You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/deploy-azure-vmware-solution.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ In the planning phase, you defined whether to use an *existing* or *new* Express
42
42
43
43
| If | Then |
44
44
| --- | --- |
45
-
| You don't already have a virtual network... | Create the following:<ol><li><ahref="tutorial-configure-networking.md#create-a-vnet-manually">Virtual network</a></li><li><ahref="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><ahref="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><ahref="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol> |
45
+
| You don't already have a virtual network... | Create the following:<ol><li><ahref="tutorial-configure-networking.md#create-a-virtual-network-manually">Virtual network</a></li><li><ahref="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><ahref="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><ahref="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol> |
46
46
| You already have a virtual network **without** a GatewaySubnet... | Create the following: <ol><li><ahref="../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md#create-the-gateway-subnet">GatewaySubnet</a></li><li><ahref="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><ahref="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol> |
47
47
| You already have a virtual network **with** a GatewaySubnet... | Create the following: <ol><li><ahref="tutorial-configure-networking.md#create-a-virtual-network-gateway">Virtual network gateway</a></li><li><ahref="tutorial-configure-networking.md#connect-expressroute-to-the-virtual-network-gateway">Connect ExpressRoute to the gateway</a></li></ol> |
Copy file name to clipboardExpand all lines: articles/azure-vmware/enable-vmware-cds-with-azure.md
+36-36Lines changed: 36 additions & 36 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,7 +20,7 @@ The following diagram shows typical architecture for Cloud Director services wit
20
20
21
21
:::image type="content" source="media/vmware-cds/reference-architecture-diagram.png" alt-text="Diagram showing typical architecture and how VMware Cloud Director service is connected with Azure VMware Solution." border="false" lightbox="media/vmware-cds/reference-architecture-diagram.png":::
22
22
23
-
VMware Cloud Director supports multi-tenancy by using organizations. A single organization can have multiple organization virtual data centers (VDC). Each Organization’s VDC can have their own dedicated Tier-1 router (Edge Gateway) which is further connected with the provider managed shared Tier-0 router.
23
+
VMware Cloud Director supports multi-tenancy by using organizations. A single organization can have multiple organization virtual data centers (VDC). Each Organization's VDC can have their own dedicated Tier-1 router (Edge Gateway) which is further connected with the provider managed shared Tier-0 router.
24
24
25
25
[Learn more about CDs on Azure VMware Solutions reference architecture](https://cloudsolutions.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/cloud-director-service-reference-architecture-for-azure-vmware-solution.pdf)
26
26
@@ -37,17 +37,17 @@ Organization VDCs can be part of a single organization and still provide isolati
37
37
38
38
### Prerequisites
39
39
- Organization VDC is configured with an Edge gateway and has Public IPs assigned to it to establish IPSEC VPN by provider.
40
-
- Tenants created a routed Organization VDC network in tenant’s virtual datacenter.
40
+
- Tenants created a routed Organization VDC network in tenant's virtual datacenter.
41
41
- Test VM1 and VM2 are created in the Organization VDC1 and VDC2 respectively. Both VMs are connected to the routed orgVDC network in their respective VDCs.
42
-
- Have a dedicated [Azure VNet](tutorial-configure-networking.md#create-a-vnet-manually) configured for each tenant. For this example, we created Tenant1-VNet and Tenant2-VNet for tenant1 and tenant2 respectively.
42
+
- Have a dedicated [Azure VNet](tutorial-configure-networking.md#create-a-virtual-network-manually) configured for each tenant. For this example, we created Tenant1-VNet and Tenant2-VNet for tenant1 and tenant2 respectively.
43
43
- Create an [Azure Virtual network gateway](tutorial-configure-networking.md#create-a-virtual-network-gateway) for VNETs created earlier.
44
44
- Deploy Azure VMs JSVM1 and JSVM2 for tenant1 and tenant2 for test purposes.
45
45
46
46
> [!Note]
47
47
> VMware Cloud Director service supports a policy-based VPN. Azure VPN gateway configures route-based VPN by default and to configure policy-based VPN policy-based selector needs to be enabled.
48
48
49
49
### Configure Azure VNet
50
-
Create the following components in tenant’s dedicated Azure VNet to establish IPSEC tunnel connection with the tenant’s ORG VDC Edge gateway.
50
+
Create the following components in tenant's dedicated Azure VNet to establish IPSEC tunnel connection with the tenant's ORG VDC Edge gateway.
51
51
- Azure Virtual network gateway
52
52
- Local network gateway.
53
53
- Add IPSEC connection on VPN gateway.
