On 5th of June 2019, Oracle and Microsoft announced a cloud interoperability partnership enabling customers to migrate and run mission-critical enterprise workloads across Oracle Cloud and Microsoft Azure. Enterprises can seamlessly connect Azure services, like Analytics and AI, to Oracle Cloud services, like Autonomous Database. By enabling customers to run one part of a workload within Azure and another part of the same workload within the Oracle Cloud, the partnership delivers a highly optimized, best-of-both-clouds experience. Taken together, Azure and Oracle Cloud offer customers a one-stop shop for all the cloud services and applications they need to run their entire business.
Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft Azure was initially released on 1st of February 2010 (initially as Windows Azure) and provides the full portfolio of cloud services: IaaS, PaaS and SaaS.
Oracle and Microsoft are collaborating in order to provide customers low latency, high throughput cross-cloud connectivity, allowing them to take advantage of the best features of the two clouds. Using this cross-cloud connectivity, customers can partition a multi-tier application to run for example the database tier on Oracle Cloud Infrastructure (OCI), and the application and other tiers on Microsoft Azure. The experience is similar to running the entire solution stack in a single cloud.
Some example of Oracle applications that can run in the OCI-Azure cross-cloud configuration are:
Figure 1. Interconnect Overview
In order to prepare for the interconnect setup in OCI we will create a virtual cloud network (VCN) with subnets and attach a dynamic routing gateway (DRG) and a test virtual machine in OCI.
● Create a VCN in OCI
In order to sign in to the OCI console, please go to console page (e.g. https://console.us-ashburn-1.oraclecloud.com/) and enter username and password. Open the navigation menu. Under Core Infrastructure, go to Networking ► Virtual Cloud Networks. Ensure that the Sandbox compartment (or the compartment designated for you) is selected in the Compartment list on the left.
Click Networking Quickstart. Select VCN with Internet Connectivity, and then click Start Workflow. Add the required data and then Review and Create.
Figure 2. Create a VCN in OCIA VCN is a private network that you set up in Oracle data centers. It closely resembles a traditional network, with firewall rules and specific types of communication gateways that you can choose to use. A VCN resides in a single Oracle Cloud Infrastructure region and covers a single, contiguous IPv4 CIDR block of your choice.
Figure 3. VCN in OCI
● Create a DRG in OCI
Once the VCN has been succesfully created the next step is to create a Dynamic Routing Gateway (DRG). Open the navigation menu. Under Core Infrastructure, go to Networking ► Dynamic Routing Gateway ► Create Dynamic Routing Gateway.
Figure 4. How to create a DRG in OCI
● Attach the DRG to the VCN
After the DRG has been successfully provisioned, please go ahead and attach it to the previously created VCN. Press on “Virtual Cloud Networks (0)” and then “Attach to Virtual Cloud Network”.
Figure 5. DRG attached to VCN
● Create a VM in OCI
Open the navigation menu. Under Core Infrastructure, go to Compute ► Instances ► Create Instance. We will create a Virtual Machine (VM) with Oracle Linux 7.7 OS. For this demo we will select a VM.Standard2.1 Shape and the default boot volume.
Figure 6. Oracle Linux VM in OCI
The VM is now successfully provisioned so the next step is to continue with the Azure pre-requisites steps.
In order to prepare for the interconnect setup in MS Azure we will create an Azure Virtual Network (VNet) with subnets, an Azure virtual network gateway and a test virtual machine in Azure.
● Create a VNet in Azure
Please sign in to the Azure console by browsing to the console page (https://portal.azure.com/) and entering the required username and password.
Open the navigation menu on the upper-left side of the screen. Select Create a resource ► Networking ► Virtual network.
Add in the required details as presented below.
Figure 7. Create a Vnet in Azure
After the deployment is finished, this will create a virtual network (VNet) and a subnet, which are scoped to a single region with in Azure (US East in our example).
● Create a Virtual Network Gateway in Azure
Open the navigation menu on the upper-left side of the screen and search for Virtual network gateway. Add in the required details as presented below.
Figure 8. Create a Virtual Network Gateway in Azure
● Create a Virtual Machine in Azure
Open the navigation menu on the upper-left side of the screen and select Create a resource ► Compute ► Ubuntu Server 16.04 LTS.
Add in the required details as presented below.
Figure 9. Create a Virtual Machine in Azure
Azure ExpressRoute enables you to create private connections between Azure data centers and infrastructure that's on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, offering more reliability, faster speeds, lower latencies, and higher security than typical connections. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.
