Azure Cloud Networking


VxCloud Azure Cloud Networking Features

Medium and Large Enterprise Azure Cloud Networking Services

Azure Networking Integration

VxCloud SD-WAN and Azure Vnet integration is already setup and tested for clients. Azure VPN Gateway services are used to provide secure networking integration. Connectivity is provided as part of the VxCloud SD-WAN interconnected service. We provide access to South African peering points resulting in improved Azure WAN Access and integration.

Azure Networking Integration

Azure VNET Networking

With skilled Azure networking architects we can provide clients with Azure Vnet architecture and designs. It is vitally important for clients to create the correct Azure networking solution before applications and computing services are deployed inside Vnet. Contact VxCloud for a consulting discussion.

Azure VNET Networking

Azure VNET Monitoring “Network Watcher”

We have included the new Azure Network Watcher as part of our cloud monitoring service. The new service will provide clients with virtual network gateway connectivity trouble shooting, networking topology, IP flow verification, packet capture, security and NSG flow logs. VxCloud utilizes these services to provide clients with cloud network monitoring and problem resolution. Cloud Networking to Perfection and simplified management reduces TCO by 30%.

Azure VNET  Monitoring “Network Watcher”

VxCloud SD-WAN vs Express Route

We have created an SD-WAN solution that is competing with “Express Route”. The redundancy, reduced cost, security and peering point access provided as part of the SD-WAN solution has created a stable and very efficient cloud network solution. The advantage is that the same network also provides these features to O365 and Google. Please contact VxCloud for demo units and POC testing. We have created the service for assured application performance and Quality of Experience.

VxCloud SD-WAN vs Express Route

Azure Cloud Networking

VxCloud Azure Cloud Networking Integration

VxCloud integration with Azure can be accessed from multiple SD-WAN sites in South Africa. Normal internet traffic such as LTE, ADSL, FTTH, Fibre and Metro Fibre is used to create high availability Azure VPN gateway access. VxCloud gateways are deployed locally to South Africa and managed by VxCloud.

“Cloud Networking to Perfection”
VxCloud Azure Cloud Networking Integration

Azure Vnet Solutions

Azure Cloud Monitoring

The Azure Virtual Network service enables clients to securely connect Azure resources to each other with virtual networks (VNets). A VNet is a representation of your own network in the cloud. A VNet is a logical isolation of the Azure cloud dedicated to your subscription. You can also connect VNets to your on-premises network. Ever wondered why you need the internet for applications, VxCloud justifies using the internet as the Cloud Network.

Azure Vnet Isolation

VNets are isolated from one another. Clients can create separate VNets for development, testing, and production that use the same CIDR address blocks. Conversely, Clients can create multiple VNets that use different CIDR address blocks and connect networks together. You can also segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet.

Azure Internet Connectivity

All Azure Virtual Machines (VM) and Cloud Service role instances connected to a VNet have access to the Internet, by default. You can also enable inbound access to specific resources, as needed. VxCloud uses the clients Microsoft licensing benefits and funding to create O365-Azure integration.

Azure Networking Integration

VxCloud SD-WAN and Azure Vnet integration is already setup and tested for clients. Azure VPN Gateway services are used to provide secure networking integration. Connectivity is provided as part of the VxCloud SD-WAN interconnected service. VxCloud provides access to South African peering points to provide improved Azure WAN Access and integration.

Azure Networking Devices

VxCloud can also integrate SD-WAN VPN gateways into other gateways such as Fortinet, Cisco and Palo Alto deployed in Azure as virtual services. This will be done according to client requirements.


