Objective of this session: bring WS2012 R2, System Center 2012 R2 and Windows Azure together using hybrid networking.<\/p>\n
Hybrid Network<\/u><\/strong><\/p>\n Tenant thinks they have their own network, but it\u2019s an abstracted network on hosting environment. Can link to Internet and extend clients\u2019 on-premise network into hosting network. There is routing between the client network and the tenant network.<\/p>\n Can route between client site A, through client site B, to tenant network if Site A to tenant network link is down.<\/p>\n There is in-box capability for the gateway in WS2012 R2.<\/p>\n Hybrid Networking in WS2012 and SysCtr 2012 SP1<\/u><\/strong><\/p>\n F5 solution is Windows Server based at the moment. They are working on a hardware solution.<\/p>\n Benefits of Hybrid Networking<\/u><\/strong><\/p>\n Network Fabrication Configuration<\/u><\/strong><\/p>\n Demo<\/u><\/strong><\/p>\n Checked the Allow New VM Networks Created On This Logical …. in the settings of the tenant Logical Network \u2013 different tenant network than before \u2013 no VLAN stuff.<\/p>\n Enabling Hybrid Connectivity<\/u><\/strong><\/p>\n Charlie Wen (Mr. QoS in WS2012) comes on stage to talk about the WS gateway.<\/p>\n WS2012 Hybrid Connectivity<\/u><\/strong><\/p>\n Limitations:<\/p>\n WS2012 R2<\/u><\/strong><\/p>\n Demo<\/u><\/strong><\/p>\n Shows NAT in action on the gateway. Client connects to VM in VM network using IE and public IP address. Does it twice and does 2 downloads (long and still running). Uses Get-NetCompartment to view tenant networks. Moves the gateway role from one WS2012 r2 cluster member to another and it\u2019s done in the blink of an eye. The downloads do not get interrupted because the proactive failover of the gateway resource happens so quickly. Good for maintenance.<\/p>\n Private Cloud with WS2012 R2<\/u><\/strong><\/p>\n Multi-tenant networking stack<\/u><\/strong><\/p>\n Multi-tenant Site-to-Site<\/u><\/strong><\/p>\n On boarding: create new tenant with a compartment in the gateway Incoming packets go into a default compartment. Packet is inspected, and sent to the correct tenant compartment, and onwards to the VM network.<\/p>\n Outbound packet, from the VM network, to the tenant compartment. There is a routing table there and then it goes out to the right client on-premise site over the VPN.<\/p>\n Multi-tenant NAT<\/u><\/strong><\/p>\n Each tenant compartment needs a unique IP.<\/p>\n Outbound packet into tenant compartment from VM network, then NATed before going out to the net.<\/p>\n For inbound packet, it comes into the gateway. A NAT mapping sends it to the correct client compartment, and onwards to the VM network.<\/p>\n BGP Dynamic Route learning and Best Path Selection<\/u><\/strong><\/p>\n BGP will select the best route. Say the Site 1 \u2013 hoster link goes down. BGP will auto re-route to hoster via site 2.<\/p>\n Guest Clustering for HA<\/u><\/strong><\/p>\n Back to Greg and SCVMM …<\/p>\n Provisioning from VMM<\/u><\/strong><\/p>\n Post-preview functionality configured from SCVMM, ie not in the preview and will be in RTM:<\/p>\n Demo<\/u><\/strong><\/p>\n Has the service template and deploys it to the untrusted host.<\/p>\n Has one already baked, and shows the service in his cloud view. The host was marked as a HNV host: get-scvmmhost <hostname> \u2026 IsDedicatedToWnvGateway is set to true. Set-SCVMMHost \u2013IsDedicatedToWnvGateway $true <hostname>.<\/p>\n Adds a Network Service in Fabric-Networking. Selects RunAs account. Sets a network service connection string. Reviews the certificates. Tests the provider before existing the wizard. And then selects a host group \u2013 e.g. dedicate the gateway to a rack of servers. Configures the front end and back end NICs: selects NICs and network sites for each of the two. Done. The g\/w is added \u2026 but it takes a minute or so to set up the compartments \u2026. watch out for that!<\/p>\n Goes into VM Newtorks. Creates a new VM Network in the tenant logical network. Enables HNV. Sets the VM subnet. Connects the VPN tunnel, with BGP. Enables NAT. Selects an IP Pool for the NAT connection. Can add inbound access rules for specific ports, e.g. send inbound TCP 80 to 10.0.0.2 port 80. That configures the compartment in the g\/w. Adds an IP pool to the HNV gateway. <\/p>\n Done! Now you can add VMs to the VM Network and they can talk through the gateway, e.g. talk to an external network.<\/p>\n No configuration done in the gateway VMs or on the HNV hosts.<\/p>\n Enabling Tenant Self-Service<\/u><\/strong><\/p>\n Using Windows Azure Services for Windows Server:<\/p>\n SPF provides REST API to enable hosters and private cloud providers to build their own portal if they want.<\/p>\n The client configures a VM network and VPN tunnel on the hoster portal. That configures VMM and the gateway for the tenant. The tenant must then configure their own VPN endpoint to complete the tunnel.<\/p>\n Demo of tenant self-service<\/u><\/strong><\/p>\n Logs into the portal as a tenant. Creates a new virtual network. Selects IPv4. Specifies DNS, and chooses to enable NAT and VPN. Enter his tenant VPN endpoint info and enables BGP. Adds an address space for the VM network. Names the site-site VPN, enters the pre-shared key, and the address space for BGP to do initial routing for dynamic discovery.<\/p>\n Note: it is IBGP. Add the BGP peers and ASN info. Check the wizard and done.<\/p>\n Outbound NAT is enabled. Inbound requires configuration. Hosters can supply VPN configuration scripts that the tenant can download from the portal. <\/p>\n Creates a new NAT rule for a web server. Nice bit: can choose an already selected VM rather than entering an IP address.<\/p>\n And that\u2019s that!<\/p>\n Speaker: Greg Cusanza, Senior PM, MSFT (VMM) and Charlie Wen, PM (Windows). This is a follow up to part 1. Objective of this session: bring WS2012 R2, System Center 2012 R2 and Windows Azure together using hybrid networking. Hybrid Network Tenant thinks they have their own network, but it\u2019s an abstracted network on hosting environment. … Continue reading “TechEd 2013: How To Design & Configure Networking In VMM (Part 2)”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[14],"tags":[172,181,80,193,195,196],"class_list":["post-14727","post","type-post","status-publish","format-standard","hentry","category-eventnotes","tag-cloud","tag-hyper-v","tag-networking","tag-system-center","tag-virtualisation","tag-vmm"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/14727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14727"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/14727\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"picture027\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture027_thumb.jpg\" "\\"picture027\\"")
<\/a><\/p>\n\n
\n
![\"picture029\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture029_thumb.jpg\" "\\"picture029\\"")
<\/a><\/p>\n\n
\n
\n
![\"picture030\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture030_thumb.jpg\" "\\"picture030\\"")
<\/a><\/p>\n\n
![\"picture031\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture031_thumb.jpg\" "\\"picture031\\"")
<\/a><\/p>\n\n
![\"picture034\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture034_thumb.jpg\" "\\"picture034\\"")
<\/a><\/p>\n![\"picture036\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture036_thumb.jpg\" "\\"picture036\\"")
<\/a><\/p>\n\n
\n
\n
![\"picture037\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture037_thumb.jpg\" "\\"picture037\\"")
<\/a><\/p>\n\n