microsoft networking academy · microsoft networking academy •intro and announcement ... a10...
TRANSCRIPT
Microsoft Networking Academywith the C+E Global Black Belts
Olivier Martin (@omartin) – Networking TSP GBB
Jaime Schmidtke (@jaimesc) – ExpressRoute Partners GBB
Bryan Woodworth (@brwoodwo) – Networking TSP GBB
• Welcome customers and partners!!!
• Material is public information No NDA info here.
• Use the IM window for questions.
• Agenda is posted at http://aka.ms/mna (and emailed to interested parties!)
• Sessions are recorded and posted here :• http://aka.ms/mna-ch9
Before we get started
• Runs every 4 week with typical agenda :
• Partner-Focused Sessions
• Azure Networking and Security Updates (10 minutes)
• Partner Spotlight of the week (20-30 minutes)
• Q&A (10 minutes)
• Deep Dive Sessions
• Short introduction (5 minutes)
• Deeper dive topic of the week (35-45 minutes)
• Q&A (10 minutes)
• Email [email protected] to receive detailed schedules for the upcoming sessions!
• Recordings available on Channel 9!
Microsoft Networking Academy
• Intro and announcement
•Great Content : • Ignite 2017 review• Operations Management Suite – Network Performance
Monitor (OMS NPM for short!)• A10 presentation on vThunder (30 Gbps!)
•Open Q&A
Agenda for October 20th, 2017
Connectivity
Security
Performance
Monitoring
Availability
Regions that support Availability
Zones
East US 2
West Europe
10.0.1.0/24
BackEnd SubnetAzure
Storage/ SQL
AccountA
/SQL Server)
VNET1:BESub
On-Prem NATIP
Internet
On-Prem
Microsoft Azure
VNet Service Endpoint
FrontEnd Subnet
10.0.2.0/24
VNet1: 10.0.0.0/16USWest
Access over NAT IPs
This feature is available in preview for the following
Azure services and regions:
Azure Storage: WestCentralUS, WestUS2, EastUS,
WestUS, AustraliaEast, and AustraliaSouthEast
Azure SQL Database: WestCentralUS, WestUS2, and
EastUS.
<NVA Subnet> <Backend Subnet><DMZ Subnet>
Virtual NetworkMicrosoft Azure
Ingress Traffic
Egress Traffic
NVA Pool
Zookeeper
Cluster
Passive NVA
Active NVAExpress
Route
EnterpriseHealth Probe
Orchestration
Gateway
Destination NextHop
Backend Active NVA IP
Destination NextHop
DMZ Active NVA IP
NVA High Availability
Active / Passive
Only
Complex
Configuration
NVA High Availability – with HA Ports
NVA Pool
…
Destination NextHop
Backend ILB VIP
Destination NextHop
DMZ ILB VIP
Azure ILBPorts {1…65535}
Protocols {TCP + UDP}
Simplified
Configuration
Supports N-Active
deployment
Metric Load Balancer Basic Load Balancer Standard
Scale Up to 100 Backend instances Up to 1000 backend instances
LB Scope Non-zonal Frontend Ips Zonal redundant and Zonal
Frontend Ips
Fault Tolerence Works in a Availability set Works in Availability set and
Availability zones
Diagnostics Basic NAT and Probe health
status
Integrated Front end and
Backend health metrics
NVA - Supports HA Ports
Cost Free Charged at GA
Subnet
Network Security Group
Action Name Source Destination Service
Allow AllowInternetToWeb Internet 10.0.0.10/24 HTTP(TCP/80)
Allow AllowVNet VirtualNetwork VirtualNetwork Any
Deny DenyAllInBound Any Any Any
Virtual Network
Allow AllowWebToApp 10.0.0.10/24 10.1.0.20/24 HTTPS(TCP/8443)
Secured
Platform
Cloud
New Capabilities for NSG’s –Keeping your apps secure at scale
Azure Virtual Network or
Virtual Machine
Network Security Group NSG
Actio
n
Name Source Destination Port
Allow AllowStorage VirtualNetwork Storage Any
Allow AllowAzureTM VirtualNetwork AzureTrafficManager Any
Allow AllowSQL VirtualNetwork Sql.EastUS Any
AllowAllowMyExtRange
s
10.0.1.0/24,
192.168.2.12/25
13.68.120.64/28,
137.116.1.0/25,
191.237.160.224/28
80,8080
, 443
Deny DenyAllOutBound Any Any Any
Service Tags & Augmented Rules
Public Preview Regions:USWestCentral, USEast, USWest, USWest2,
AustraliaEast, AustraliaSouthEast, UKSouth
New Capabilities for NSG’s –Keeping your apps secure at scale
Network Security Group NSG
Action Name Source Destination Port
DenyBlockQuarantineVM
sAny QuarantineVMs Any
Allow AllowInternetToWeb Internet WebServers 80,8080 (HTTP)
Allow AllowWebToApp WebServers AppServers 443 (HTTPS)
Allow AllowAppToDb AppServersDatabaseServer
s3306 (MySQL)
Allow AllowInternetToJBs Internet Jumpboxes 22 (SSH)
Deny DenyAllOutBound Any Any Any
Application Security Groups
WebServers
Virtual Network
AppServers DatabaseServers
Jumpboxes QuarantineVMs
The features are available only in the
following region: West Central US.