With ExpressRoute, you can establish connections to Azure at an ExpressRoute location (Exchange Provider facility) or directly connect to Azure from your existing WAN network (such as a MPLS VPN) provided by a network service provider.
Open the navigation menu on the upper-left side of the screen and select Create a resource ►Networking ► ExpressRoute and Create.
Add in the required details as presented below.
Figure 10. Create ExpressRoute in Azure
This will create an ExpressRoute circuit, however it’s not currently provisioned and doesn’t provide any connectivity details.
Note down the service key as we will use this afterwards in Oracle Cloud Infrastructure (e.g. 1b4d5ec0-55ba-4344-85d0-dc62c9ed6878).
Once this the circuit is provided we can see the status changed:
Figure 11. ExpressRoute Provisioned in Azure
Open the navigation menu. Under Core Infrastructure, go to Networking ► FastConnect ► Create FastConnect. Choose “Use Oracle Provider” and select Microsoft Azure ExpressRoute. Add in the required details as presented below. After that please wait for the lifecycle state to become "Provisioned".
Figure 12. Setup FastConnect in OCI
In this step we will create a link between the Azure Virtual Network and the ExpressRoute circuit. We will then configure the security groups and routing for the virtual network.
In Azure navigate to the Virtual Network created before by going to Dashboard ►Resource groups ►OCI_Azure ►Azure_OCI ► Connections and add the below values:
Figure 13. Link VNet to ExpressRoute
Open the navigation menu on the upper-left side of the screen and select Create a resource ►Networking ► and select Network security group.
Figure 14. Create NSG in Azure
After you press on “Create” the Network Security Group will be underway and once is finished you will see the following message: "Your deployment is complete". The next step now is to associate the network security group to the subnet in your VNet hosting your virtual machine. For this select the newly created NSG and select “Subnets”.
Figure 15. Associate Subnet with Vnet in Azure
You will need also to add the relevant security group rules to allow traffic from Virtual Cloud Network on Oracle Cloud Infrastructure.
Navigate to the Network Security Group (Open the navigation menu on the upper-left side of the screen and select Resource groups ►OCI_Azure) and select Inbound security rules. Add two rules, one for ssh connection into the Azure VM and another rule for connection between OCI VCN Subnet (10.0.0.0/24) to Azure VNet Subnet (172.16.0.0/24).
Figure 16. Inbound security rules in Azure
Next open the navigation menu on the upper-left side of the screen and select Create a resource ►Route Table and select “Create”.
Figure 17. Create route table in Azure
Once the new route table is successfully created, associate the route table with the VNet Subnet hosting your virtual machine and add a route. Therefore select the previously created Route Table, go to “Routes” and press “Add”. The example below shows the route with address prefix is Oracle Cloud Infrastructure VCN CIDR (In our example: 10.0.0.0/16) and the next hop is the Azure Virtual Network Gateway.
Figure 18. Add route in Azure
We have now succesfully created an ExpressRoute, linked it with our Virtual Network Gateway and configured network security group and route table to allow traffic connectivity with OCI VCN.
In OCI, we will now configure the security lists and route table associated with the subnet hosting and virtual machine.
Navigate to the VCN and select Security Lists ► Default Security List for VCN_OCI_Azure and add an Ingress Rule with source CIDR of the Azure VNet Subnet (172.16.0.0/24).
Figure 19. Add Ingress Rule in OCI
Next, please go to the VCN and select Route Tables ► Default Route Table for VCN_OCI_Azure and add a Route rule with Destination CIDR of Azure VNet (172.16.0.0/16) and DRG as your target. This will add a route table entry for routing the traffic towards Azure VNet.
Figure 20. Add Route Rule in OCI
Now that we finished to setup the interconnect, let’s go ahead and test the connection. We have virtual machines in each virtual network. Lets ssh into them and test out connectivity by doing a basic PING test.
OCI VM Private IP: 10.0.0.2
Azure VM Private IP: 172.16.0.4
Figure 21. Azure & OCI VM Details
First test is to PING the Azure Machine from OCI VM.
The test is succesful:
Figure 22. PING Test from OCI VM to Azure VM
Also the test from Azure Machine to OCI VM is successful:
Figure 23. PING Test from Azure VM to OCI VM
The below tests are showing the latency between Azure East region and the Ashburn region in OCI. Below are the results with the latency around ~2ms!!
Figure 24. Latency Test between OCI and Azure
This blog explained how to create the interconnect between Oracle Cloud and Azure environments allowing the VMs to be able to communicate with each other through their private IP addresses as if they were in the same network segment.