Azure VMware Solution

Production-2 Resource Group

VNet Peering VNet Peering

Azure Services

Hub VNet

Spoke VNet

Virtual Network (VNet)

Production-1 Resource Group

Production-3 Resource Group Production-4 Resource Group

GatewaySubnet Virtual Machine Azure Firewall Azure Route Server

API ManagementServices

Web AppFirewall

AzureBackup

Azure File Sync

Azure BlobStorage

Load Balancers Azure ActiveDirectory

DNS Zones

Spoke VNet

Azure IoTHub

Azure KubernetesService

Private Cloud Deployment Options:• Azure Portal• Azure Resource Manager Template• Azure PowerShell• Azure CLI

Global Reach

Azure Express Route to on-premises data center

SQL Databases

Azure Sentinel

Microsoft Enterprise Edge (MSEE)

Dedicated Microsoft Enterprise Edge (D-MSEE)

Azure ExpressRoute to Azure VMware Solution

AzureExpressRoute

Console

Internet

Roles and Responsibilities Firewall Rules

Planning and Deployment

Legend

Deployment and Connectivity

Azure VMware Solution Logical Design

Copyright © 2021 VMware Inc. All rights reserved. https://via.vmw.com/avstechzone | https://www.vmware.com/cloud-solutions/azure.html

vSAN, VMFS

Fiber ChannelNFS, iSCSI

Storage

NSX-V, NSX-T

vSphere Distributed Switch

vSphere Standard Switch

Network

Internet

Windows Server/Service

ExpressRoute ExpressRoute Global Reach

Linux Server/Service VMware Appliance Microsoft Managed

Customer Managed

AVSEdge Router NSX-T (T0)

ESXi Host 1 ESXi Host 2 ESXi Host 3 Up to 16 hosts(max per cluster)

RG 2

VMwareHCX

vCenterServer NSX-T

HCX IX

SiteRecoveryManager

HCX WO HCX NE

vSphereReplication

ActiveDirectory

Management VMs Workload VMs

vSAN Storage

vSphere Cluster

NSX-T (T1)

VM

VM

VMVM

VM VM

NVMe Cache

Per Host

SSD Capacity

Resource Manager Azure ADEA SubscriptionProduction Management Group

On-premisesData Center

Customer Edge Device

DESTINATION TYPE PORT DESCRIPTIONSOURCE

Cloud DNS

On-premises DNS

On-premises Network

Cloud Management Network

On-premises vCenter Network

1.

2.

3.

4.

5.

Identify the Azure subscription, resource group, region, and resource name

Determine the number of hosts and clusters required

Request a host quota for an eligible Azure subscription

Register the Microsoft.AVS resource provider

Identify network ranges for SDDC management, connected Azure VNets,and VM segments

Click each step for more detailed information and a demonstration.

Deploy the Azure VMware Solution private cloud

Configure Azure VNet and ExpressRoute

Peer on-premises networks

6.

7.

8.

VM VM VM

VMVM

VMVMVM

Compute Cluster

@vMegie @StevePantol

Management Cluster

DHCPActiveDirectory NTP DNS

BackupServer

CertificateAuthority

RemoteDesktopServices

vSphereReplication

vCenterServer

VMwareHCX

SiteRecoveryManager

vRealizeNetworkInsight

VMwareHorizon

vRealizeOperationsManager

vRealizeLog Insight

MicrosoftEndpoint

ConfigurationManager

Applications

Guest OS

Virtual Machine

vSAN

NSX-T

vCenter Server

Host Patching

ESXi Hosts

Identity Management

Azure Portal

Hardware Failure

Physical Security

Physical Infrastructure

Configuration

Deployment &Lifecycle Operations

Microsoft is responsible for the

deployment, configuration, and

lifecycle operations of the

physical and virtual infrastructure

components. Microsoft is

responsible for ongoing

management of all physical

components.

The customer is responsible for

any post-deployment

configuration changes to vCenter

Server and NSX-T.

Deployment, configuration, and

management of virtual machines

- including operating systems and

applications - are customer

responsibilities. This includes

ensuring VMware Tools and Virtual

Machine compatibility.

Microsoft Azure

Tanzu Kubernetes Grid

AzureExpressRoute

On-premises DNS

Cloud DNS

Cloud vCenter

On-premises Active Directory

Cloud Management Network

UDP

UDP

TCP

TCP

TCP

53

53

80, 443

389

8000

DNS

DNS

vCenter HTTP, HTTPS

Active Directory authentication

vMotion VMs from on-premisesvCenter to Cloud vCenter