Azure Virtual WAN in 13 minutes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi this is liam cloud solution architect for microsoft this week i got an opportunity to start using azure virtual one and i was honestly genuinely quite impressed by it so i thought i'd record a video to share what i've learned and hopefully make it more clear as to what it is why you would want to use it and why you might even like why you might not want to use it so without further ado i'll do a quick explanation as to what it is and then i'll move on to a demo of a virtual one that i created and i think that will paint a clear picture as to what it uh what this technology can do for not for an organization so what virtual one is is behind the scenes it's a collection of our existing technologies that's presented in a very uh packaged way to offer a global wide area network to our organization all right global wide area network what's that it's a way of connecting your organization together previously you might have used technologies like mpls or sd1 and this is a form of sd-wan but it's got some azure sql secret sauce sprinkled on top um so what does it do it in in plain english what it does is it connects your branch offices your headquarter your larger offices your remote users your azure virtual networks all together through azure using azure as your global transit network so you get the second largest network in the world which is the microsoft network as a way of uh transiting your traffic both through azure so azure to azure but then also branch office to branch office remote users to branch office hq to remote users it and also out to the internet it is really any to any communication and that's what you get by default uh you can obviously lock it down in certain ways so you may not want your remote users to i don't know access a particular branch office you can control all of that using azure firewall so if i scroll down a little bit you can actually see we've got this concept of something called a virtual one hub in an azure region so if we take let's say west europe as an as your region you can deploy a virtual one hub into that region you can also deploy another hub let's say east us and connect them together using the hope to hope connection geographically you want to connect to the the regional hub that's closest to you so if you've got a branch office in new york you'll connect that to the east u.s virtual one hub hopefully that makes sense same thing remote users we can have point-to-site connections to a local hub once they're connected in over point-to-site by default they can access everything you know which is which is fantastic this is what customers have really been asking for and this stem demonstrates it's a bit of a busy diagram but it demonstrates the any to any connectivity so that's the theory let's get into the reality so what i did the other day whilst i was exploring this technology is i created a resource group and i first of all i deployed virtual one as a resource so if i go into virtual one this thing it deploys in seconds and by default out the box it doesn't deploy anything else it just deploys virtual one without any hubs without any side-to-side connections any of that so i deployed it and as you can see you get presented here with a map there's three dots here because i've deployed three regional hubs so i've got one in west europe one in east u.s one in east asia this is quite reflective of some global customers we'd have we'd imagine that they would have a number of regional hubs as they operate around the world so again if we go back to the previous video uh video i want to say diagram you can see here that you make connections into the hub so let's have a look how that actually works so as we can see on the left hand side we've got connectivity we've got hubs which are these things here we've got vpn sites so these are our on-premise locations so these could be our branch offices they could be our headquarters we've got user vpn configurations which is your point-to-site network we've got express route circuits and virtual network connections so virtual network connections is actually how you connect an azure virtual network to a regional hub so if you've used v-net peering before this is quite similar and but you have to do it from within this user interface and not through the peering interface so if we expand let's say west europe we can see here already there's three virtual networks connected to it so we can see we've got an application spoke one virtual network application sport 2 and a shared services virtual network to make a connection you just go here you give it a name you pick which hope you want to connect it to and then you can select the virtual network which you want to connect it only takes a couple of seconds really to connect it so now that they're connected to the virtual hub basically these three virtual networks can talk to each other we've got hub to hub connectivity so east us hope can talk to west us hope so effectively these three v-nets can talk to these three minutes and these two v-nets can talk to these six v-nets so all of these v-nets by default can talk to each other so now we've really got a global network um across azure but this all lives on azure what about the people who live in branch offices this is something i wasn't able to set up because i don't have a branch office but effectively you can create a site which represents one one of your branch offices that creates a vpn configuration which would load onto your vpn device uh if you've got things like cisco or silver peak that those are actually supported out of the box i think we've got some partners down here uh maybe not but yes there are a number of partners who support virtual one and give you a really nice out-of-the-box experience but effect as long as it's uh supports things like ik ike v2 um vpn connectivity even the ones who are not currently partners you'll still be able to connect it but you'll have to do a bit more configuration so um same thing if you've got a hey like a let's say a headquarters or a data center where you may have express route connectivity you can connect expressroute premium circuits into one of your regional hubs thereby connecting it up to your virtual one so it makes let's if you think about it it kind of creates like a big flat network where all of your company can talk to all of your company now you can you can disable you you might think okay that's great but i might not want particular branches to talk to other branches you can disable branch to branch connectivity altogether which basically means vpn sites cannot talk to other vpn sites and we've also got a azure firewall in the mix