Enterprise Scale for Azure VMware Solution

Enterprise Scale for Azure VMware Solution soon to be Azure VMware Solution Landing Zone Accelerator

In this video, from the Azure VMware Solution digital event on March 23, 2022, learn from Sapna Jeswami, Technical Program Manager Microsoft and Prasad Gandham, Principal Program Manager Microsoft about automating onboarding of Azure VMware Solution in your environment.  You can follow along at aka.ms/avs-accelerator

Azure Landing Zones

Azure Landing Zones provides you with of scalability, security and can accelerate your adoption into Azure.  The design guidelines can answer many questions you may already have and help you along the way to a full deployment.  First there is Enterprise-scale Identity and Access Management.  This article goes over identity and access.  For example, creating custom roles vs using the local user cloudadmin (this account is deployed with AVS) and over limiting the number of users who are in the CloudAdmin role for AVS.  It also goes on to show how you can create groups in and use Role Based Access Control to make sure the rights users have proper permissions.

Networking and Connectivity

The next guideline covers Networking topology and connectivity,  I had the pleasure of hosting an Azure Unblogged with Sabine Blair, who is a customer facing engineer, and Mahesh Kshirsagar, a Cloud Solution Architect, going over possible networking topologies and connectivity scenarios in Azure VMware Solution.

We go over, in depth, using ExpressRoute, NSX-T. T0/T1 Routers, Virtual Appliances (NVAs), Azure Route Server and Azure in your environment.  ExpressRoute can be used for enterprise connectivity into Azure but you can also utilize to get started.  VMware admins will already be familiar with NSX-T and T0/T1 routers.  Items like NVA you can use natively or your favorite 3rd party tool

Networking Components for AVSNetworking Components for AVS

The guidance provided will help you establish connectivity to, from, and within AVS whether you are in net-new greenfield AVS deployments, or  extending your existing Azure footprint.

Our discussion highlighted some advanced architecture scenarios such as (but not limited to) hybrid cloud, hub-and-spoke topologies, multi-region disaster (DR) scenarios, and end-to-end traffic inspection requirements. Also, standard features that come with the Azure VMware solution, in addition to, Azure native services many people are leveraging in their design patterns.

Users with internet-facing workloads can have the traffic managed using AVS's default settings in NSX-T, or leverage Azure Native services such as Azure Virtual WAN in a Secured Hub model. You can also leverage existing or newly deployed third party Virtual appliances either hosted in AVS, Azure or On-Premises to inspect traffic flows to and from AVS.

People can take advantage one of Azure's latest services, Azure Route Server, to dynamically inject routes for customers who are leveraging SDWAN and appliances to avoid the overhead that comes with managing user-defined route tables, especially as their environments continue to expand.

Since AVS leverages a dedicated Express Route circuit that users can peer with their on-premises environments over the Microsoft backbone, or create connections to existing Azure gateways, managing BGP sessions is a recurring theme across many AVS architectures which is what ARS (Azure Route Server)  helps to address.

We also discussed how NSX-T is equipped with tier0/tier1 routers users can optimize their traffic within AVS and between workloads by optimizing their tier 1 to avoid performance bottlenecks.

Stay tuned for more guideline videos in this series:  Monitoring, Automation, BCDR and Identity.  Follow along at aka.ms/avs-accelerator

Do you have any network questions or ideas? Let me know with a comment!

 

This article was originally published by Microsoft's Secure Blog. You can find the original article here.