On 5^th of June 2019, Oracle and Microsoft announced a cloud interoperability partnership enabling customers to migrate and run mission-critical enterprise workloads across Oracle Cloud and Microsoft Azure. Enterprises can seamlessly connect Azure services, like Analytics and AI, to Oracle Cloud services, like Autonomous Database. By enabling customers to run one part of a workload within Azure and another part of the same workload within the Oracle Cloud, the partnership delivers a highly optimized, best-of-both-clouds experience. Taken together, Azure and Oracle Cloud offer customers a one-stop shop for all the cloud services and applications they need to run their entire business.

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft Azure was initially released on 1^st of February 2010 (initially as Windows Azure) and provides the full portfolio of cloud services: IaaS, PaaS and SaaS.

Oracle and Microsoft are collaborating in order to provide customers low latency, high throughput cross-cloud connectivity, allowing them to take advantage of the best features of the two clouds. Using this cross-cloud connectivity, customers can partition a multi-tier application to run for example the database tier on Oracle Cloud Infrastructure (OCI), and the application and other tiers on Microsoft Azure. The experience is similar to running the entire solution stack in a single cloud.

Some example of Oracle applications that can run in the OCI-Azure cross-cloud configuration are:

• E-Business Suite
• JD Edwards EnterpriseOne
• PeopleSoft
• Oracle Retail applications
• Oracle Hyperion Financial Management

Figure 1. Interconnect Overview

Below are all the steps and examples required for you in order to quickly create the interconnect between OCI and Azure.

How to setup the interconnect between OCI and Azure – Step-by-step DEMO

I. Prerequisites

Oracle Cloud Infrastructure (OCI)

In order to prepare for the interconnect setup in OCI we will create a virtual cloud network (VCN) with subnets and attach a dynamic routing gateway (DRG) and a test virtual machine in OCI.

● Create a VCN in OCI

In order to sign in to the OCI console, please go to console page (e.g. https://console.us-ashburn-1.oraclecloud.com/) and enter username and password.  Open the navigation menu. Under Core Infrastructure, go to Networking ► Virtual Cloud Networks. Ensure that the Sandbox compartment (or the compartment designated for you) is selected in the Compartment list on the left.

Click Networking Quickstart. Select VCN with Internet Connectivity, and then click Start Workflow. Add the required data and then Review and Create.

Figure 2. Create a VCN in OCI

Figure 3. VCN in OCI

● Create a DRG in OCI

Once the VCN has been succesfully created the next step is to create a Dynamic Routing Gateway (DRG). Open the navigation menu. Under Core Infrastructure, go to Networking ► Dynamic Routing Gateway ► Create Dynamic Routing Gateway.

Figure 4. How to create a DRG in OCI

● Attach the DRG to the VCN

After the DRG has been successfully provisioned, please go ahead and attach it to the previously created VCN. Press on “Virtual Cloud Networks (0)” and then “Attach to Virtual Cloud Network”.

Figure 5. DRG attached to VCN

● Create a VM in OCI

Open the navigation menu. Under Core Infrastructure, go to Compute ► Instances ► Create Instance. We will create a Virtual Machine (VM) with Oracle Linux 7.7 OS. For this demo we will select a VM.Standard2.1 Shape and the default boot volume.

Figure 6. Oracle Linux VM in OCI

The VM is now successfully provisioned so the next step is to continue with the Azure pre-requisites steps.

Microsoft Azure

In order to prepare for the interconnect setup in MS Azure we will create an Azure Virtual Network (VNet) with subnets, an Azure virtual network gateway and a test virtual machine in Azure.

● Create a VNet in Azure

Please sign in to the Azure console by browsing to the console page (https://portal.azure.com/) and entering the required username and password.

Open the navigation menu on the upper-left side of the screen. Select Create a resource ► Networking ► Virtual network.

Add in the required details as presented below.

Figure 7. Create a Vnet in Azure

After the deployment is finished, this will create a virtual network (VNet) and a subnet, which are scoped to a single region with in Azure (US East in our example).

● Create a Virtual Network Gateway in Azure

Open the navigation menu on the upper-left side of the screen and search for Virtual network gateway. Add in the required details as presented below.

Figure 8. Create a Virtual Network Gateway in Azure

● Create a Virtual Machine in Azure

Open the navigation menu on the upper-left side of the screen and select Create a resource ► Compute ► Ubuntu Server 16.04 LTS.

Add in the required details as presented below.

Figure 9. Create a Virtual Machine in Azure

II. Steps to setup the Interconnect

Step 1: Setup Azure ExpressRoute

Azure ExpressRoute enables you to create private connections between Azure data centers and infrastructure that's on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, offering more reliability, faster speeds, lower latencies, and higher security than typical connections. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.

