Azure VMware Solution Logical Design

Deployment and Connectivity

Internet
On-premises Customer Edge Device
Azure
ExpressRoute Console
Data Center

Microsoft Azure

Management Cluster

Active
NTP DNS DHCP
Directory
Production Management Group EA Subscription Resource Manager Azure AD

Microsoft Remote
Certificate Endpoint Backup
Desktop
Authority Configuration Server
Manager Services

vCenter Site vSphere

VMware Recovery
Server Replication
HCX Manager

Azure Dedicated Microsoft Enterprise Edge (D-MSEE)

vRealize
ExpressRoute
VMware vRealize vRealize
Operations Log Insight Network Global Reach
Horizon Manager Insight
Azure ExpressRoute to Azure VMware Solution Azure Express Route to on-premises data center Microsoft Enterprise Edge (MSEE)

Production-1 Resource Group

Compute Cluster
Private Cloud Deployment Options:
• Azure Portal
Azure VMware Solution • Azure Resource Manager Template Azure Services
• Azure PowerShell
• Azure CLI
VM VM VM
AVS
Edge Router NSX-T (T0) NSX-T (T1)
Production-2 Resource Group Virtual Network (VNet)

VM VM VM

Management VMs Workload VMs

GatewaySubnet Virtual Machine Azure Firewall Azure Route Server

VM VM VMware vCenter
NSX-T VM VM VM
HCX Server

API Management Load Balancers Azure Active DNS Zones

Services Directory

HCX IX HCX WO HCX NE VM VM VM

RG 2
Hub VNet
Site VNet Peering VNet Peering
Recovery Active vSphere
Manager Directory Replication

Storage
vSphere Cluster
vSAN, VMFS
Fiber Channel Web App Azure Blob Azure IoT Azure
Firewall Storage Hub Sentinel
NFS, iSCSI
ESXi Host 1 ESXi Host 2 ESXi Host 3 Up to 16 hosts
(max per cluster)

Network vSAN Storage

Azure Azure File Azure Kubernetes SQL
Backup Sync Service Databases
Per Host
NSX-V, NSX-T NVMe Cache
vSphere Distributed Switch SSD Capacity
Spoke VNet Spoke VNet
vSphere Standard Switch
Production-3 Resource Group Production-4 Resource Group

Firewall Rules
Roles and Responsibilities

SOURCE DESTINATION TYPE PORT DESCRIPTION

Cloud DNS On-premises DNS UDP 53 DNS

Deployment, configuration, and On-premises DNS Cloud DNS UDP 53 DNS

Applications management of virtual machines On-premises Network Cloud vCenter TCP 80, 443 vCenter HTTP, HTTPS
- including operating systems and
Cloud Management Network On-premises Active Directory TCP 389 Active Directory authentication
Guest OS applications - are customer
On-premises vCenter Network Cloud Management Network TCP 8000 vMotion VMs from on-premises
responsibilities. This includes
vCenter to Cloud vCenter
Virtual Machine ensuring VMware Tools and Virtual
Machine compatibility.
Configuration

vSAN
The customer is responsible for
any post-deployment
Planning and Deployment
NSX-T
configuration changes to vCenter

vCenter Server Server and NSX-T.

Click each step for more detailed information and a demonstration.

1. Identify the Azure subscription, resource group, region, and resource name 6. Deploy the Azure VMware Solution private cloud

2. Determine the number of hosts and clusters required 7. Configure Azure VNet and ExpressRoute
Host Patching
Microsoft is responsible for the 3. Request a host quota for an eligible Azure subscription 8. Peer on-premises networks
deployment, configuration, and
Deployment & ESXi Hosts 4. Register the Microsoft.AVS resource provider
lifecycle operations of the
Lifecycle Operations
physical and virtual infrastructure
Identity Management 5. Identify network ranges for SDDC management, connected Azure VNets,
components. Microsoft is and VM segments
responsible for ongoing
Azure Portal
management of all physical
components.
Hardware Failure

Legend
Physical Security

Physical Infrastructure
Internet ExpressRoute ExpressRoute Global Reach Customer Managed

Windows Server/Service Linux Server/Service VMware Appliance Microsoft Managed Tanzu Kubernetes Grid

Copyright © 2021 VMware Inc. All rights reserved. https://via.vmw.com/avstechzone | https://www.vmware.com/cloud-solutions/azure.html @vMegie @StevePantol