@@ -57,12 +57,12 @@ Create the following components in tenant’s dedicated Azure VNet to establish
57
57
To create an Azure virtual network gateway, see the [create-a-virtual-network-gateway tutorial](tutorial-configure-networking.md#create-a-virtual-network-gateway).
58
58
59
59
### Create local network gateway
60
-
1.Sign in to the Azure portal and select **Local network gateway** from marketplace and then select **Create**.
61
-
1.Local Network Gateway represents remote end site details. Therefore provide tenant1 OrgVDC public IP address and orgVDC Network details to create local end point for tenant1.
62
-
1.Under **Instance details**, select **Endpoint** as IP address
63
-
1.Add IP address (add Public IP address from tenant’s OrgVDC Edge gateway).
1.Repeat steps 1-5 to create a local network gateway for tenant 2.
60
+
1.Sign in to the Azure portal and select **Local network gateway** from marketplace and then select **Create**.
61
+
1.Local Network Gateway represents remote end site details. Therefore provide tenant1 OrgVDC public IP address and orgVDC Network details to create local end point for tenant1.
62
+
1.Under **Instance details**, select **Endpoint** as IP address
63
+
1.Add IP address (add Public IP address from tenant's OrgVDC Edge gateway).
1.Repeat steps 1-5 to create a local network gateway for tenant 2.
66
66
67
67
### Create IPSEC connection on VPN gateway
68
68
1. Select tenant1 VPN Gateway (created earlier) and then select **Connection** (in left pane) to add new IPSEC connection with tenant1 orgVDC Edge gateway.
@@ -71,8 +71,8 @@ To create an Azure virtual network gateway, see the [create-a-virtual-network-ga
71
71
|**Name**|**Connection**|
72
72
|:---------- | :--------------|
73
73
| Connection Type | Site to Site |
74
-
| VPN Gateway | Tenant’s VPN Gateway |
75
-
| Local Network Gateway | Tenant’s Local Gateway |
74
+
| VPN Gateway | Tenant's VPN Gateway |
75
+
| Local Network Gateway | Tenant's Local Gateway |
76
76
| PSK | Shared Key (provide a password) |
77
77
| IKE Protocol | IKEV2 (ORG-VDC is using IKEv2) |
78
78
@@ -98,31 +98,31 @@ VMware Cloud Director service supports a policy-based VPN. Azure VPN gateway con
98
98
>[!Note]
99
99
> VPN tunnel won't establish if these settings were mismatched.
100
100
1. Under **Peer Authentication Mode**, provide the same preshared key that is used at the Azure VPN gateway.
101
-
1. Under **Endpoint configuration**, add the Organization’s public IP and network details in local endpoint and Azure VNet details in remote endpoint configuration.
101
+
1. Under **Endpoint configuration**, add the Organization's public IP and network details in local endpoint and Azure VNet details in remote endpoint configuration.
102
102
1. Under **Ready to complete**, review applied configuration.
103
103
1. Select **Finish** to apply configuration.
104
104
105
105
### Apply firewall configuration
106
106
Organization VDC Edge router firewall denies traffic by default. You need to apply specific rules to enable connectivity. Use the following steps to apply firewall rules.
107
107
108
-
1.Add IP set in VMware Cloud Director service portal
109
-
1.Sign in to Edge router then select **IP SETS** under the **Security** tab in left plane.
108
+
1.Add IP set in VMware Cloud Director service portal
109
+
1.Sign in to Edge router then select **IP SETS** under the **Security** tab in left plane.
110
110
1. Select **New** to create IP sets.
111
-
1.Enter **Name** and **IP address** of test VM deployed in orgVDC.
112
-
1.Create another IP set for Azure VNet for this tenant.
113
-
2.Apply firewall rules on ORG VDC Edge router.
111
+
1.Enter **Name** and **IP address** of test VM deployed in orgVDC.
112
+
1.Create another IP set for Azure VNet for this tenant.
113
+
2.Apply firewall rules on ORG VDC Edge router.
114
114
1. Under **Edge gateway**, select **Edge gateway** and then select **firewall** under **services**.
115
-
1.Select **Edit rules**.
116
-
1.Select **NEW ON TOP** and enter rule name.
115
+
1.Select **Edit rules**.
116
+
1.Select **NEW ON TOP** and enter rule name.
117
117
1. Add **source** and **destination** details. Use created IPSET in source and destination.
118
118
1. Under **Action**, select **Allow**.
119
-
1.Select **Save** to apply configuration.