Frequently Asked Questions

VxCloud Vnet consulting services provide the following Azure Virtual Network capabilities:
  • Isolation: VNets are isolated from one another. VxCloud can create separate VNets for development, testing, and production that use the same CIDR address blocks. Conversely, you can create multiple VNets that use different CIDR address blocks and connect networks together. You can also segment a VNet into multiple subnets. Azure provides internal name resolution for VMs and Cloud Services role instances connected to a VNet. You can optionally configure a VNet to use your own DNS servers, instead of using Azure internal name resolution.
  • Internet connectivity: All Azure Virtual Machines (VM) and Cloud Services role instances connected to a VNet have access to the Internet, by default. You can also enable inbound access to specific resources, as needed. The VxCloud SD-WAN utilizes this service from Azure to create Azure networking access. The service is deployed as part of the clients licensing agreement and is highly cost effective.
  • Azure resource connectivity: Azure resources such as Cloud Services and VMs can be connected to the same VNet. The resources can connect to each other using private IP addresses, even if they are in different subnets. Azure provides default routing between subnets, VNets, and on-premises networks, so you don't have to configure and manage routes.
  • VNet connectivity: VNets can be connected to each other, enabling resources connected to any VNet to communicate with resources on any other VNet.
  • On-premises connectivity: VNets can be connected to on-premises networks through private network connections between the VxCloud SD-WAN and Azure, or through a site-to-site VPN connection over the Internet. VxCloud provides multiple VPN gateways for secure Azure access.
  • Traffic filtering: VM and Cloud Service role instance network traffic can be filtered inbound and outbound by source IP address and port, destination IP address and port, and protocol.
  • Routing: You can optionally override Azure's default routing by configuring your own routes, or using BGP routes through a network gateway.
VxCloud tested the scenarios and express route access is not just expensive but also not required for most clients. VxCloud cloud networking to perfection solutions are based on an SD-WAN solution that provides multiple peering points in South Africa and integration into Azure. Providing the clients with the service is really cost effective with improved Quality of Experience. The SD-WAN can be deployed with any broadband internet such as LTE, ADSL, Fibre, Metro Fibre and Wireless. Bring your Own Internet or MPLS and we can integrate it with the VxCloud SD-WAN Solution.
VxCloud can implement multiple VNets within each Azure subscription and Azure region. Each VNet is isolated from other VNets. For each VNet clients can:
  • Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure assigns resources connected to the VNet a private IP address from the address space you assign.
  • Segment the VNet into one or more subnets and allocate a portion of the VNet address space to each subnet.
  • Use Azure-provided name resolution or specify your own DNS server for use by resources connected to a VNet.
The VxCloud cloud networking service is provided with consulting services to create architecture designs for Azure networking. The SD-WAN solution is based on 50, 100 and 200 MB Edge devices. The peering point bandwidth is included in the SD-WAN to Azure VPN connection. The client is responsible for the Azure network licensing but can also be supplied by VxCloud as part of Client Service Provider licensing (CSP). An example could be 4 LTE links, 2 SFP ports and 2 Ethernet WAN links to create a 200 MB branch link.
Traditional networks are falling short because of the way they are designed and architected. Public Cloud workloads including Azure, AWS, O365 and others are presented over the internet. Our SD-WAN solution is the new generation of “Cloud Networking to Perfection”. The internet is the new network and the VxCloud SD-WAN solution in not just focused on main sites in well-connected network areas, but also focused on providing SD-WAN for the new generation of cloud branch office.
The proposed scenarios are live demos and are part of the VxCloud SD-WAN and Azure Cloud networking demo. The proposed solution provides the Clients with unique access to a private and public cloud networks. The major benefit is the flexibility and cost savings achieved with this solution. Clients will access a financial server from a remote site over the SD-WAN into Azure and at the same time have access to the Private Cloud hosted IP-PBX.

Download the Azure and SD-WAN demo document and contact VxCloud if you would like to see the live demo.
We use tools to provide accurate TCO calculations based on workload scanning, planning and forecasting. These tool can be used once off or continuously in order to manage cloud based workloads and cost.

