Understanding Windows Azure Virtual Network for Windows Azure Node Deployments with Microsoft HPC Pack
Applies To: Microsoft HPC Pack 2012, Microsoft HPC Pack 2012 R2
To connect your on-premises cluster network and the Windows Azure nodes that are deployed through the node template, the cluster administrator can set up the deployment to use a Windows Azure virtual network. For example, you might do this if you are running an application on the Windows Azure nodes that must communicate with an on-premises license server. A Windows Azure virtual network can also help with small data transfers between an on-premises file server and the Windows Azure nodes, connect the Windows Azure nodes with an on-premises Active Directory domain controller, and help enable remote desktop connections to the Windows Azure role instances by non-administrator cluster users.
To set up the deployment to use a Windows Azure virtual network, specify the name of an existing Windows Azure virtual network that is configured in the Windows Azure subscription and, optionally, the names of one or more subnets in the virtual network.
In this topic:
Configure a Windows Azure virtual network for site-to-site connectivity
Example: Connect to an on-premises license server
Additional considerations
Configure a Windows Azure virtual network for site-to-site connectivity
Typically, a network administrator will configure a Windows Azure virtual network. The following are high level tasks to configure a Windows Azure virtual network for HPC Pack 2012 to support secure site-to-site connections between the local (on-premises) network and Windows Azure, using a supported VPN gateway device.
Configure a Windows Azure virtual network in a Windows Azure subscription by using the Windows Azure management tools. To create a virtual network in Windows Azure for the first time, we recommend using the Custom Create wizard in the Management Portal. This wizard creates a network configuration file (.netcfg) for your virtual network. After creation of the first virtual network via the Management Portal, the .netcfg file can be exported and used as a template to creat3 additional virtual networks, if needed.
To enable site-to-site connectivity, specify the site-to-site connectivity option, specify the name of a local network, and configure a gateway subnet. This information will also be used to configure the on-premises VPN device.
Note
Starting with HPC Pack 2012 with SP1, instead of configuring a VPN device, a software VPN gateway can be configured in the on-premises network by using the Routing and Remote Access service in Windows Server 2012. See Additional considerations.
For planning considerations and links to procedures to configure a Windows Azure virtual network, see Configure a Site-to-Site VPN in the Management Portal.
Example: Connect to an on-premises license server
Certain HPC applications require software licenses, and before it can run on Windows Azure nodes, a job might need to connect to on-premises license server running software such as FLEXlm license manager. To enable this, a Windows Azure virtual network can be configured to provide connectivity between the license server and the Windows Azure nodes that are running a licensed application.
The following table lists the general steps to enable connectivity to an on-premises license server, and indicates the organizational roles that might be involved to complete these steps.
Role | Tasks |
---|---|
Enterprise network administrator |
|
HPC cluster administrator |
|
HPC cluster user |
|
For background information on configuring an activation job filter to connect to a license server, see:
Additional considerations
The Windows Azure cloud service, storage account, and virtual network used for the Windows Azure node deployment should be assigned to the same Windows Azure affinity group. This ensures that your Windows Azure services will be located in the same data center. You can create an affinity group either before you create a Windows Azure virtual network or at the time that you create it. For more information, see Create an Affinity Group Using the Management Portal.
Run the Windows Azure Virtual Network Test to validate the Windows Azure virtual networks that are configured in the Windows Azure node templates. For more information, see Understanding Diagnostic Tests.
When you specify a virtual network in a Windows Azure node template, you can optionally select one or more subnets to specify the IP address range of the Windows Azure nodes. If you do not select a subnet, then the Windows Azure nodes automatically receive IP addresses selected from outside the ranges allocated to the existing subnets.
Note
If the address space of the virtual network is completely partitioned into subnets, ensure that you specify a subnet in the node template. If you do not do this, your Windows Azure node deployment will fail because no IP addresses are available for the nodes.
Starting with HPC Pack 2012 with SP1, HPC Pack supports connectivity between Windows Azure and an on-premises network without requiring a VPN hardware device. You can use the Routing and Remote Access service (RRAS) configured in an on-premises server running Windows Server 2012 to connect to a Windows Azure virtual network. To use this, you must create a dynamic-routing Virtual Network Gateway.
Starting with HPC Pack 2012 with SP1, it is not necessary to configure a VPN connection to an on-premises network to use a Windows Azure virtual network. For example, if you deploy an HPC Pack head node on a Windows Azure virtual machine, you can use a Windows Azure virtual network to provide connectivity between the head node and Windows Azure worker nodes that are added as compute resources.
As of HPC Pack 2012 with SP1, HPC Pack does not support configuration of a point-to-site VPN.
See Also
Concepts
Configuring a Windows Azure Node Template for Microsoft HPC Pack
Network Configuration