Microsoft Networking Academywith the C+E Global Black Belts

Olivier Martin (@omartin) – Networking TSP GBB

Jaime Schmidtke (@jaimesc) – ExpressRoute Partners GBB

Bryan Woodworth (@brwoodwo) – Networking TSP GBB

• Welcome customers and partners!!!

• Material is public information No NDA info here.

• Use the IM window for questions.

• Agenda is posted at http://aka.ms/mna (and emailed to interested parties!)

• Sessions are recorded and posted here :• http://aka.ms/mna-ch9

Before we get started

• Runs every 4 week with typical agenda :

• Partner-Focused Sessions

• Azure Networking and Security Updates (10 minutes)

• Partner Spotlight of the week (20-30 minutes)

• Q&A (10 minutes)

• Deep Dive Sessions

• Short introduction (5 minutes)

• Deeper dive topic of the week (35-45 minutes)

• Q&A (10 minutes)

• Email GBB-ANF@microsoft.com to receive detailed schedules for the upcoming sessions!

• Recordings available on Channel 9!

Microsoft Networking Academy

• Intro and announcement

•Great Content : • Ignite 2017 review• Operations Management Suite – Network Performance

Monitor (OMS NPM for short!)• A10 presentation on vThunder (30 Gbps!)

•Open Q&A

Agenda for October 20th, 2017

Connectivity

Security

Performance

Monitoring

Availability

Regions that support Availability

Zones

East US 2

West Europe

10.0.1.0/24

BackEnd SubnetAzure

Storage/ SQL

AccountA

/SQL Server)

VNET1:BESub

On-Prem NATIP

Internet

On-Prem

Microsoft Azure

VNet Service Endpoint

FrontEnd Subnet

10.0.2.0/24

VNet1: 10.0.0.0/16USWest

Access over NAT IPs

This feature is available in preview for the following

Azure services and regions:

Azure Storage: WestCentralUS, WestUS2, EastUS,

WestUS, AustraliaEast, and AustraliaSouthEast

Azure SQL Database: WestCentralUS, WestUS2, and

EastUS.

<NVA Subnet> <Backend Subnet><DMZ Subnet>

Virtual NetworkMicrosoft Azure

Ingress Traffic

Egress Traffic

NVA Pool

Zookeeper

Cluster

Passive NVA

Active NVAExpress

Route

EnterpriseHealth Probe

Orchestration

Gateway

Destination NextHop

Backend Active NVA IP

Destination NextHop

DMZ Active NVA IP

NVA High Availability

Active / Passive

Only

Complex

Configuration

NVA High Availability – with HA Ports

NVA Pool

…

Destination NextHop

Backend ILB VIP

Destination NextHop

DMZ ILB VIP

Azure ILBPorts {1…65535}

Protocols {TCP + UDP}

Simplified

Configuration

Supports N-Active

deployment

Metric Load Balancer Basic Load Balancer Standard

Scale Up to 100 Backend instances Up to 1000 backend instances

LB Scope Non-zonal Frontend Ips Zonal redundant and Zonal

Frontend Ips

Fault Tolerence Works in a Availability set Works in Availability set and

Availability zones

Diagnostics Basic NAT and Probe health

status

Integrated Front end and

Backend health metrics

NVA - Supports HA Ports

Cost Free Charged at GA

Subnet

Network Security Group

Action Name Source Destination Service

Allow AllowInternetToWeb Internet 10.0.0.10/24 HTTP(TCP/80)

Allow AllowVNet VirtualNetwork VirtualNetwork Any

Deny DenyAllInBound Any Any Any

Virtual Network

Allow AllowWebToApp 10.0.0.10/24 10.1.0.20/24 HTTPS(TCP/8443)

Secured

Platform

Cloud

New Capabilities for NSG’s –Keeping your apps secure at scale

Azure Virtual Network or

Virtual Machine

Network Security Group NSG

Actio

n

Name Source Destination Port

Allow AllowStorage VirtualNetwork Storage Any

Allow AllowAzureTM VirtualNetwork AzureTrafficManager Any

Allow AllowSQL VirtualNetwork Sql.EastUS Any

AllowAllowMyExtRange

s

10.0.1.0/24,

192.168.2.12/25

13.68.120.64/28,

137.116.1.0/25,

191.237.160.224/28

80,8080

, 443

Deny DenyAllOutBound Any Any Any

Service Tags & Augmented Rules

Public Preview Regions:USWestCentral, USEast, USWest, USWest2,

AustraliaEast, AustraliaSouthEast, UKSouth

New Capabilities for NSG’s –Keeping your apps secure at scale

Network Security Group NSG

Action Name Source Destination Port

DenyBlockQuarantineVM

sAny QuarantineVMs Any

Allow AllowInternetToWeb Internet WebServers 80,8080 (HTTP)

Allow AllowWebToApp WebServers AppServers 443 (HTTPS)

Allow AllowAppToDb AppServersDatabaseServer

s3306 (MySQL)

Allow AllowInternetToJBs Internet Jumpboxes 22 (SSH)

Deny DenyAllOutBound Any Any Any

Application Security Groups

WebServers

Virtual Network

AppServers DatabaseServers

Jumpboxes QuarantineVMs

The features are available only in the

following region: West Central US.

