For some, moving into a cloud-only solution is not a feasible option and a hybrid solution is the best solution. In this video Sharon will outline the requirements for a hybrid solution and options that will need to be considered before implementing a hybrid solution, including VPN and gateway requirements.
- [Narrator] In a lot of cases you're probably gonna want to do a Hybrid Infrastructure. Meaning, you're gonna have some of your workloads on premise, and some of your workloads within Azure. A Hybrid Infrastructure tends to be very flexible. You can move your workloads around as required. There are several templates already available in Azure to help build out your infrastructure in Azure. These templates are for single virtual machines, some of the templates are for server farms, and some of them are for RDS. You can definitely migrate your existing workloads into Azure if you care to do so, and you can migrate them back as required.
And the nice thing is here is you can Burst some of those workloads into Azure for those high demand times. This is what a hybrid solution would look like. You will notice that we have several application servers within Azure itself. We have an application server, we have a web front end, some SQL in there, and DC and DNS. And this may be all you need. But if you want to connect to on premise, we're gonna have to add in a couple of additional components. First thing we're gonna need is a VPN Gateway.
This provides connectivity not only for our remote workers, but for our on premise data center. Let's get into a little bit more detail about this VPN Gateway. The VPN Gateway will be created within the virtual network. Each virtual network can have one VPN Gateway. There are two terms you're gonna encounter when it comes to a VPN Gateway. You'll hear site to site and point to site. A site to site is a dedicated connection between your on premise facility and Azure.
You will require a static IP at your VPN appliance on premise. The point to site is for your remote users the general rule of thumb I like to use anybody who's using NAT will require a point to site. The remote users will connect in using a VPN client. You may also have separate virtual networks in Azure for isolation. You can also connect these different virtual networks together as well. For example, you may have a production network, and you may have a test and dev network and you may need to connect those two.
When you create a VPN Gateway within Azure, that generates a static IP for you. That IP allows you access to that entire virtual network. You will require this IP in order to have the site to site or point to site connectivity. A couple of additional components you need to be aware of you will have to create a Gateway subnet within your virtual network within Azure. This Gateway subnet is only for your VPN Gateway. You cannot put VMs within this subnet.
You are also going to need a dedicated VPN appliance on premise. Microsoft has a listing of all the supported appliances plus the operating system version on those appliances. The functionality between these appliances will be slightly different. Please refer to the link in the handouts for this list. Microsoft updates this list. Always always always double check it. For example, I was working with a company who wanted to use their current VPN appliance.
It was listed as a supported appliance but they didn't look far enough to see what the actual limitation list of that appliance and realized after the fact that the appliance was not gonna meet their needs. Again, I can't stress enough, check that list. And here's a tip. If you're just doing a proof of concept and don't want to invest in a dedicated VPN appliance or your VPN appliance does not meet the recommendations you can get away with using a server routing and remote access role for your testing.
It works great. Adding a couple of additional components to your cloud only infrastructure, you can easily create a hybrid solution.
- Understanding cloud technologies
- Why Azure?
- Creating virtual networks and storage
- Using Azure Active Directory for identity management and protection
- Disaster recovery with Azure Backup and Azure Site Recovery
- Working with virtual machines