A connection must be established between your Microsoft Azure network and your on-prem NSX appliances.

Note: You must have already installed and connected NSX Manager with CSM in your on-prem deployment.

Overview

  • Connect your Microsoft Azure subscription with on-prem NSX.
  • Configure your VNets with the necessary CIDR blocks and subnets required by NSX Cloud.
  • Synchronize time on the CSM appliance with the Microsoft Azure Storage server or NTP.

Connect your Microsoft Azure subscription with on-prem NSX

Every public cloud provides options to connect with an on-premises deployment. You can choose any of the available connectivity options that suit your requirements. Refer to Microsoft Azure Reference documentation for details.
Note: You must review and implement the applicable security considerations and best practices by Microsoft Azure, for example, all privileged user accounts accessing the Microsoft Azure portal or API should have Multi Factor Authentication (MFA) enabled. MFA ensures only a legitimate user can access the portal and reduces the likelihood of access even if credentials are stolen or leaked. For more information and recommendations, refer to Microsoft Azure Security Center Documentation.

Configure your VNet

In Microsoft Azure, create routable CIDR blocks and set up the required subnets.

  • One management subnet with a recommended range of at least /28, to handle:
    • control traffic to on-prem appliances
    • API traffic to cloud-provider API endpoints
  • One downlink subnet with a recommended range of /24, for the workload VMs.
  • One, or two for HA, uplink subnets with a recommended range of /24, for routing of north-south traffic leaving from or entering the VNet.

See NSX Public Cloud Gateway: Architecture and Modes of Deployment for details on how these subnets are used.