Hybrid Cloud – Expanding Datacenter into Azure IaaS by Richard Qi

Well, Have you ever thought about the idea to use Public Cloud resources on demand to server as part of your datacenter? Many did, but how to securely connect the Public Cloud resources back to your own Datacenter and function as a collective unit is the biggest challenge.

Well, Windows Azure has something to offer now. You can now connect Windows Azure Virtual Network to an on-premises network via site-to-site VPN connection as shown in diagram below.

What is the requirement?

You need a VPN gateway device in your on-premises datacenter. Here is the list of currently supported devices 

Cisco platform OS family Sample configuration script
ASA 5505 ASA version 8.3 Cisco ASA 5505 or ASA 5585 version 8.3
ASA 55851 ASA version 8.3 Cisco ASA 5505 or ASA 5585 version 8.3
ASR 1001 IOS Release 15.2 Cisco ASR 1001 IOS Release 15.2
ASR 10042 IOS Release 15.2 Cisco ASR 1004 IOS Release 15.2
ASR 10063 IOS Release 12.2 Cisco ASR 1006 IOS Release 12.2
ISR 29214 IOS Release 15.0 Cisco ISR 2921 IOS Release 15.0
ISR 39255 IOS Release 15.2 Cisco ISR 3925 IOS Release 15.2
ISR 3945E6 IOS Release 12.2 Cisco ISR 3945E IOS Release 12.2
Juniper platform OS family Sample configuration script
SRX 210 JunOS 11.2r6JunOS 10.4r9 Juniper SRX 210 JunOS 11.2r6 or JunOS 10.4r9
SRX 1400 JunOS 11.2r6JunOS 10.4r9 Juniper SRX 1400 JunOS 11.2r6 or JunOS 10.4r9
J-Series J6350 ScreenOS 6.3r9ScreenOS 6.2r13 Juniper J-Series J6350 JunOS 11.2r6 or JunOS 10.4r9
ISG 1000 ScreenOS 6.3r9ScreenOS 6.2r13 Juniper ISG 1000 ScreenOS 6.3r9 or ScreenOS 6.2r13

 

This list will be growing and include some lower end devices that are more affordable.

What if I don’t have a supported device?

If your current VPN device satisfies the following requirements. It may work with Azure Virtual Network

  • VPN device must have a public facing IPv4 address
  • VPN device must support IKEv1
  • Establish IPsec Security Associations in Tunnel mode
  • VPN device must support NAT-T
  • VPN device must support AES 128-bit encryption function, SHA-1 hashing function, and Diffie-Hellman Perfect Forward Secrecy in “Group 2″ mode
  • VPN device must fragment packets before encapsulating with the VPN header

Go to Windows Azure Website today and try it FREE for 90 Days: http://www.windowsazure.com/en-us/ 

 

 

One Response to “Hybrid Cloud – Expanding Datacenter into Azure IaaS”

  1. Azure IaaS - Deploy Tier1 Workload and Create VPN Connectivity | Richard Qi's Blog

    […] I previously blogged about create site-to-site virtual network between on-premise datacenter to Azure – Hybrid Cloud – Expanding Datacenter into Azure IaaS […]

    Reply

Leave a Reply