← Back to Dashboard

Design 42: Azure VMware Solution (AVS)

Summary

This design implements Azure VMware Solution. It allows you to lift-and-shift vSphere VMs to Azure without rewriting them.

Topology: AVS is a "Private Cloud" (bare metal) that connects to your Hub VNet via an internal ExpressRoute circuit.

1. Key Design Decisions (ADR)

ADR-01: Connectivity

  • Decision: Global Reach.
  • Rationale: Connects your On-Prem ExpressRoute directly to the AVS ExpressRoute, bypassing the Hub for data migration traffic.

ADR-02: Management

  • Decision: vCenter.
  • Rationale: You keep using the same vCenter tool you know.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  On-Premises |           |        HUB VNet          |           |  AVS Cloud   |
|  VMware      |           |      (Jumpbox)           |           |  (SDDC)      |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (ExpressRoute)                 |
+------+-------+                        v                                v
|  ExpressRoute|           +------------+-------------+           +------+-------+
|  Circuit     |---------->| ER Gateway               |<--------->|  NSX-T Edge  |
+--------------+           |                          |           |  (Router)    |
                           +--------------------------+           +------+-------+
                                                                         |
                                                                         v
                                                                  +--------------+
                                                                  |  ESXi Hosts  |
                                                                  |  (vSAN)      |
                                                                  +--------------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | ExpressRoute Gateway  |                                           |
|   | (Ultra Performance)   |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Connection)                                          |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| AVS PRIVATE CLOUD (192.168.0.0/22)                                    |
|   +-----------------------+                                           |
|   | vCenter Server        |                                           |
|   | NSX-T Manager         |                                           |
|   | HCX Manager           |                                           |
|   +-----------------------+                                           |
|   | Cluster 1 (3 Hosts)   |                                           |
|   | [VM 1] [VM 2]         |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| AVS PRIVATE CLOUD (DR)                                                |
|   +-----------------------+                                           |
|   | SRM (Site Recovery)   |                                           |
|   | (Replica VMs)         |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • HCX (Hybrid Cloud Extension): The magic tool that migrates VMs live (vMotion) from On-Prem to Azure.
  • ExpressRoute Gateway: Required in the Hub to route traffic to AVS.

5. Strategy: High Availability (HA)

  • vSphere HA: Standard VMware HA restarts VMs if a host fails.
  • Azure: Azure automatically replaces a failed hardware host in minutes.

6. Strategy: Disaster Recovery (DR)

  • Implementation: VMware SRM (Site Recovery Manager).
  • Process: Replicate VMs to a secondary AVS Private Cloud in West US.

7. Strategy: Backup

  • Tool: Azure Backup Server (MABS) or 3rd party (Veeam) running inside AVS.

8. Strategy: Security

  • NSX-T: Micro-segmentation firewall built into the hypervisor.
  • Encryption: vSAN encryption (Data at rest).

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: High.
  • Cost Optimization: Low. Expensive. Minimum 3 nodes (~$15k/month).
  • Operational Excellence: High. No retraining needed for VMware admins.
  • Performance Efficiency: High. Bare metal performance.

10. Detailed Traffic Flow

1. Migration: Admin right-clicks VM on-prem -> "Migrate to Cloud".

2. HCX: HCX tunnels traffic over ExpressRoute.

3. Switch: VM memory transferred.

4. Cutover: VM switches to running on Azure ESXi host.

5. IP: VM keeps its IP address (L2 Extension).

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create AVS Private Cloud

1. Search: "Azure VMware Solution" -> + Create.

2. Resource Group: rg-avs-corp.

3. Name: avs-corp.

4. Region: East US.

5. SKU: AV36.

6. Hosts: 3 (Minimum required).

7. Address Block: 192.168.0.0/22 (CIDR Block for AVS management).

* *Critical: This must NOT overlap with any On-Prem or Azure VNet range.*

8. Create.

* *Warning: Deployment takes 3-4 hours.*

Phase 2: Connect to Hub VNet (ExpressRoute)

1. Wait for AVS to finish.

2. Go to AVS Resource -> Connectivity -> ExpressRoute.

3. Copy the ExpressRoute ID and Auth Key.

4. Go to your Hub VNet -> ExpressRoute Gateway (ergw-hub).

5. Connections -> + Add.

6. Name: conn-hub-to-avs.

7. Connection type: ExpressRoute.

8. Redeem authorization: Yes.

9. Peer Circuit URI: Paste the ID.

10. Authorization Key: Paste the Key.

11. Create.

* *Result: Your Hub VNet can now route to the AVS Private Cloud.*

Phase 3: Access vCenter

1. Go to AVS Resource -> Identity.

2. Note the vCenter web client URL (e.g., https://192.168.1.2/ui).

3. Note the CloudAdmin User and Password.

4. Login:

* RDP to a Jumpbox VM in the Hub VNet.

* Open Chrome/Edge.

* Navigate to the vCenter URL.

* Login with cloudadmin@vsphere.local.

5. Success: You see the VMware vSphere Client interface.

Phase 4: Create a VM Segment (Network)

1. Go to AVS Resource -> Workload networking -> Segments.

2. + Add.

3. Name: segment-web.

4. Gateway/Prefix: 192.168.10.1/24.

5. Connected Gateway: Tier-1.

6. OK.

* *Result: This creates a network in NSX-T for your VMs.*

7. Go to vCenter -> Right Click Cluster -> New Virtual Machine.

8. Select Network segment-web.

9. Install OS.