X

The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Subscribe to email updates

Step-by-Step Guide: Interconnecting Oracle Cloud Infrastructure and Microsoft Azure

Andrei Leontescu

On June 5, 2019, Oracle and Microsoft announced a cloud interoperability partnership that enables customers to migrate and run mission-critical enterprise workloads across Oracle Cloud Infrastructure and Microsoft Azure. Enterprises can seamlessly connect Azure services to various Oracle Cloud services, like Autonomous Database. By enabling customers to run one part of a workload in Azure and another part of the same workload in Oracle Cloud Infrastructure, the partnership delivers a highly optimized, best-of-both-clouds experience. Taken together, Azure and Oracle Cloud offer customers a one-stop shop for all the cloud services and applications that they need to run their entire business.

Features

Oracle and Microsoft are collaborating to provide customers low-latency, high-throughput cross-cloud connectivity, which allows them to take advantage of the best features of both clouds. Using this cross-cloud connectivity, customers can partition a multitier application to run the database tier on Oracle Cloud Infrastructure and the application and other tiers on Microsoft Azure. The experience is similar to running the entire solution stack in a single cloud.

The following Oracle applications can run in the Oracle Cloud Infrastructure and Azure cross-cloud configuration:

  • E-Business Suite
  • JD Edwards EnterpriseOne
  • PeopleSoft
  • Oracle Retail applications
  • Oracle Hyperion Financial Management

A high-level architecture diagram that shows an overview of the interconnect between Oracle Cloud Infrastructure and Microsoft Azure.

Figure 1: Interconnect Overview

This post provides a step-by-step demonstration of how to set up the interconnection between Oracle Cloud and Azure. In places, it refers to other documentation for detailed background information and detailed steps.

Prerequisite Steps on Oracle Cloud Infrastructure

To prepare for the interconnect setup in Oracle Cloud, you create a virtual cloud network (VCN) with subnets, a dynamic routing gateway (DRG), and a test virtual machine (VM).

Step 1: Create a VCN in Oracle Cloud Infrastructure

A VCN is a private network that you set up in Oracle data centers. It resembles a traditional network with firewall rules and specific types of communication gateways that you can use. A VCN resides in a single Oracle Cloud Infrastructure region and covers a single, contiguous IPv4 CIDR block of your choice.

For more information about using the networking quickstart, see the Networking documentation.

  1. Sign in to the Oracle Cloud Infrastructure Console home page.

  2. In the Quick Actions section, click Set up a network with a wizard.

  3. Select VCN with Internet Connectivity, and then click Start VCN Wizard.

  4. Add the required information (in this example, the VCN name is VCN_OCI_Azure), click Next, and then click Create.

    Two screenshots that show the Configuration page and the Review and Create page of the Create VCN with Internet Connectivity wizard. A name, a compartment, and CIDR blocks for the VCN and subnets are entered.

    Figure 2: Create a VCN with Internet Connectivity Wizard in Oracle Cloud Infrastructure

    After the VCN is connected, its details page is displayed in the Console.

    A screenshot that shows the details page for the example VCN, VCN_OCI_Azure. Two subnets, one private and one public, are listed.

    Figure 3: VCN Details Page in Oracle Cloud Infrastructure

Step 2: Create a Dynamic Routing Gateway in Oracle Cloud Infrastructure

After the VCN is successfully created, you create a dynamic routing gateway (DRG). For more information about DRGs, see the documentation.

  1. Open the navigation menu. Go to Networking and then click Dynamic Routing Gateways.

  2. Click Create Dynamic Routing Gateway.

  3. Enter a name for the DRG (in this example, OCI_Azure_Demo), and then click Create Dynamic Routing Gateway.

    A screenshot that shows the Create Dynamic Routing Gateway pop-up screen in the Oracle Cloud Console.

    Figure 4: Create a DRG in Oracle Cloud Infrastructure

Step 3: Attach the DRG to the VCN

After the DRG is successfully provisioned, attach it to the VCN.

  1. On the details page of the DRG, click Virtual Cloud Networks under Resources, and then click Attach to Virtual Cloud Network.

  2. Select the VCN that you created, and click Attach to Virtual Cloud Network.

    A screenshot that shows the details page for the example DRG, OCI_Azure_Demo. The VCN_OCI_Azure VCN has been attached to the DRG.

    Figure 5: Attach a DRG to a VCN

Step 4: Create a VM in Oracle Cloud Infrastructure

For more information about creating an instance, see the Compute documentation.

  1. Open the navigation menu. Go to Compute and then click Instances.

  2. Click Create Instance and enter the necessary information. For this example, we created a VM with an Oracle Linux 7.7 OS, a VM.Standard2.1 shape, and the default boot volume. The instance is named OCI_Azure_Demo, and it’s connected to the VCN_OCI_Azure VCN.