With ExpressRoute, you can establish connections to Azure at an ExpressRoute location (Exchange Provider facility) or directly connect to Azure from your existing WAN network (such as a MPLS VPN) provided by a network service provider.

Open the navigation menu on the upper-left side of the screen and select Create a resource ►Networking ► ExpressRoute and Create.

Add in the required details as presented below.

Figure 10. Create ExpressRoute in Azure

This will create an ExpressRoute circuit, however it’s not currently provisioned and doesn’t provide any connectivity details.

Note down the service key as we will use this afterwards in Oracle Cloud Infrastructure (e.g. 1b4d5ec0-55ba-4344-85d0-dc62c9ed6878).

Once this the circuit is provided we can see the status changed:

Figure 11. ExpressRoute Provisioned in Azure

Step 2: Setup Oracle Cloud Infrastructure FastConnect

Open the navigation menu. Under Core Infrastructure, go to Networking ► FastConnect ► Create FastConnect. Choose “Use Oracle Provider” and select Microsoft Azure ExpressRoute. Add in the required details as presented below. After that please wait for the lifecycle state to become "Provisioned".

Figure 12. Setup FastConnect in OCI

Step 3: Link VNet to Azure ExpressRoute

In this step we will create a link between the Azure Virtual Network and the ExpressRoute circuit. We will then configure the security groups and routing for the virtual network.

In Azure navigate to the Virtual Network created before by going to Dashboard ►Resource groups ►OCI_Azure ►Azure_OCI ► Connections and add the below values:

Figure 13. Link VNet to ExpressRoute

Step 4: Associate Network Security groups (NSG) and Route table to Azure VNet

Open the navigation menu on the upper-left side of the screen and select Create a resource ►Networking ► and select Network security group.

Figure 14. Create NSG in Azure

After you press on “Create” the Network Security Group will be underway and once is finished you will see the following message: "Your deployment is complete". The next step now is to associate the network security group to the subnet in your VNet hosting your virtual machine. For this select the newly created NSG and select “Subnets”.

Figure 15. Associate Subnet with Vnet in Azure

You will need also to add the relevant security group rules to allow traffic from Virtual Cloud Network on Oracle Cloud Infrastructure.

Navigate to the Network Security Group (Open the navigation menu on the upper-left side of the screen and select Resource groups ►OCI_Azure) and select Inbound security rules. Add two rules, one for ssh connection into the Azure VM and another rule for connection between OCI VCN Subnet (10.0.0.0/24) to Azure VNet Subnet (172.16.0.0/24).

Figure 16. Inbound security rules in Azure

Next open the navigation menu on the upper-left side of the screen and select Create a resource ►Route Table and select “Create”.

Figure 17. Create route table in Azure

Once the new route table is successfully created, associate the route table with the VNet Subnet hosting your virtual machine and add a route. Therefore select the previously created Route Table, go to “Routes” and press “Add”. The example below shows the route with address prefix is Oracle Cloud Infrastructure VCN CIDR (In our example: 10.0.0.0/16) and the next hop is the Azure Virtual Network Gateway.

Figure 18. Add route in Azure

We have now succesfully created an ExpressRoute, linked it with our Virtual Network Gateway and configured network security group and route table to allow traffic connectivity with OCI VCN.

Step 5: Configure OCI VCN Security Lists and Route Table

In OCI, we will now configure the security lists and route table associated with the subnet hosting and virtual machine.

Navigate to the VCN and select Security Lists ► Default Security List for VCN_OCI_Azure and add an Ingress Rule with source CIDR of the Azure VNet Subnet (172.16.0.0/24).

Figure 19. Add Ingress Rule in OCI

Next, please go to the VCN and select Route Tables ► Default Route Table for VCN_OCI_Azure and add  a Route rule with Destination CIDR of Azure VNet (172.16.0.0/16) and DRG as your target. This will add a route table entry for routing the traffic towards Azure VNet.

Figure 20. Add Route Rule in OCI

Step 6: Test the connection

Now that we finished to setup the interconnect, let’s go ahead and test the connection. We have virtual machines in each virtual network. Lets ssh into them and test out connectivity by doing a basic PING test.

OCI VM Private IP: 10.0.0.2

Azure VM Private IP: 172.16.0.4

Figure 21. Azure & OCI VM Details

First test is to PING the Azure Machine from OCI VM.

The test is succesful:

Figure 22. PING Test from OCI VM to Azure VM

Also the test from Azure Machine to OCI VM is successful:

Figure 23. PING Test from Azure VM to OCI VM

The below tests are showing the latency between Azure East region and the Ashburn region in OCI. Below are the results with the latency around ~2ms!!

Figure 24. Latency Test between OCI and Azure

III. Conclusion

This blog explained how to create the interconnect between Oracle Cloud and Azure environments allowing the VMs to be able to communicate with each other through their private IP addresses as if they were in the same network segment.