In this video, from the Azure VMware Solution digital event on March 23, 2022, learn from Sapna Jeswani, Principal Program Manager at Microsoft and Prasad Gandham, Principal Program Manager at Microsoft about automating onboarding of Azure VMware Solution in your environment. You can follow along at aka.ms/avs-accelerator and get the automation piece here
Azure Landing Zones provides you with best practices of scalability, security and can accelerate your adoption into Azure. The design guidelines can answer many questions you may already have and help you along the way to a full deployment. First there is Enterprise-scale Identity and Access Management. This article goes over best practices identity and access. For example, creating custom roles vs using the local user cloudadmin (this account is deployed with AVS) and over limiting the number of users who are in the CloudAdmin role for AVS. It also goes on to show how you can create groups in Active Directory and use Role Based Access Control to make sure the rights users have proper permissions.
The next guideline covers Networking topology and connectivity, I had the pleasure of hosting an Azure Unblogged with Sabine Blair, who is a customer facing engineer, and Mahesh Kshirsagar, a Cloud Solution Architect, going over possible networking topologies and connectivity scenarios in Azure VMware Solution.
We go over, in depth, using ExpressRoute, NSX-T. T0/T1 Routers, Network Virtual Appliances (NVAs), Azure Route Server and Azure Firewall in your environment. ExpressRoute can be used for enterprise connectivity into Azure but you can also utilize VPN to get started. VMware admins will already be familiar with NSX-T and T0/T1 routers. Items like NVA you can use natively or your favorite 3rd party tool
The guidance provided will help you establish connectivity to, from, and within AVS whether you are in net-new greenfield AVS deployments, or extending your existing Azure footprint.
Our discussion highlighted some advanced architecture scenarios such as (but not limited to) hybrid cloud, hub-and-spoke topologies, multi-region disaster recovery (DR) scenarios, and end-to-end traffic inspection requirements. Also, standard features that come with the Azure VMware solution, in addition to, Azure native services many people are leveraging in their design patterns.
Users with internet-facing workloads can have the traffic managed using AVS's default settings in NSX-T, or leverage Azure Native firewall services such as Azure Virtual WAN in a Secured Hub model. You can also leverage existing or newly deployed third party Network Virtual appliances either hosted in AVS, Azure or On-Premises to inspect traffic flows to and from AVS.
People can take advantage one of Azure's latest services, Azure Route Server, to dynamically inject routes for customers who are leveraging SDWAN and network appliances to avoid the overhead that comes with managing user-defined route tables, especially as their environments continue to expand.
Since AVS leverages a dedicated Express Route circuit that users can peer with their on-premises environments over the Microsoft backbone, or create connections to existing Azure gateways, managing BGP sessions is a recurring theme across many AVS architectures which is what ARS (Azure Route Server) helps to address.
We also discussed how NSX-T is equipped with tier0/tier1 routers users can optimize their traffic within AVS and between workloads by optimizing their tier 1 to avoid performance bottlenecks.
Do you have any network questions or ideas? Let me know with a comment!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.