Join us for the next global Nutanix User Group webinar where we'll discuss the <\/span>Top 3 Ways to Build Cyber Resilience Against Ransomware<\/strong><\/span> with Nutanix with Mike Barmonde, Nutanix Sr. Product Marketing Manager, and Neil Ashworth, Nutanix Portfolio Architect.<\/span><\/p>

Here\u2019s what will be covered:\u00a0<\/p>

  • Insights into ransomware evolution<\/span><\/li>\t
  • What is cyber resilience and how it fights ransomware\u00a0<\/span><\/li>\t
  • Demos on 3 key Nutanix concepts that will help you build cyber resilience<\/span><\/li><\/ul>

    Register today!\u00a0<\/span><\/p>","author":{"id":113632,"url":"\/members\/karlie-beil-113632","name":"Karlie Beil","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/1581aab3-bcf6-49f4-b2fb-3d11e8c010dc.png","userTitle":"Community Manager","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Community Manager","color":"#0873ba"},"userLevel":5},"type":"Meetup","url":"https:\/\/next.nutanix.com\/events\/global-nug-top-3-ways-to-build-cyber-resilience-176","image":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/050d4c6e-b652-40ce-9988-03189c05e3b9_thumb.png","location":"","startsAt":1686841200,"endsAt":1686844800,"contentType":"event","attendees":[],"attendeeCount":0,"isLoggedInUserAttendee":false,"createdAt":"1684788278"},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">

Azure网络 - 选择正确的路径。

  • 2022年10月18日
  • 0答复
  • 292意见
dlink7
Userlevel 4
徽章 +19

与AWS相比,Azure上Nutanix Cloud簇(NC2)的最大变化之一是流量虚拟网络的要求。流虚拟网络提供了Azure的覆盖层,以在您可能在Nutanix群集上托管的多个租户之间提供安全的通信,并提供北向和南行连接。通过流网路虚拟机(FVGW)提供了北向连接。在集群上运行的工作负载可以通过网络地址转换(NAT)路径或不使用NAT的路由路径。

您的虚拟机进出NC2群集的哪个路径将取决于其他服务需要如何与NC2上的运行虚拟机交谈。

FVGW是当创建第一个群集时部署的本机Azure VM。FVGM具有内部和外部网络接口卡(NIC)。来自Azure Nutanix群集的流量针对FVGM的内部NIC,然后最终通过外部NIC驶出。外部NIC直接从Azure获取虚拟IP,以用作浮动IP。这些漂浮的IP可以直接分配到群集上运行的虚拟机。

以下视频讨论了NC2内部关于Azure的路由。

纳特

使用NAT的路径是最容易使用的选项,因为它被配置为默认设置。部署环境并为虚拟机创建第一个Nutanix VPC后,唯一需要做的就是添加指向已经为您创建的NAT-外部子网的默认路由。

如果在NC2 Azure群集上运行的大多数VM只需要与世界其他地区的出站通信,那么这是一个不错的选择。如果只有少数应用需要像Web服务器一样启动入站连接,则可以使用浮动IP来提供可以启动连接的入站IP。

路由路径(非NAT)

如果您要食用需要启动多个连接到在NC2上运行的虚拟机的Azure服务,或者您将管理系统作为一个示例,将不得不直接与虚拟机进行交谈,然后NAT路径是最有意义的。对于这些类型的方案,为每台虚拟机配置浮动IP会非常麻烦。一个很好的例子是,如果您在PREM上拥有VDI连接经纪人,并且在Azure群集上打破桌面,则需要使用非NAT路径。

下面是一个视频,显示了在Prism Central中配置非NAT路径的视频。

One of the biggest changes with Nutanix Cloud Clusters (NC2) on Azure compared to it's AWS counterpart is the requirement for Flow virtual networking. Flow virtual networking provides an overlay in Azure to provide secure communication between multiple tenants you may be hosting on the Nutanix cluster and also provides north and southbound connectivity. North and southbound connectivity is provided through the Flow gateway virtual machine (FVGW). Workloads running on the cluster can either go through a network address translation (NAT) path or a routed path not using a NAT. <\/span><\/p>

Which path your virtual machines take in and out of the NC2 Cluster will depend on how other services need to talk to the running virtual machines on NC2.<\/span><\/p>

The FVGW Is a native Azure VM that gets deployed when the first cluster is created. The FVGM has both and internal and external network interface cards(NIC). Traffic from your Azure Nutanix cluster is directed towards the FVGM\u2019s Internal NIC And then eventually routed out through the external NIC. The external NIC grabs virtual IPs directly from Azure to be used as floating IP's. These floating IPS can be directly assigned to virtual machines running on the cluster.<\/span><\/p>

\u00a0<\/p>

The below video discuss routing inside of NC2 on Azure.<\/span><\/p>

<\/oembed><\/p>

\u00a0<\/p>

NAT<\/strong>

Using the NAT\u2019ed Path is the easiest option to use because it comes configured out-of-the-box as the default. Once your environment is deployed and you create your first Nutanix VPC for your virtual machines the only thing that you need to do is to add a default route pointing to the NAT-external subnet which is already created for you. <\/span><\/p>

If the majority of the VMs running on the NC2 Azure cluster only need outbound communication with the rest of the world, then this is a good option. If there is only a handful of applications that need to initiate inbound connectivity like a web server you can use floating IP's to provide the inbound IP that they can initiate the connection.<\/span><\/p>

\u00a0<\/p>

Routed Path(Non-NAT)<\/strong>

\u00a0if you're going to consume Azure services that need to initiate multiple connections to your virtual machines running on NC2 or you have a management system on-prem as an example that is going to have to talk to the virtual machines directly then a Non-NAT path makes the most sense. For these types of scenarios configuring a floating IP for every virtual machine would be very cumbersome. A good example of this would be if you had a VDI connection broker on Prem and you were bursting desktops on your Azure cluster you would need to use Non-NAT path. <\/span><\/p>

\u00a0<\/p>

Below is a video showing to configure a Non-NAT path in Prism Central.<\/span>

\u00a0<\/p>

<\/oembed><\/p>

\u00a0<\/p>","quoteUsername":"dlink7","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

0答复

做第一个回复的人!

回复


Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu