You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/enable-vmware-cds-with-azure.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
1
---
2
2
title: Enable VMware Cloud director service with Azure VMware Solution (Public Preview)
3
-
description: This article explains how to use Azure VMware Solution to enable enterprise customers to leverage Azure VMware Solution for private clouds underlying resources for virtual datacenters.
3
+
description: This article explains how to use Azure VMware Solution to enable enterprise customers to use Azure VMware Solution for private clouds underlying resources for virtual datacenters.
4
4
ms.topic: how-to
5
5
ms.date: 08/09/2022
6
6
---
7
7
8
8
# Enable VMware Cloud Director service with Azure VMware Solution (Preview)
9
9
10
-
[VMware Cloud Director Service (CDs)](https://docs.vmware.com/en/VMware-Cloud-Director-service/services/getting-started-with-vmware-cloud-director-service/GUID-149EF3CD-700A-4B9F-B58B-8EA5776A7A92.htmlor) with Azure VMware Solution enables enterprise customers, to use APIs or the Cloud Director services portal to self-service provision and manage virtual datacenters through multi-tenancy with reduced time and complexity.
10
+
[VMware Cloud Director Service (CDs)](https://docs.vmware.com/en/VMware-Cloud-Director-service/services/getting-started-with-vmware-cloud-director-service/GUID-149EF3CD-700A-4B9F-B58B-8EA5776A7A92.htmlor) with Azure VMware Solution enables enterprise customers to use APIs or the Cloud Director services portal to self-service provision and manage virtual datacenters through multi-tenancy with reduced time and complexity.
11
11
12
12
In this article, you'll learn how to enable VMware Cloud Director service (CDs) with Azure VMware Solution for enterprise customers to use Azure VMware Solution resources and Azure VMware Solution private clouds with underlying resources for virtual datacenters.
13
13
@@ -23,14 +23,14 @@ VMware Cloud Director supports multi-tenancy by using organizations. A single or
23
23
24
24
## Connect tenants and their organization virtual datacenters to Azure vNet based resources
25
25
26
-
To provide access to vNET based Azure resources, each tenant can have their own dedicated Azure vNET with Azure VPN gateway. A Site-to-site VPN between customer organization VDC and Azure vNET is established. To achieve this connectivity, the provider will provide public IP to the organization VDC. Organization VDC’s Administrator can configure IPSEC VPN connectivity from Cloud Director Service portal.
26
+
To provide access to vNET based Azure resources, each tenant can have their own dedicated Azure vNET with Azure VPN gateway. A Site-to-site VPN between customer organization VDC and Azure vNET is established. To achieve this connectivity, the provider will provide public IP to the organization VDC. Organization VDC’s administrator can configure IPSEC VPN connectivity from Cloud Director Service portal.
27
27
28
28
:::image type="content" source="media/vmware-cds/site-to-site-vpn-diagram.png" alt-text="Diagram showing site to site VPN connection and how CDS is connected with Azure VMware Solution." border="false" lightbox="media/vmware-cds/site-to-site-vpn-diagram-expanded.png":::
29
29
30
30
As shown in the diagram above, Organization 01 has two organization Virtual datacenters (VDCs): VDC1 and VDC2. The virtual datacenter of each organization has its own Azure vNETs connected with their respective organization VDC Edge gateway through IPSEC VPN.
31
-
Providers provide public IP addresses to the organization VDC Edge gateway for IPSEC VPN configuration. ORG VDC Edge gateway’s firewall blocks all traffic by default, specific allow rules needs to be added on Organization Edge gateway firewall.
31
+
Providers provide public IP addresses to the organization VDC Edge gateway for IPSEC VPN configuration. An ORG VDC Edge gateway firewall blocks all traffic by default, specific allow rules needs to be added on Organization Edge gateway firewall.
32
32
33
-
Organization VDCs can be part of a single organization but it still provides isolation between them. For example, VM1 hosted in organization VDC1 cannot ping Azure VM JSVM2 for tenant2.
33
+
Organization VDCs can be part of a single organization and still provide isolation between them. For example, VM1 hosted in organization VDC1 cannot ping Azure VM JSVM2 for tenant2.