Virtual Network
US WestVirtual Network
Canada Central
Peer
Virtual NetworkVirtual Network
US West
Virtual Network
Peer
Virtual Network
• Global private networks in Azure through peered
VNets
• Private: no internet, through Backbone
• High bandwidth cross-region connectivity
• Large private networks in Azure through
peered Vnets
• Enables hub and spoke architectures in Azure
Peering virtual networks in different regions is currently
in preview in US West Central, Canada Central, and US
West 2.
Free Preview will start in East US, West US, West Central US—expand globally in next few months
IPv6 support
Monitoring Preview
Merging of Microsoft Peering and Azure Public Peering Preview
ExpressRoute
Circuit
Customer’s
networkMicrosoft
Edge
Partner
Edge
ExpressRoute
Circuit
Customer’s
networkMicrosoft
Edge
Partner
Edge
Load Balancer Application Gateway
Traffic Manager
30 Gbps VM to VM bandwidth world’s fastest
Accelerated Networking for more VM SKUs
DPDK partner enablement
VPN gateway SKUs—up to 6 X faster
Your Secure Application Services
Company
High PerformanceVirtual Appliance (vThunder) in AzureSaurabh Sureka, Senior Product Manager, Cloud and Software
Jeevan Sharma, Sr. Solutions Architect
Leah McLean, Cloud and Software Manager
U S E R S A P P S
A10
D A T A
C E N T E R / C L OU D
5,000+ Customers in 72 Countries
• Multiple Points of Presence
• Apps hosted in Azure
• Secure data in Private Data Centers
• Serve multitude of traffic types
Virtual Appliance Requirements
• High bandwidth IPSec Connectivity
• Multi-protocol L4/L7 Application Load Balancing
• SSL termination, AAM, Certificate Management
• Consolidate functionality to high
performance Azure servers
Harmony
Controller
Data
Center
Secure IPSec Connectivity
VISIBILITY & MANAGEMENT
Video
IoT
SSL
Public
Microsoft Azure
• Accelerated Networking (SRIOV)
• Data Plane Data Kit (DPDK)
A10 Networks
• Application Delivery
• Secure Connectivity
• Management & Analytics
Results
• 10X Performance improvement in packets
per second (pps)
• Significantly reduced latency & jitter
Harmony
Controller
Data
Center
Secure Connectivity
Public
Demo Topology: vThunder in Azure
Client VM vThunder VM(VIP: 10.32.2.13)
Server VM
52.225.189.135 52.138.70.210 52.138.66.22Public IPs
Hosted On
10.3
2.1.5
10.3
2.2
.8
10.3
2.1
.11
10.3
2.2
.10
OS ubuntu1~16.04.4 ubuntu1~16.04.4A10 ACOS 4.pvt
ubclient4Azure VM acos3riov ubserver4
30G Throughput
A10 vThunder Appliance
in
Azure Accelerated Networking
IPSec Service Using
A10 vThunder Appliance
in
Azure Accelerated Networking
Client VM Tunnel IP: 101.101.101.2
30.30.2.100
Secure Tunnel
Tunnel IP: 101.101.101.1
Eth1: 10.32.1.11
Eth2: 10.32.2.10
Public IP: 52.26.124.83 Public IP: 52.138.65.69
A10 Work Station (Private Data Center) Azure (East US2)
IPSec Gateways: Private Data Center vThunder (4G) --- Azure vThunder
(25G)
AES 256, SHA1
Single tunnel, 90 Connections, Measured 3.59G
10.32.2.8
Client VM
• Checkout Azure Marketplace to find A10 vThunder Appliances
• To learn more about the A10 and Microsoft initiative, read our blogs:
https://www.a10networks.com/blog/a10-vthunder-microsoft-accel-net-integration
and https://azure.microsoft.com/en-us/blog/azure-networking-announcements-for-
ignite-2017/
A10 Networks Partner Contacts:
• Gunter Reiss
VP, Strategic Alliances
• Leah McLean
Senior Manager, Strategic Alliances
THANK YOU
Connectivity
Security
Performance
Monitoring
Availability
Open Q&A
Thank you!Session recording will be posted shortly herehttp://aka.ms/MNA