The SD-WAN solution can use any network to create enterprise based networking services. The perception that MPLS is still the best network is changing and no longer applies to services that are accessed in the cloud.
Client can phone 087-815-1000 to log a call and email admin@vxcloud.co.za. Select the option for support and a technician will provide the required assistance.
Connect to the Internet

All resources connected to a VNet have outbound connectivity to the Internet by default. The private IP address of the resource is source network address translated (SNAT) to a public IP address by the Azure infrastructure. You can change the default connectivity by implementing custom routing and traffic filtering. To communicate inbound to Azure resources from the Internet, or to communicate outbound to the Internet without SNAT, a resource must be assigned a public IP address.

Connect Azure resources

You can connect several Azure resources to a VNet, such as Virtual Machines (VM), Cloud Services, App Service Environments, and Virtual Machine Scale Sets. VMs connect to a subnet within a VNet through a network interface (NIC). To learn more about NICs, read the Network interfaces article.

Connect virtual networks

You can connect VNets to each other, enabling resources connected to either VNet to communicate with each other across VNets. You can use either or both of the following options to connect VNets to each other:
  • Peering: Enables resources connected to different Azure VNets within the same Azure location to communicate with each other. The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet. To learn more about peering, read the Virtual network peering article.
  • VNet-to-VNet connection: Enables resources connected to different Azure VNet within the same, or different Azure locations. Unlike peering, bandwidth is limited between VNets because traffic must flow through an Azure VPN Gateway. To learn more about connecting VNets with a VNet-to-VNet connection, read the Configure a VNet-to-VNet connection article.


Connect to an on-premises network

You can connect your on-premises network to a VNet using any combination of the following options:
  • Point-to-site virtual private network (VPN): The first one that VxCloud SD-WAN will provide is to establish a single PC connected to your network and the VNet. This connection type is great if you're just getting started with Azure, or for developers, because it requires little or no changes to your existing network. The connection uses the SSTP protocol to provide encrypted communication over the Internet between the PC and the VNet. The latency for a point-to-site VPN is unpredictable, since the traffic traverses the Internet.
  • Site-to-site VPN: Established between your VPN device (VxCloud SD-WAN Gateway) and an Azure VPN Gateway. This connection type enables any on-premises resource you authorize to access a VNet. The connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between your on-premises device and the Azure VPN gateway. The latency for a site-to-site connection is unpredictable, since the traffic traverses the Internet.
  • Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is private. Traffic does not traverse the Internet. The latency for an ExpressRoute connection is predictable, since traffic doesn't traverse the Internet. Very expensive and suitable for all organisations.


Filter network traffic

You can filter network traffic between subnets using either or both of the following options:
  • Network security groups (NSG): Each NSG can contain multiple inbound and outbound security rules that enable you to filter traffic by source and destination IP address, port, and protocol. You can apply an NSG to each NIC in a VM. You can also apply an NSG to the subnet a NIC, or other Azure resource, is connected to. To learn more about NSGs, read the Network security groups article.
  • Network virtual appliances (NVA): An NVA is a VM running software that performs a network function, such as a firewall. View a list of available NVAs in the Azure Marketplace. NVAs are also available that provide WAN optimization and other network traffic functions. NVAs are typically used with user-defined or BGP routes. You can also use an NVA to filter traffic between VNets.


Route network traffic

Azure creates route tables that enable resources connected to any subnet in any VNet to communicate with each other, by default. You can implement either or both of the following options to override the default routes Azure creates:
  • User-defined routes: You can create custom route tables with routes that control where traffic is routed to for each subnet. To learn more about user-defined routes, read the User-defined routes article.
  • BGP routes: If you connect your VNet to your on-premises network using an Azure VPN Gateway or ExpressRoute connection, you can propagate BGP routes to your VNets.


Pricing

There is no charge for virtual networks, subnets, route tables, or network security groups. Outbound Internet bandwidth usage, public IP addresses, virtual network peering, VPN Gateways, and ExpressRoute each have their own pricing structures. For more information of the VxCloud SD-WAN Virtual network, VPN Gateway, and branch office pricing please contact us on 087-815-1000 or email admin@vxcloud.co.za.