120
-
3.Verify tunnel status
121
-
1.Under **Edge gateway** select **Service**, then select **IPSEC VPN**,
119
+
1.Select **Save** to apply configuration.
120
+
3.Verify tunnel status
121
+
1.Under **Edge gateway** select **Service**, then select **IPSEC VPN**,
122
122
1. Select **View statistics**.
123
123
Status of tunnel should show **UP**.
124
-
4.Verify IPsec connection
125
-
1.Sign in to Azure VM deployed in tenants VNet and ping tenant’s test VM IP address in tenant’s OrgVDC.
124
+
4.Verify IPsec connection
125
+
1.Sign in to Azure VM deployed in tenants VNet and ping tenant's test VM IP address in tenant's OrgVDC.
126
126
For example, ping VM1 from JSVM1. Similarly, you should be able to ping VM2 from JSVM2.
127
127
You can verify isolation between tenants Azure VNets. Tenant 1 VM1 can't ping Tenant 2 Azure VM JSVM2 in tenant 2 Azure VNets.
128
128
@@ -135,21 +135,21 @@ You can verify isolation between tenants Azure VNets. Tenant 1 VM1 can't ping Te
135
135
- OrgVDC Edge has default DENY ALL firewall rule. Organization administrators need to open appropriate ports to allow access through the firewall by adding a new firewall rule. Virtual machines configured on such OrgVDC network used in SNAT configuration should be able to access the Internet.
136
136
137
137
### Prerequisites
138
-
1.Public IP is assigned to the organization VDC Edge router.
138
+
1.Public IP is assigned to the organization VDC Edge router.
139
139
To verify, sign in to the organization's VDC. Under **Networking**> **Edges**, select **Edge Gateway**, then select **IP allocations** under **IP management**. You should see a range of assigned IP address there.
140
-
2.Create a routed Organization VDC network. (Connect OrgvDC network to the Edge gateway with public IP address assigned)
141
-
140
+
2.Create a routed Organization VDC network. (Connect OrgvDC network to the Edge gateway with public IP address assigned)
141
+
142
142
### Apply SNAT configuration
143
-
1.Sign in to Organization VDC. Navigate to your Edge gateway and then select **NAT** under **Services**.
144
-
2.Select **New** to add new SNAT rule.
145
-
3.Provide **Name** and select **Interface type** as SNAT.
146
-
4.Under **External IP**, enter public IP address from public IP pool assigned to your orgVDC Edge router.
147
-
5.Under **Internal IP**, enter IP address for your test VM.
143
+
1.Sign in to Organization VDC. Navigate to your Edge gateway and then select **NAT** under **Services**.
144
+
2.Select **New** to add new SNAT rule.
145
+
3.Provide **Name** and select **Interface type** as SNAT.
146
+
4.Under **External IP**, enter public IP address from public IP pool assigned to your orgVDC Edge router.
147
+
5.Under **Internal IP**, enter IP address for your test VM.
148
148
This IP address is one of the orgVDC network IP assigned to the VM.
149
-
6.**State** should be enabled.
150
-
7.Under **Priority**, select a higher number.
149
+
6.**State** should be enabled.
150
+
7.Under **Priority**, select a higher number.
151
151
For example, 4096.
152
-
8.Select **Save** to save the configuration.
152
+
8.Select **Save** to save the configuration.
153
153
154
154
### Apply firewall rule
155
155
1. Sign in to Organization VDC and navigate to **Edge Gateway**, then select **IP set** under security.
1.Navigate to the virtual network gateway you plan to use and select **Connections** > **+ Add**.
18
+
1.Go to the virtual network gateway that you plan to use, and then select **Connections** > **+ Add**.
20
19
21
-
1. On the **Add connection**page, provide values for the fields, and select **OK**.
20
+
1. On the **Add connection**pane, provide the following values, and then select **OK**.
22
21
23
22
| Field | Value |
24
23
| --- | --- |
25
24
|**Name**| Enter a name for the connection. |
26
25
|**Connection type**| Select **ExpressRoute**. |
27
-
|**Redeem authorization**| Ensure this box is selected. |
28
-
|**Virtual network gateway**| The virtual network gateway you intend to use. |
29
-
|**Authorization key**| Paste the authorization key you copied earlier. |
30
-
|**Peer circuit URI**| Paste the ExpressRoute ID you copied earlier. |
26
+
|**Redeem authorization**| Ensure that this checkbox is selected. |
27
+
|**Virtual network gateway**| The value is prepopulated with the virtual network gateway that you intend to use. |
28
+
|**Authorization key**| Paste the authorization key that you copied earlier. |
29
+
|**Peer circuit URI**| Paste the ExpressRoute ID that you copied earlier. |
31
30
32
-
:::image type="content" source="../media/tutorial-configure-networking/add-connection.png" alt-text="Screenshot shows the Add connection page to connect ExpressRoute to the virtual network gateway.":::
31
+
:::image type="content" source="../media/tutorial-configure-networking/add-connection.png" alt-text="Screenshot that shows the pane for adding an ExpressRoute connection to a virtual network gateway.":::
33
32
34
-
The connection between your ExpressRoute circuit and your Virtual Network is created.
