN). To deploy such a communication channel, you will set up a VPN IPSec tunnel between an On-premise gateway and Azure VPN gateway. As part of the Azure AZ-700 Study Guide, in this blog post, we are going to explorer Azure S2S VPN

Continue reading “Design, implement and manage a site-to-site VPN connection (AZ-700)”

AZ-700 Azure Network Engineer Study Guide

A few days ago, Microsoft introduced a brand new certificate titled Azure Network Engineer Associate. Since networking is one of the core elements of any cloud infrastructure, it is crucial to educate the Subject Matter Experts in planning, implementing, and maintaining Azure networking solutions. AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam should be taken and passed successfully to achieve this certificate. As a firm believer of certification programs and someone who has been working in the IT industry for quite a long time, I would recommend taking the training and AZ-700 exam to those who work with Azure networking. The reason behind believing in the certification programs is you will learn the required concepts based on a proven learning framework.

Continue reading “AZ-700 Azure Network Engineer Study Guide”