|
1 | 1 | --- |
2 | | -title: Architecture of BareMetal Infrastructure for NC2 |
| 2 | +title: Architecture of BareMetal Infrastructure for NC2 on Azure |
3 | 3 | author: jjaygbay1 |
4 | 4 | ms.author: jacobjaygbay |
5 | | -description: Learn about the architecture of several configurations of BareMetal Infrastructure for NC2. |
| 5 | +description: Learn about the architecture of several configurations of BareMetal Infrastructure for NC2 on Azure. |
6 | 6 | ms.topic: reference |
7 | 7 | ms.subservice: baremetal-nutanix |
8 | 8 | ms.custom: engagement-fy23 |
9 | | -ms.date: 05/21/2024 |
| 9 | +ms.date: 7/17/2024 |
10 | 10 | --- |
11 | 11 |
|
12 | | -# Architecture of BareMetal Infrastructure for Nutanix |
| 12 | +# Nutanix Cloud Clusters (NC2) on Azure architectural concepts |
13 | 13 |
|
14 | | -In this article, we look at the architectural options for BareMetal Infrastructure for Nutanix and the features each option supports. |
| 14 | +NC2 provides Nutanix-based private clouds in Azure. The private cloud hardware and software deployments are fully integrated and automated in Azure. Deploy and manage the private cloud through the Azure portal, CLI, or PowerShell. |
| 15 | + |
| 16 | +A private cloud includes clusters with: |
| 17 | + |
| 18 | +- Dedicated bare-metal server hosts provisioned with Nutanix AHV hypervisor |
| 19 | +- Nutanix Prism Central for managing Nutanix Prism Element, Nutanix AHV and Nutanix AOS. |
| 20 | +- Nutanix Flow software-defined networking for Nutanix AHV workload VMs |
| 21 | +- Nutanix AOS software-defined storage for Nutanix AHV workload VMs |
| 22 | +- Nutanix Move for workload mobility |
| 23 | +- Resources in the Azure underlay (required for connectivity and to operate the private cloud) |
| 24 | + |
| 25 | +Private clouds are installed and managed within an Azure subscription. The number of private clouds within a subscription is scalable. |
| 26 | + |
| 27 | +The following diagram describes the architectural components of the Azure VMware Solution. |
| 28 | + |
| 29 | +:::image type="content" source="media/nc2-on-azure-architecture-overview.png" alt-text="Diagram illustrating the NC2 on Azure architecutural overview." border="false" lightbox="media/nc2-on-azure-architecture-overview.png"::: |
| 30 | + |
| 31 | +Each NC2 on Azure architectural component has the following function: |
| 32 | + |
| 33 | +- Azure Subscription: Used to provide controlled access, budget, and quota management for the NC2 on Azure service. |
| 34 | +- Azure Region: Physical locations around the world where we group data centers into Availability Zones (AZs) and then group AZs into regions. |
| 35 | +- Azure Resource Group: Container used to place Azure services and resources into logical groups. |
| 36 | +- NC2 on Azure: Uses Nutanix software, including Prism Central, Prism Element, Nutanix Flow software-defined networking, Nutanix Acropolis Operating System (AOS) software-defined storage, and Azure bare-metal Acropolis Hypervisor (AHV) hosts to provide compute, networking, and storage resources. |
| 37 | +- Nutanix Move: Provides migration services. |
| 38 | +- Nutanix Disaster Recovery: Provides disaster recovery automation and storage replication services. |
| 39 | +- Nutanix Files: Provides filer services. |
| 40 | +- Nutanix Self Service: Provides application lifecycle management and cloud orchestration. |
| 41 | +- Nutanix Cost Governance: Provides multi-cloud optimization to reduce cost & enhance cloud security. |
| 42 | +- Azure Virtual Network (VNet): Private network used to connect AHV hosts, Azure services and resources together. |
| 43 | +- Azure Route Server: Enables network appliances to exchange dynamic route information with Azure networks. |
