Edit

Tutorial: Configure networking for your VMware private cloud in Azure

  • Article

An Azure VMware Solution private cloud requires an Azure Virtual Network. Because Azure VMware Solution doesn't support your on-premises vCenter Server, you need to do extra steps to integrate with your on-premises environment. Setting up an ExpressRoute circuit and a virtual network gateway is also required.

If you plan to scale your Azure VMware Solution hosts using Azure NetApp Files datastores, deploying the vNet close to your hosts with an ExpressRoute virtual network gateway is crucial. The closer the storage is to your hosts, the better the performance.

In this tutorial, you learn how to:

  • Create a virtual network
  • Create a virtual network gateway
  • Connect your ExpressRoute circuit to the gateway

Note

Before you create a new virtual network (vNet), evaluate if you already have an existing vNet in Azure and plan to use it to connect to Azure VMware Solution; or whether to create a new vNet entirely.

Connect with the Azure vNet connect feature

You can use the Azure vNet connect feature to use an existing vNet or create a new vNet to connect to Azure VMware Solution. Azure vNet connect is a function to configure vNet connectivity, it doesn't record configuration state; browse the Azure portal to check what settings are already configured.

Note

Address space in the vNet cannot overlap with the Azure VMware Solution private cloud CIDR.

Prerequisites

Before you select an existing vNet, there are specific requirements that must be met.

  1. vNet must contain a gateway subnet.
  2. Be in the same region as Azure VMware Solution private cloud.
  3. Be in the same resource group as Azure VMware Solution private cloud.
  4. vNet must contain an address space that doesn't overlap with Azure VMware Solution.
  5. Validate solution design is within Azure VMware Solution limits (Microsoft technical documentation/azure/azure-resource-manager/management/azure-subscription-service-limits).

Select an existing vNet

When you select an existing vNet, the Azure Resource Manager (ARM) template that creates the vNet and other resources gets redeployed. The resources, in this case, are the public IP, gateway, gateway connection, and ExpressRoute authorization key. If everything is set up, the deployment doesn't change anything. However, if anything is missing, it gets created automatically. For example, if the GatewaySubnet is missing, then it gets added during the deployment.

  1. In your Azure VMware Solution private cloud, under Manage, select Connectivity.

  2. Select the Azure vNet connect tab and then select the existing vNet.

    Screenshot showing the Azure vNet connect tab under Connectivity with an existing vNet selected.

  3. Select Save.

    At this point, the vNet validates if overlapping IP address spaces between Azure VMware Solution and vNet are detected. If detected, change the network address of either the private cloud or the vNet so they don't overlap.

Create a new vNet

When you create a new vNet, the required components to connect to Azure VMware Solution are automatically created.

  1. In your Azure VMware Solution private cloud, under Manage, select Connectivity.

  2. Select the Azure vNet connect tab and then select Create new.

    Screenshot showing the Azure vNet connect tab under Connectivity.

  3. Provide or update the information for the new vNet and then select OK.

    At this point, the vNet validates if overlapping IP address spaces between Azure VMware Solution and vNet are detected. If detected, change the private cloud or vNet's network address so they don't overlap.

    Screenshot showing the Create virtual network window.

The vNet with the provided address range and GatewaySubnet is created in your subscription and resource group.

Connect to the private cloud manually

Create a vNet manually

  1. Sign in to the Azure portal.

    Note

    If you need access to the Azure US Gov portal, go to https://portal.azure.us/

  2. Navigate to the resource group you created in the create a private cloud tutorial and select + Add to define a new resource.

  3. In the Search the Marketplace text box, type Virtual Network. Find the Virtual Network resource and select it.

  4. On the Virtual Network page, select Create to set up your virtual network for your private cloud.

  5. On the Create Virtual Network page, enter the details for your virtual network.

  6. On the Basics tab, enter a name for the virtual network, select the appropriate region, and select Next : IP Addresses.

  7. On the IP Addresses tab, under IPv4 address space, enter the address space you created in the previous tutorial.

    Important

    You must use an address space that does not overlap with the address space you used when you created your private cloud in the preceding tutorial.

  8. Select + Add subnet, and on the Add subnet page, give the subnet a name and appropriate address range. When complete, select Add.

  9. Select Review + create.

    Screenshot showing the settings for the new virtual network.

  10. Verify the information and select Create. Once the deployment is complete, you see your virtual network in the resource group.

Create a virtual network gateway

Now that you created a virtual network, create a virtual network gateway.

  1. In your resource group, select + Add to add a new resource.

  2. In the Search the Marketplace text box, type Virtual network gateway. Find the Virtual Network resource and select it.

  3. On the Virtual Network gateway page, select Create.

  4. On the Basics tab of the Create virtual network gateway page, provide values for the fields, and then select Review + create.

    Field Value
    Subscription Prepopulated value with the Subscription to which the resource group belongs.
    Resource group Prepopulated value for the current resource group. Value should be the resource group you created in a previous test.
    Name Enter a unique name for the virtual network gateway.
    Region Select the geographical location of the virtual network gateway.
    Gateway type Select ExpressRoute.
    SKU Select the gateway SKU appropriate for your workload.
    For Azure NetApp Files datastores, select UltraPerformance or ErGw3Az.
    Virtual network Select the virtual network you created previously. If you don't see the virtual network, make sure the gateway's region matches the region of your virtual network.
    Gateway subnet address range This value is populated when you select the virtual network. Don't change the default value.
    Public IP address Select Create new.

    Screenshot showing the details for the virtual network gateway.

  5. Verify that the details are correct, and select Create to start your virtual network gateway deployment.

  6. Once the deployment completes, move to the next section to connect your ExpressRoute connection to the virtual network gateway containing your Azure VMware Solution private cloud.

Connect ExpressRoute to the virtual network gateway

Now that you deployed a virtual network gateway, add a connection between it and your Azure VMware Solution private cloud.

  1. Request an ExpressRoute authorization key:

    1. In the Azure portal, navigate to the Azure VMware Solution private cloud. Select Manage > Connectivity > ExpressRoute and then select + Request an authorization key.

      Screenshot shows how to request an ExpressRoute authorization key.

    2. Provide a name for it and select Create.

      It can take about 30 seconds to create the key. Once created, the new key appears in the list of authorization keys for the private cloud.

      Screenshot shows the ExpressRoute Global Reach authorization key.

    3. Copy the authorization key and ExpressRoute ID. You need them to complete the peering. The authorization key disappears after some time, so copy it as soon as it appears.

  2. Navigate to the virtual network gateway you plan to use and select Connections > + Add.

  3. On the Add connection page, provide values for the fields, and select OK.

    Field Value
    Name Enter a name for the connection.
    Connection type Select ExpressRoute.
    Redeem authorization Ensure this box is selected.
    Virtual network gateway The virtual network gateway you intend to use.
    Authorization key Paste the authorization key you copied earlier.
    Peer circuit URI Paste the ExpressRoute ID you copied earlier.

    Screenshot shows the Add connection page to connect ExpressRoute to the virtual network gateway.

The connection between your ExpressRoute circuit and your Virtual Network is created.

Screenshot shows a successful virtual network gateway connection.

Next steps

In this tutorial, you learned how to:

  • Create a Virtual Network using the vNet Connect Feature
  • Create a Virtual Network Manually
  • Create a Virtual Network gateway
  • Connect your ExpressRoute circuit to the gateway

Continue to the next tutorial to learn how to create the NSX-T network segments used for VMs in vCenter Server.

Create an NSX-T network segment