Virtual Network

US WestVirtual Network

Canada Central

Peer

Virtual NetworkVirtual Network

US West

Virtual Network

Peer

Virtual Network

• Global private networks in Azure through peered

VNets

• Private: no internet, through Backbone

• High bandwidth cross-region connectivity

• Large private networks in Azure through

peered Vnets

• Enables hub and spoke architectures in Azure

Peering virtual networks in different regions is currently

in preview in US West Central, Canada Central, and US

West 2.

Free Preview will start in East US, West US, West Central US—expand globally in next few months

IPv6 support

Monitoring Preview

Merging of Microsoft Peering and Azure Public Peering Preview

ExpressRoute

Circuit

Customer’s

networkMicrosoft

Edge

Partner

Edge

ExpressRoute

Circuit

Customer’s

networkMicrosoft

Edge

Partner

Edge

Load Balancer Application Gateway

Traffic Manager

30 Gbps VM to VM bandwidth world’s fastest

Accelerated Networking for more VM SKUs

DPDK partner enablement

VPN gateway SKUs—up to 6 X faster

Your Secure Application Services

Company

High PerformanceVirtual Appliance (vThunder) in AzureSaurabh Sureka, Senior Product Manager, Cloud and Software

Jeevan Sharma, Sr. Solutions Architect

Leah McLean, Cloud and Software Manager

U S E R S A P P S

A10

D A T A

C E N T E R / C L OU D

5,000+ Customers in 72 Countries

• Multiple Points of Presence

• Apps hosted in Azure

• Secure data in Private Data Centers

• Serve multitude of traffic types

Virtual Appliance Requirements

• High bandwidth IPSec Connectivity

• Multi-protocol L4/L7 Application Load Balancing

• SSL termination, AAM, Certificate Management

• Consolidate functionality to high

performance Azure servers

Harmony

Controller

Data

Center

Secure IPSec Connectivity

VISIBILITY & MANAGEMENT

Video

IoT

SSL

Public

Microsoft Azure

• Accelerated Networking (SRIOV)

• Data Plane Data Kit (DPDK)

A10 Networks

• Application Delivery

• Secure Connectivity

• Management & Analytics

Results

• 10X Performance improvement in packets

per second (pps)

• Significantly reduced latency & jitter

Harmony

Controller

Data

Center

Secure Connectivity

Public

Demo Topology: vThunder in Azure

Client VM vThunder VM(VIP: 10.32.2.13)

Server VM

52.225.189.135 52.138.70.210 52.138.66.22Public IPs

Hosted On

10.3

2.1.5

10.3

2.2

.8

10.3

2.1

.11

10.3

2.2

.10

OS ubuntu1~16.04.4 ubuntu1~16.04.4A10 ACOS 4.pvt

ubclient4Azure VM acos3riov ubserver4

30G Throughput

A10 vThunder Appliance

in

Azure Accelerated Networking

IPSec Service Using

A10 vThunder Appliance

in

Azure Accelerated Networking

Client VM Tunnel IP: 101.101.101.2

30.30.2.100

Secure Tunnel

Tunnel IP: 101.101.101.1

Eth1: 10.32.1.11

Eth2: 10.32.2.10

Public IP: 52.26.124.83 Public IP: 52.138.65.69

A10 Work Station (Private Data Center) Azure (East US2)

IPSec Gateways: Private Data Center vThunder (4G) --- Azure vThunder

(25G)

AES 256, SHA1

Single tunnel, 90 Connections, Measured 3.59G

10.32.2.8

Client VM

• Checkout Azure Marketplace to find A10 vThunder Appliances

• To learn more about the A10 and Microsoft initiative, read our blogs:

https://www.a10networks.com/blog/a10-vthunder-microsoft-accel-net-integration

and https://azure.microsoft.com/en-us/blog/azure-networking-announcements-for-

ignite-2017/

A10 Networks Partner Contacts:

• Gunter Reiss

VP, Strategic Alliances

Greiss@a10networks.com

• Leah McLean

Senior Manager, Strategic Alliances

lmclean@a10networks.com

THANK YOU

Connectivity

Security

Performance

Monitoring

Availability

Open Q&A

Thank you!Session recording will be posted shortly herehttp://aka.ms/MNA