Connect to Azure VMware Solution (AVS) using VPN
By: Trevor Davis @vTrevorDavis and Carlos Villuendas @CarlosV
ExpressRoute is the preferred method to connect the customer’s on-premises environment to Azure VMware Solution (AVS), but what happens if you do not have access to ExpressRoute?
Connect your on-premises site to AVS using VPN and Azure Virtual WAN.
Azure Virtual WAN allows transit connectivity between VPN and ExpressRoute. This implies that VPN-connected sites can communicate with ExpressRoute-connected sites.
NOTE: Azure VMware Solution (AVS) is connected to the Azure backbone via an ExpressRoute.
- VMware does not support VMware HCX over VPN. If the customer intends to migrate workloads from on-premises to Azure VMware Solution (AVS), another migration tool needs to be used.
- This configuration requires the standard Azure Virtual WAN type. Check this article for more details.
- When connecting Azure Virtual WAN to a virtual network, make sure that the virtual network does not have any virtual network gateways. This is very important when planning the connection to an existing Azure environment. More details here.
After Azure VMware Solution is deployed, you can connect your on-premises environment to Azure VMware Solution (AVS) using VPN and Azure Virtual WAN following these steps.
- Create an Azure Virtual WAN.
- Create a hub.
- Create a site.
- Connect a VPN site to a hub.
- Connect a Vnet to a hub (if needed)
- Connect the ExpressRoute circuit to a hub.
Steps 1 to 5 are covered in this article: Create a Site-to-Site connection using Azure Virtual WAN
Step 6 is covered in this article: Create an ExpressRoute association using Azure Virtual WAN
Format the VPN configuration file to make it more readable.
To configure your on-premises VPN device, you will need to download the VPN configuration from the Azure portal, instructions here. The configuration file will look like the following image. Use VS Code to format the configuration file to look like the example in this article.
You can connect multiple virtual networks to the virtual WAN hub, even virtual networks from different Azure subscriptions.
You mentioned connecting On-prem to AVS via VPN/WVAN doesn’t support HCX migrations, how to do it when in a lab scenario? I understand it’s not supported but any way to test it out in a lab env?
in a lab environment you could setup a VPN to AVS, then run HCX across that. In my experience I’ve seen success using Bulk Migration, so-so success using vMotion.