|
| 1 | +--- |
| 2 | +title: "Create a private network connector: Azure Modeling and Simulation Workbench" |
| 3 | +description: Learn how to deploy a connector on a private virtual network. |
| 4 | +author: yousefi-msft |
| 5 | +ms.author: yousefi |
| 6 | +ms.service: modeling-simulation-workbench |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 09/21/2024 |
| 9 | + |
| 10 | +#CustomerIntent: As a Workench Owner for Azure Modeling and Simulation Workbench, I want to deploy a connector onto a private virtual network. |
| 11 | +--- |
| 12 | + |
| 13 | +# Set up a private networking connector |
| 14 | + |
| 15 | +In Azure Modeling and Simulation Workbench, you can deploy a [connector](./concept-connector.md) to a virtual network, rather than to public facing IP addresses. Deploying to a private address virtual network allows you to enable access to your workbench through a virtual private network (VPN) gateway or from other Azure resources without exposing it to the internet. |
| 16 | + |
| 17 | +## Prerequisites |
| 18 | + |
| 19 | +[!INCLUDE [prerequisite-account-sub](includes/prerequisite-account-sub.md)] |
| 20 | + |
| 21 | +[!INCLUDE [prerequisite-mswb-chamber](includes/prerequisite-chamber.md)] |
| 22 | + |
| 23 | +## Create or designate a virtual network |
| 24 | + |
| 25 | +Modeling and Simulation Workbench requires a virtual network with a subnet name 'default.' If you don't have a virtual network already created, [create one before continuing](/azure/virtual-network/quick-create-portal). |
| 26 | + |
| 27 | +## Assign roles |
| 28 | + |
| 29 | +Before you create a [connector](./concept-connector.md) for private IP networking via VPN or ExpressRoute, the Workbench needs a role assignment to allow it to deploy resources into your resource group. Modeling and Simulation Workbench requires the **Network Contributor** role for the resource group in which you're hosting your virtual network. |
| 30 | + |
| 31 | +| Setting | Value | |
| 32 | +|:---------------------|:--------------------------------------------| |
| 33 | +| **Role** | **Network Contributor** | |
| 34 | +| **Assign access to** | **Resource group** | |
| 35 | +| **Members** | **Azure Modeling and Simulation Workbench** | |
| 36 | + |
| 37 | +[!INCLUDE [azure-hpc-workbench-alert](includes/azure-hpc-workbench-alert.md)] |
| 38 | + |
| 39 | +## Create the private network connector |
| 40 | + |
| 41 | +Each chamber can have only one connector. If you have a public IP connector or other type already associated with the target chamber, you must first [delete the connector](#cleaning-up-resources). In the chamber where you want to create a private network connector: |
| 42 | + |
| 43 | +1. Select the **Connector** option in the **Settings** at the left. |
| 44 | + :::image type="content" source="media/howtoguide-private-network/chamber-select-connector.png" alt-text="Screenshot of chamber overview with Connector option outlined in red rectangle."::: |
| 45 | +1. In the **Connector** list screen, select **Create** from the action bar along the top. |
| 46 | + :::image type="content" source="media/howtoguide-private-network/connector-create.png" alt-text="Screenshot of Connector overview page with Create button highlighted in red."::: |
| 47 | +1. On the **Create chamber connector** page, on **Chamber Connector** tab, enter a **Name** for the connector. |
| 48 | +1. Choose whether the copy/paste permission should be enabled for the chamber. You can learn about security boundary implications copy and paste in the [Enable copy/paste in Azure Modeling and Simulation Workbench](how-to-guide-enable-copy-paste.md) article. |
| 49 | +1. Under **Network Access**, select **VPN** in **Connect on-premises network**. |
| 50 | +1. In **Virtual Network**, select the virtual network you designated or created in [Create or designate a virtual network](#create-or-designate-a-virtual-network) earlier. |
| 51 | +1. Select the *default* **Subnet**. |
| 52 | + :::image type="content" source="media/howtoguide-private-network/create-private-network.png" alt-text="Screenshot of chamber connector with VPN and Review+Create button highlighted in red."::: |
| 53 | +1. Select **Review + create**. |
| 54 | +1. If validation passes, select **Create**. Private networking connectors take approximately 30 minutes to deploy. |
| 55 | + |
| 56 | +## Deployed resources |
| 57 | + |
| 58 | +When the Modeling and Simulation Workbench creates a private connector, it deploys the following resources in the same resource group and location as the workbench. |
| 59 | + |
| 60 | +### Network interfaces and private endpoints |
| 61 | + |
| 62 | +Six [network interfaces](/azure/virtual-network/virtual-network-network-interface) (NIC) and corresponding [private endpoints](/azure/private-link/private-endpoint-overview) are created. The NICs are all joined to the private virtual network and subnet specified during setup and given an address on the subnet. The private endpoint connects the NIC to Modeling and Simulation resources hosted in the Microsoft managed environment. The resulting connection becomes part of an [Azure Private Link](/azure/private-link/private-link-overview) service. |
| 63 | + |
| 64 | +* Two connections are created for connection nodes. As users and virtual machines (VM) are added to a chamber, more connection nodes are created. |
| 65 | +* One connection for data in pipeline. |
| 66 | +* One connection for data out pipeline. |
| 67 | +* One connection for load balancer. |
| 68 | +* One connection for user authentication services. |
| 69 | + |
| 70 | +### DNS zones |
| 71 | + |
| 72 | +Modeling and Simulation Workbench creates three private domain name service (DNS) zones for a private network deployment. Each zone corresponds to one of the workbench services for file uploading, file downloading, and desktop connections. No DNS server is created. Administrators must join the zones to their own services. |
| 73 | + |
| 74 | +| Zone | Resolves for | |
| 75 | +|:----------------------------------|:--------------------------------------| |
| 76 | +| mswb.azure.com | Connector desktop dashboard and nodes | |
| 77 | +| privateLink.blob.core.windows.net | Data in pipeline endpoint | |
| 78 | +| privateLink.file.core.windows.net | Data out pipeline endpoint | |
| 79 | + |
| 80 | +## Starting, stopping, or restarting a connector |
| 81 | + |
| 82 | +Connectors are controllable resources that can be stopped, started, restarted as needed. Instructions on how to are included in [Start, stop, and restart chambers, connectors, and VMs](how-to-guide-start-stop-restart.md). Stopping or restarting the connector interrupts desktop services for all users of the chamber. Stopping the connector is required to [idle a chamber](how-to-guide-chamber-idle.md) to reduce consumption costs. |
| 83 | + |
| 84 | +## Cleaning up resources |
| 85 | + |
| 86 | +If you wish to delete the workbench or change the connector type, you must first delete the connector. Child resources must be deleted first. |
| 87 | + |
| 88 | +1. Delete all private endpoints and network interfaces. |
| 89 | +1. Delete virtual network links within each DNS zone. |
| 90 | +1. Delete each DNS zone. |
| 91 | + |
| 92 | +Once those resources are deleted, the connector can be deleted. The virtual network doesn't need to be deleted since it has no dependencies. |
| 93 | + |
| 94 | +## Related content |
| 95 | + |
| 96 | +* [Manage chamber idle mode](how-to-guide-chamber-idle.md) |
| 97 | +* [Export data from Azure Modeling and Simulation Workbench](how-to-guide-download-data.md) |
| 98 | +* [Import data into Azure Modeling and Simulation Workbench](how-to-guide-upload-data.md) |
0 commit comments