here as well which they're they're actually called secure hubs now so we can see we've got three firewalls and we've got the firewall manager in preview what this does it allows us to have a centralized control plane across our firewalls the firewalls get deployed into the regional hubs so i think that's represented quite well here so we can see this is the regional hub there's a firewall and there's a firewall here so for each of my three regional hubs i've got three firewalls now i might globally want to whitelist or blacklist certain uh let's say external websites from from firewalls previously i would have had to manage that so if i had 10 firewalls i'd have to apply that rule to each firewall now we can do it through the file manager which makes things a lot simpler so if we go into rules i've actually settled by rule so i've got some approved websites so we've got github azure microsoft and bing very microsoft centric but there you go so these are the four sites that are allowed and they're applied to all three of my firewalls so any uh virtual machine that's routed through the firewall any v-net that's routed through the firewall will get these rules applied so to actually test all of this what i've done is i've deployed three virtual machines and let's have a look at the top here there we go so i've got a virtual machine in the united states i've got one in west europe and i've got one in this one's actually in east asia as we can see over here so if i try and connect to let's say the united states i'm going to connect over rdp and the way i'm able to connect bear in mind that this is a private ip address i'm not using just in time access i'm not using bastion i'm using my point-to-site connection which is connected directly into the western europe hub so my path is i'm at home i'm connecting into the west europe hub i'm using hub tube connectivity to get to the east us hub and that's period with a virtual network where this vnet is so like i said it's kind of like a flat network once you can get into the virtual one you'll be able to traverse your your company's network which is which is great and so let's connect so i'm just going to pop my password in let's make sure and he remember me so that message was because it was already connected so as you can see i'm actually connected now into a virtual machine which is in east u.s azure region from my current location which is near london in the united kingdom and let's try a different one so let's try west europe which is a little bit closer same thing rdp again this won't work if i'm disconnected from a point-to-site connection so if i disconnect here then try to connect it won't work which is expected because i cannot talk to my virtual one because i'm not traversing the point of sight connection so i'm going to cancel that and i'm going to reconnect connection only takes a couple of seconds as you can see here these are all the roots that have been propagated down so these routes are basically the address ranges of my azure v-nets this is all done through bgp i don't have to configure any static routes or anything like that which is a big ask for some of our customers so these routes get learned automatically as i add new v-nets and these roots will get added in once i disconnect and reconnect so let's try and connect again let's try and type the password in properly there we go and again that was already connected which is why we saw that message but here we go now i deployed this into western europe which is actually in amsterdam so uh yeah i probably should have put a european union flag here but there you go so just to review what we just saw so um if this user represents me i'm in london i use the point-to-site vpn to connect into my local hub my local hub in this instance was in west europe first i connected to a west u.s vm so i started off here connected over point to site went over the hub tub connection to my east us hub and then over appearing to a virtual network that contained the vm i i was able to connect the second one i connected the same way in that i went over the point site vpn but this time i went into a v-net that contained my west europe vm which was one of the locally connected hubs so thereby i demonstrated how we can show hubtop connectivity to virtual networks and also to virtual networks that are connected to the regional hub so it's worth noting that there are a couple of elements of this that are still in preview so the hope to hope connectivity is still currently in preview also is the firewall manager which i briefly demold as well so it's worth bearing that in mind uh that a couple of the functionalities uh use cases we saw uses uh preview functionality but if you've got a single region that you wanted to leverage without using the firewall manager you could do that today which is globally generally available let's say and with these other features coming coming out soon so hopefully that made it clear and certainly that was a day's worth of work to get to that point for me to understand all of this but uh yes hopefully this could dense it down a little bit so you can understand uh what this not technology is and you know why customers might want to use it um and yeah if there are any questions on this feel free to reach out to me and i'll try my best to help thanks
Info
Channel: Liam F. O’Neill
Views: 1,620
Rating: undefined out of 5
Keywords: BodyBuilding, Health, Fitness, Wellbeing, Nutrition, Fat Loss, Coachng Weight Loss
Id: Z_Tws1b_gI0
Channel Id: undefined
Length: 13min 11sec (791 seconds)
Published: Sun Jul 05 2020
Related Videos
Microsoft Azure Master Class Part 6 - Networking
John Savill's Technical Training
56K
Azure Virtual Wan Demo. Connect your remote offices, data centers, users, vnets with Virtual WAN
AnubhavinIT
2.8K
Azure Virtual WAN demystified | whiteboarding session
Marc Kean
15K
Configure Azure Point To Site (P2S) VPN Configuration
TechWithPri
544
Azure Landing Zones Overview
John Savill's Technical Training
28K
Check Point route-based VPN to Azure VWAN
David Buchweitz
845
Azure Backup 01, Overview and Implementation
Travis Roberts
27K
How to convert Azure vWAN HUB to a Secured Hub - Azure Virtual WAN (Part 3)
Karim Fahmy
1.3K
Azure Security Center and Azure Sentinel Overview (AZ-500)
John Savill's Technical Training
37K
Azure Application Insights Tutorial | Amazing telemetry service
Adam Marczak - Azure for Everyone
80K
Step-by-Step Deploy Azure Virtual Machines In Availability Set
K21Academy
10K
Azure Virtual WAN (Part 1)
Karim Fahmy
1.1K
Going Multi-Cloud with Terraform and Nomad
HashiCorp
5.3K
Architect hybrid networking with Azure Virtual WAN and SD-WAN
Microsoft Azure
9.3K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.