34
34
35
35
### Prerequisites
36
36
- Organization VDC is configured with an Edge gateway and has Public IPs assigned to it to establish IPSEC VPN by provider.
@@ -59,7 +59,7 @@ To create an Azure virtual network gateway, see the [create-a-virtual-network-ga
59
59
1. Under **Instance details**, select **Endpoint** as IP address
60
60
1. Add IP address (add Public IP address from tenant’s OrgVDC Edge gateway).
61
61
1. Under **Address space** add **Tenants Org VDC Network**.
62
-
1. Similarly, create Local network gateway for tenant2.
62
+
1. Repeat steps 1-5 to create a local network gateway for tenant 2.
63
63
64
64
### Create IPSEC connection on VPN gateway
65
65
1. Select tenant1 VPN Gateway (created earlier) and then select **Connection** (in left pane) to add new IPSEC connection with tenant1 orgVDC Edge gateway.
@@ -100,15 +100,15 @@ Cloud Director Service supports a policy-based VPN. Azure VPN gateway configures
100
100
1. Select **Finish** to apply configuration.
101
101
102
102
### Apply firewall configuration
103
-
Organization VDC Edge router firewall denies traffic by default. We need to apply specific rules to enable connectivity. Use the following steps to apply firewall rules.
103
+
Organization VDC Edge router firewall denies traffic by default. You'll need to apply specific rules to enable connectivity. Use the following steps to apply firewall rules.
104
104
105
105
1. Add IP set in CDS portal
106
106
1. Log in to Edge router then select **IP SETS** under the **Security** tab in left plane.
107
-
1.Select **New** to create IP sets.
107
+
1.Select **New** to create IP sets.
108
108
1. Enter **Name** and **IP address** of test VM deployed in orgVDC.
109
109
1. Create another IP set for Azure vNET for this tenant.
110
110
2. Apply firewall rules on ORG VDC Edge router.
111
-
1. Under **Edge gateway**, select Edge gateway and then select **firewall** under **services**.
111
+
1. Under **Edge gateway**, select **Edge gateway** and then select **firewall** under **services**.
112
112
1. Select **Edit rules**.
113
113
1. Select **NEW ON TOP** and enter rule name.
114
114
1. Add **source** and **destination** details. Use created IPSET in source and destination.
@@ -121,9 +121,9 @@ Organization VDC Edge router firewall denies traffic by default. We need to appl
121
121
4. Verify IPsec connection
122
122
1. Log in to Azure VM deployed in tenants vNET and ping tenant’s test VM IP address in tenant’s OrgVDC.
123
123
For example, ping VM1 from JSVM1. Similarly, you should be able to ping VM2 from JSVM2.
124
-
1. You can verify isolation between tenants Azure vNETs. Tenant1’s VM1 won't be able to ping Tenant2’s Azure VM JSVM2 in tenant2 Azure vNETs.
124
+
You can verify isolation between tenants Azure vNETs. Tenant1’s VM1 won't be able to ping Tenant2’s Azure VM JSVM2 in tenant2 Azure vNETs.
125
125
126
-
## Connect Tenant’s workload to public Internet
126
+
## Connect Tenant workload to public Internet
127
127
128
128
- Tenants can use public IP to do SNAT configuration to enable Internet access for VM hosted in organization VDC. To achieve this connectivity, the provider can provide public IP to the organization VDC.
129
129
- Each organization VDC can be created with dedicated T1 router (created by provider) with reserved Public & Private IP for NAT configuration. Tenants can use public IP SNAT configuration to enable Internet access for VM hosted in organization VDC.
@@ -150,7 +150,7 @@ Organization VDC Edge router firewall denies traffic by default. We need to appl
150
150
151
151
### Apply firewall rule
152
152
1. Log in to Organization VDC and navigate to **Edge Gateway**, then select **IP set** under security.
153
-
2. Create an IPset. Provide IP address of your VM (you can use CIDR also). Select save.
153
+
2. Create an IPset. Provide IP address of your VM (you can use CIDR also). Select **Save**.
154
154
3. Under **services**, select **Firewall**, then select **Edit rules**.
155
155
4. Select **New ON TOP** and create a firewall rule to allow desired port and destination.
156
156
1. Select the **IPset** your created earlier as source. Under **Action**, select **Allow**.
0 commit comments