| 44 | +- Azure Virtual Network Gateway: Cross premises gateway for connecting Azure services and resources to other private networks using IPSec VPN, ExpressRoute, and VNet to VNet. |
| 45 | +- Azure ExpressRoute: Provides high-speed private connections between Azure data centers and on-premises or colocation infrastructure. |
| 46 | +- Azure Virtual WAN (vWAN): Aggregates networking, security, and routing functions together into a single unified Wide Area Network (WAN). |
15 | 47 |
|
16 | 48 | ## Deployment example |
17 | 49 |
|
@@ -39,6 +71,46 @@ Connecting from cloud to on-premises is supported by two traditional products: E |
39 | 71 | One example deployment is to have a VPN gateway in the Hub virtual network. |
40 | 72 | This virtual network is peered with both the PC virtual network and Cluster Management virtual network, providing connectivity across the network and to your on-premises site. |
41 | 73 |
|
| 74 | +## Supported topologies |
| 75 | + |
| 76 | +The following table describes the network topologies supported by each network features configuration of NC2 on Azure. |
| 77 | + |
| 78 | +|Topology |Supported | |
| 79 | +| :------------------- |:---------------:| |
| 80 | +|Connectivity to BareMetal Infrastructure (BMI) in a local VNet| Yes | |
| 81 | +|Connectivity to BMI in a peered VNet (Same region)|Yes | |
| 82 | +|Connectivity to BMI in a peered VNet\* (Cross region or global peering) with VWAN\*|Yes | |
| 83 | +|Connectivity to BM in a peered VNet* (Cross region or global peering)* without VWAN| No| |
| 84 | +|On-premises connectivity to Delegated Subnet via Global and Local Expressroute |Yes| |
| 85 | +|ExpressRoute (ER) FastPath |No | |
| 86 | +|Connectivity from on-premises to BMI in a spoke VNet over ExpressRoute gateway and VNet peering with gateway transit|Yes | |
| 87 | +|On-premises connectivity to Delegated Subnet via VPN GW| Yes | |
| 88 | +|Connectivity from on-premises to BMI in a spoke VNet over VPN gateway and VNet peering with gateway transit| Yes | |
| 89 | +|Connectivity over Active/Passive VPN gateways| Yes | |
| 90 | +|Connectivity over Active/Active VPN gateways| No | |
| 91 | +|Connectivity over Active/Active Zone Redundant gateways| No | |
| 92 | +|Transit connectivity via vWAN for Spoke Delegated VNETS| Yes | |
| 93 | +|On-premises connectivity to Delegated subnet via vWAN attached SD-WAN| No| |
| 94 | +|On-premises connectivity via Secured HUB(Az Firewall NVA) | No| |
| 95 | +|Connectivity from UVMs on NC2 nodes to Azure resources|Yes| |
| 96 | + |
| 97 | +\* You can overcome this limitation by setting Site-to-Site VPN. |
| 98 | + |
| 99 | +## Constraints |
| 100 | + |
| 101 | +The following table describes what’s supported for each network features configuration: |
| 102 | + |
| 103 | +|Features |Basic network features | |
| 104 | +| :------------------- | -------------------: | |
| 105 | +|Delegated subnet per VNet |1| |
| 106 | +|[Network Security Groups](../../../virtual-network/network-security-groups-overview.md) on NC2 on Azure-delegated subnets|No| |
| 107 | +|VWAN enables traffic inspection via NVA (Virtual WAN Hub routing intent)|Yes| |
| 108 | +[User-defined routes (UDRs)](../../../virtual-network/virtual-networks-udr-overview.md#user-defined) on NC2 on Azure-delegated subnets without VWAN| No| |
| 109 | +|Connectivity from BareMetal to [private endpoints](../../../private-link/private-endpoint-overview.md) in the same Vnet on Azure-delegated subnets|No| |
| 110 | +|Connectivity from BareMetal to [private endpoints](../../../private-link/private-endpoint-overview.md) in a different spoke Vnet connected to vWAN|Yes| |
| 111 | +|Load balancers for NC2 on Azure traffic|No| |
| 112 | +|Dual stack (IPv4 and IPv6) virtual network|IPv4 only supported| |
| 113 | + |
42 | 114 | ## Next steps |
43 | 115 |
|
44 | 116 | Learn more: |
|
0 commit comments