Most customer deployments will require communication from the HNV environment to resources that are not part of the HNV environment. Network Virtualization gateways are required to allow communication between the two environments. Scenarios requiring a HNV Gateway include Private Cloud and Hybrid Cloud. Basically, HNV gateways are required for VPNs and routing.
Gateways can come in different physical form factors. They can be built on Windows Server 2012 R2, incorporated into a Top of Rack (TOR) switch, a load balancer, put into other existing network appliances, or can be a new stand-alone network appliance.
The Windows Server Gateway (WSG), based on Windows Server 2012 R2, is a virtual machine-based software router that allows Cloud Service Providers (CSPs) and Enterprises to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet.
In Windows Server 2012 R2, the WSG routes network traffic between the physical network and VM network resources, regardless of where the resources are located. You can use the WSG to route network traffic between physical and virtual networks at the same physical location or at many different physical locations. For example, if you have both a physical network and a virtual network at the same physical location, you can deploy a computer running Hyper-V that is configured with a WSG VM to route traffic between the virtual and physical networks. In another example, if your virtual networks exist in the cloud, your CSP can deploy a WSG so that you can create a virtual private network (VPN) connection between your VPN server
and the CSP’s WSG; when this link is established you can connect to your virtual resources in the cloud over the VPN connection.
Windows Server Gateway Integration with Network Virtualization
WSG is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are many different customers – or tenants – who have isolated virtual networks in the same datacenter.
Multi-tenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, but isolate them from each other, while all of the workloads run on the same infrastructure. The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them. For example, an Enterprise might have many different virtual subnets, each of which is dedicated to servicing a specific department, such as Research and Development or Accounting. In another example, a CSP has many tenants with isolated virtual subnets existing in the same physical datacenter. In both cases, WSG can route traffic to and from each tenant while maintaining the designed isolation of each tenant. This capability makes the WSG multitenant-aware.
Clustering the Windows Server Gateway for HA
WSG is deployed on a dedicated computer that is running Hyper-V and that is configured with one VM. The VM is then configured as a WSG.
For high availability of network resources, you can deploy WSG with failover by using two physical host servers running Hyper-V that are each also running a virtual machine (VM) that is configured as a gateway. The gateway VMs are then configured as a cluster to provide failover protection against network outages and hardware failure.
When you deploy WSG, the host servers running Hyper-V and the VMs that you configure as gateways must be running Windows Server 2012 R2.
Unless otherwise noted in the illustrations that are provided in the sections below, the following icon represents two Hyper-V hosts, each of which is running a VM configured as a WSG. In addition, both the servers running Hyper-V and the VMs on each server are running Windows Server 2012 R2, and the gateway VMs are clustered.
Private Cloud Environments
Private cloud is a computing model that uses infrastructure dedicated to your organization. A private cloud shares many of the characteristics of public cloud computing including resource pooling, self-service, elasticity, and metered services delivered in a standardized manner with the additional control and customization available from dedicated resources.
The only fundamental difference between a private cloud and a public cloud is that a public cloud provides cloud resources to multiple organizations, while the private cloud hosts resources for a single organization. However, a single organization may have multiple business units and divisions which can lend itself to being multi-tenant in nature. In these circumstances, private cloud shares many of the security and isolation requirements of public cloud.
For Enterprises that deploy an on-premises private cloud, WSG can route traffic between virtual networks and the physical network. For example, if you have created virtual networks for one or more of your departments, such as Research and Development or Accounting, but many of your key resources (such as Active Directory Domain Services, SharePoint, or DNS) are on your physical network, WSG can route traffic between the virtual network and the physical network to provide employees working on the virtual network with all of the services they need.
In the illustration below, the physical and virtual networks are at the same physical location. WSG is used to route traffic between the physical network and virtual networks.
Figure 47 – Single location, with the WSG being used to connect VMs with physical infrastructure Hybrid Cloud Environments
For CSPs that host many tenants in their datacenter, WSG provides a multitenant gateway solution that allows your tenants to access and manage their resources from remote sites, and that allows network traffic flow between virtual resources in your datacenter and their physical network.
In the illustration below, a CSP provides datacenter network access to multiple tenants, some of whom have multiple sites across the Internet. In this example, tenants use third party VPN servers at their corporate sites, while the CSP uses WSG for the site-to-site VPN connections.
Figure 48 – CSP with using the WSG for connecting multiple customers to their hosted VM networks
These are just two of the ways that the WSG can be used to connect the outside world, to VMs running inside networks that have been created using Hyper-V Network Virtualization.
To fully utilize Hyper-V Network Virtualization, you will require the following: Windows Server 2012 R2 with Hyper-V, or Hyper-V Server 2012 R2 System Center 2012 R2 Virtual Machine Manager
A Windows Server 2012 R2 Hyper-V Host and Windows Server 2012 R2 VM for use as a Gateway or a Partner solution providing the Gateway functionality.
Why This Matters
Cloud-based datacenters can provide many benefits such as improved scalability and better resource utilization. To realize these potential benefits requires a technology that fundamentally addresses the issues of multi-tenant scalability in a dynamic environment. HNV was designed to address these issues and also improve the operational efficiency of the datacenter by decoupling the virtual network topology for the physical network topology. Building on an existing standard, HNV runs in today’s datacenter and as NVGRE-aware hardware becomes available the benefits will continue to increase. Customers, with HNV can now consolidate their datacenters into a private cloud or seamlessly extend their datacenters to a hoster’s environment with a hybrid cloud.
With the inclusion of the Windows Server Gateway, Customers can now seamlessly integrate internal address spaces with external networks, including those provided by hosters, without losing the ability to route NVGRE packets. Hosters can support multi-tenant NVGRE environments without having to run a separate VPN appliance and NAT environment for each customer. This is extremely useful in multi-tenant environments. The solution is highly available using guest clustering. Customers can enable this in-box network virtualization gateway without the need for specialized third party hardware or software, or can purchase a hardware-based solution or appliance of their choice through a vendor-partner solution
High Availability & Resiliency
We’ve spent a considerable amount of time discussing some of the key features of the platform that provide for immense scalability and performance, security, and most recently, features that enable complete flexibility from both a VM migration perspective, but also a networking perspective. One thing we do have to account for however, is what happens when things go wrong. What happens when a piece of hardware, such as a NIC fails? What about a host, or even an entire datacenter? Fortunately, Windows Server 2012 R2 has a number of key features and capabilities that provide resiliency at each of those different levels, ensuring you can virtualize your mission critical, high performance workloads, and be confident that they are providing a high level of continuous service to the business.