Versa Networks, in partnership with Microsoft Azure, has released an enhancement to the Versa Operating System (VOS) Network Virtual Appliance (NVA) deployed in Microsoft Azure Virtual WAN (vWAN). The changes to the existing offering are as follows:
VOS is Versa’s multi-tenant, multi-service operating system and the integration extends the power of SASE, SSE, SD-WAN, and software-defined routing into the Microsoft Azure cloud. The VOS NVA, offered through the Azure Marketplace, is the same cloud-native Versa software deployed by over tens of thousands of enterprises worldwide. Using Versa, enterprises benefit from rich functionality to securely connect users to the applications on Microsoft Azure.
Azure vWAN is a networking service from Microsoft that provides an efficient and easy way to connect several enterprise VNETs to their on-premises branch networks and to other services like Azure Express Route.
Integration enhancement details
The new offering has three interfaces available with two configuration options. In the first option, the additional interface is used for Azure Express Route and does not have a public IP address associated with it. In the second option, the additional interface is used for out-of-band management over SSH. This interface has a public IP address associated with it. Both these offerings are available in software versions 22.1.3 and 22.1.4.
Figure 1 – Versa’s NVA deployed in Microsoft Azure vWAN.
The VOS NVA is deployed in the Azure vWAN hub on a per-region basis. All the spoke VNETs deployed in a given region appear as a single branch in the Versa SD-WAN network, thereby allowing the enterprise to use granular traffic steering capabilities, next-generation firewall, and routing functionality in their network. BGP is used as the routing protocol to exchange enterprise prefixes between the Azure network and the on-premises SD-WAN network. This dynamic exchange of routing information using BGP eliminates the need to configure user-defined routes (UDR) in the Azure VNETs.
The vWAN network is a hub-spoke deployment model where all the spoke VNETs in a region peer with the region vWAN hub and the hubs are interconnected to each other in a full mesh network. The topology used to connect the Versa NVAs to the rest of the SD-WAN network depends on the topology defined by the administrator from the Versa Director portal. The Versa NVA and the on-site branches can be configured in a hub-spoke model with different spoke topologies or in a full-mesh network topology.
Azure Marketplace configuration
The enterprise administrator can deploy the Versa NVA from the Azure Marketplace. The name of the offering in the marketplace is “Versa SD-WAN & NGFW with Express Route for Azure Virtual WAN.” Once this is selected, the administrator needs to select if the NVA is to be configured with or without Express Route. In the next step, the administrator selects the scale unit based on the throughput requirements from the NVA. The cloud-init script to use for configuring the ZTP staging parameters during the NVA deployment can be obtained from Versa Technical Assistance Center support. When the NVA deployment is complete, Azure creates two Versa NVA instances for redundancy.
After the Versa NVA is deployed, it is managed and controlled by Versa Director, the same single-pane-of-glass management software used to manage, operate, and deploy Versa services in the Azure cloud environment. The Versa Director has configuration options in the workflow template to easily configure the BGP peering with the Azure vWAN service. In the Azure portal the administrator can view parameters like peer IP address and AS number to set up the BGP neighborship with the Versa NVA.