33
+
A status of **Succeeded** indicates that you finished creating the connection between your ExpressRoute circuit and your virtual network.
Copy file name to clipboardExpand all lines: articles/azure-vmware/includes/disk-pool-planning-note.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Disk pool planning note for vNet
3
-
description: Important note about the importance of deploying a vNet closer to Azure VMware Solution hosts.
2
+
title: Disk pool planning note for virtual networks
3
+
description: Information about the importance of deploying a virtual network closer to Azure VMware Solution hosts.
4
4
ms.topic: include
5
5
ms.service: azure-vmware
6
6
ms.date: 1/03/2024
@@ -15,4 +15,4 @@ ms.custom: engagement-fy23
15
15
---
16
16
17
17
18
-
If you plan to scale your Azure VMware Solution hosts using [Azure NetApp Files datastores](../attach-azure-netapp-files-to-azure-vmware-solution-hosts.md), deploying the vNet close to your hosts with an ExpressRoute virtual network gateway is crucial. The closer the storage is to your hosts, the better the performance.
18
+
If you plan to scale your Azure VMware Solution hosts by using [Azure NetApp Files datastores](../attach-azure-netapp-files-to-azure-vmware-solution-hosts.md), deploying the virtual network close to your hosts with an ExpressRoute virtual network gateway is crucial. The closer the storage is to your hosts, the better the performance.
title: Request an authorization key for ExpressRoute
3
3
description: Steps to request an authorization key for ExpressRoute.
4
4
ms.topic: include
5
5
ms.service: azure-vmware
@@ -11,15 +11,18 @@ ms.custom: engagement-fy23
11
11
12
12
<!-- used in tutorial-expressroute-global-reach-private-cloud.md and create-ipsec-tunnel.md -->
13
13
14
-
1. In the Azure portal, navigate to the Azure VMware Solution private cloud. Select **Manage** > **Connectivity** > **ExpressRoute** and then select **+ Request an authorization key**.
14
+
1. In the Azure portal, go to the Azure VMware Solution private cloud.
15
15
16
-
:::image type="content" source="../media/expressroute-global-reach/start-request-authorization-key.png" alt-text="Screenshot shows how to request an ExpressRoute authorization key." border="true" lightbox="../media/expressroute-global-reach/start-request-authorization-key.png":::
16
+
1. Under **Manage**, select **Connectivity**.
17
17
18
-
1.Provide a name for it and select **Create**.
18
+
1.Select the **ExpressRoute** tab, and then select **+ Request an authorization key**.
19
19
20
-
It can take about 30 seconds to create the key. Once created, the new key appears in the list of authorization keys for the private cloud.
20
+
:::image type="content" source="../media/expressroute-global-reach/start-request-authorization-key.png" alt-text="Screenshot that shows selections for requesting an ExpressRoute authorization key." border="true" lightbox="../media/expressroute-global-reach/start-request-authorization-key.png":::
21
21
22
-
:::image type="content" source="../media/expressroute-global-reach/show-global-reach-auth-key.png" alt-text="Screenshot shows the ExpressRoute Global Reach authorization key." lightbox="../media/expressroute-global-reach/show-global-reach-auth-key.png":::
23
-
24
-
1. Copy the authorization key and ExpressRoute ID. You need them to complete the peering. The authorization key disappears after some time, so copy it as soon as it appears.
22
+
1. Provide a name for the authorization key, and then select **Create**.
25
23
24
+
It can take about 30 seconds to create the key. After the key is created, it appears in the list of authorization keys for the private cloud.
25
+
26
+
:::image type="content" source="../media/expressroute-global-reach/show-global-reach-auth-key.png" alt-text="Screenshot that shows the ExpressRoute Global Reach authorization key." lightbox="../media/expressroute-global-reach/show-global-reach-auth-key.png":::
27
+
28
+
1. Copy the authorization key and the ExpressRoute ID. You need them to complete the peering. The authorization key disappears after some time, so copy it as soon as it appears.
0 commit comments