Microsoft Azure虚拟WAN

Configuration > Cloud Services > Microsoft Azure Virtual WAN

Microsoft Azure optimizes routing, automates large scale connectivity from various branches to Azure workloads, and provides unified network and policy management within Orchestrator. Use Azure to deploy to a single WAN circuit or for branch to branch connectivity by configuring virtual WANs to associated hubs.

在开始编排中的Microsoft Azure虚拟WAN配置之前，您需要使用Azure Virtual Wan Portal来验证和授权Azure中的编目。您需要创建服务主体，该主管专注于仅在一个组织中运行的单租户应用程序。点击hereto get started.

Microsoft Azure先决条件

1. 在Azure中创建一个应用程序，并从Azure Active Directory中记录以下订阅详细信息：

   • Subscription ID

   • 租户（目录）ID

   • 应用程序（客户）ID

   • Client Secret Key

2. Create a storage account in Azure and get the following:

   • Storage Account Name

   • Storage Access Key

3. 创建一个资源组。

4. Create Azure Virtual WANs with hubs from your resource groups.

乐队的先决条件

Complete the following tasks in Orchestrator:

1. Configure a VTI IP Pool.

   • Enter a valid IPv4 Subnet.

     NOTE:This is a unique address across the network. VTI interfaces created for Azure integration will be selected from this pool.

     *信息*Azure VTI接口区域设置为WAN接口区域。WAN接口区域的任何部署更改也都应用于Azure VTI。

     警告：Any change in the VTI pool after it is configured is networking affecting. This operation should be performed during a maintenance window as it can take several hours for some Cloud services to complete.

2. Configure BGP ASN Global Pool.

   • Enter the start and end ranges for ASNs.

   • 添加any reserved ASNs to exclude from being applied to appliances.

     NOTE:如果没有以前启用，则编排可以启用BGP。

乐队配置

当您完成Azure和Orchestrator先决条件时，请导航到Microsoft Azure虚拟WANtab in Orchestrator. There are five buttons at the top of the table that are used to complete the Azure and Orchestrator integration:Subscription，，，，Interface Labels，，，，Virtual Wan Association，，，，隧道设置，，，，andZone。

To begin, click theSubscriptionicon.

Subscription

1. Enter the information in the Subscription fields that reflect your Azure portal account.

2. 点击Save在完成下表中输入信息后。Azure场应反映Connected。

这following table represents the values in theSubscription从Azure Portal的窗口。

*存储URL

这Storage URL is present on theStorage Accountstab in your Azure portal. Complete the following steps to obtain your storage account URL.

1. After your storage account is created in Azure, create a blob container.

2. 获取斑点容器URL。

3. 用斜杠后缀URL并在Storage URLfield.

   NOTE:Append the URL with a slash for the file name. Do not end the URL with a slash.

Interface Labels

选择要使用接口标签的顺序。

1. 点击Interface Labels按钮。这Build Tunnels Using These Interfaces显示。

2. 将要使用的接口标签拖到首选接口标签顺序column.

3. 点击Save。

Virtual WAN Association

Each appliance is associated withone虚拟WAN。使用虚拟WAN关联按钮将特定站点添加到虚拟WAN中。

1. 点击Virtual Wan Association按钮。

2. Select an appliance from the tree in the left menu.

3. 选择复选框添加or消除在Azure中使用的虚拟WAN的设备。

隧道设置

这隧道设置button opens the Tunnel Settings dialog box, which enables you to define the tunnels associated with Azure and Orchestrator. It is recommended that you use the default tunnel settings for General, IKE, and IPSec; however, you can modify any field. The tunnel settings are set using the default VPN configuration parameters received from virtual WAN APIs located in your Azure portal account.

在您的Azure门户帐户中，导航到Azure配置表。该表显示了为与Azure Virtual Wans关联的编排设备创建的VPN站点。此外，在Azure中手动将站点与您的枢纽关联。

1. Navigate toAzure Virtual WAN。

2. SelectAzure VPN site。

3. SelectNew Hub Association。

Zone

您可以将配置的段应用于与Azure关联的VTI接口。点击Zone按钮，然后从要应用的下拉列表中选择区域。

Verification

这Tunnelpage displays that Azure and Orchestrator have an established connection with Azure by displaying a tunnel status ofup - active。

For more information about Azure configuration, visit the following link:https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal。

---