    A screenshot that shows the instance information for the VM in the OCI_Azure_Demo VCN.

    Figure 6: Create an Oracle Linux VM in Oracle Cloud Infrastructure

The VM is now successfully provisioned. Continue with the Azure prerequisites steps.

Prerequisites Steps on Microsoft Azure

To prepare for the interconnect setup in Microsoft Azure, you create an Azure virtual network (VNet) with subnets, an Azure virtual network gateway, and a test VM.

Step 1: Create a VNet in Azure

For detailed steps, see the Azure documentation.

  1. Sign in to the Azure portal.

  2. From the portal menu, select Create a resource.

  3. Select Networking and then click Virtual network.

  4. Enter the required values. In this example, the VNet is named VNet_Azure_OCI, and it’s created in the OCI_Azure resource group and the US East location. Its subnet is named Subnet_1. Then, click Create.

    A screenshot that shows the Create Virtual Network screen with the name, address space, subscription, resource group, location, subnet, and address range fields filled in.

    Figure 7: Create a VNet in Azure

The finished deployment creates a VNet and a subnet, which are scoped to a single region in Azure (in our example, US East).

Step 2: Create a Virtual Network Gateway in Azure

For detailed steps, see the Azure documentation.

  1. On the upper-left side of the portal, open the navigation menu and search for virtual network gateway.

  2. Enter the required details for the virtual network gateway. In this example, the gateway instance is named Azure_OCI, its type is ExpressRoute, its region is US East, and the VNet is the one just created, VNet_Azure_OCI.

    A screenshot that shows the Create virtual network gateway page with the subscription, name, region, gateway type, SKU, virtual network, gateway subnet address range, and public IP address filled in.

    Figure 8: Create a Virtual Network Gateway in Azure

Step 3: Create a VM in Azure

  1. From the Azure portal menu, select Create a resource.

  2. Select Compute, select Ubuntu Server 16.04 LTS, and then click Create.

  3. Enter the required values. In this example, the VM is named OCIAzureVM. It’s created in the US East region, and the size is Standard D2s v3. The network is the one that was just created.

    A screenshot that shows the Create a virtual machine page with subscription, virtual machine name, region, availability options, image, and size filled in and selected on the Basics tab. The virtual network, subnet, public IP, NIC network security group, public inbound ports, select inbound ports, and accelerated networking values are filled in and selected in the Networking tab.

    Figure 9: Create a VM in Azure

Set Up the Interconnect

This section provides the instructions for setting up the interconnection between Oracle Cloud Infrastructure and Microsoft Azure.

Step 1: Set Up Azure ExpressRoute

Azure ExpressRoute enables you to create private connections between Azure data centers and infrastructure that's on premises or in a colocated environment. ExpressRoute connections don’t go over the public internet, which provides more reliability, faster speeds, lower latency, and higher security than typical connections. Using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.

With ExpressRoute, you can connect to Azure from an ExpressRoute location (exchange provider facility) or connect directly to Azure from your existing WAN network, such as an MPLS VPN, provided by a network service provider.

For detailed instructions, see Tutorial: Create and modify an ExpressRoute circuit.

  1. From the Azure portal menu, select Create a resource.

  2. Select Networking, and then click ExpressRoute.

  3. On the Create ExpressRoute circuit page, click Create new, and then enter the required values. In this example, the circuit is named OCI_Azure_ExpressRoute, the provider is Oracle Cloud FastConnect, the peering location is Washington DC, the resource group is OCI_Azure, and the Location is US East.

    A screenshot that shows the Create ExpressRoute circuit page with values added.

    Figure 10: Create an ExpressRoute Circuit in Azure

  4. Click Create. An ExpressRoute circuit is created, but it’s not provisioned and doesn’t provide any connectivity details.

  5. Note the service key, which you’ll use in the next step.

Step 2: Set Up Oracle Cloud Infrastructure FastConnect

For detailed steps, see “Task 3: Set up an Oracle Cloud Infrastructure FastConnect virtual circuit” in Setting Up a VNet-to-VCN Connection.

  1. In the Oracle Cloud Infrastructure Console, open the navigation menu.

  2. Under Core Infrastructure, go to Networking, and click FastConnect.

  3. Click Create FastConnect.

  4. In the Create Connection workflow, select Use Oracle Provider and then select Microsoft Azure ExpressRoute. Click Next.

  5. Enter the required details. For this example, the connection is named OCI_Azure_Demo, the circuit type is private, the DRG is OCI_Azure_Demo, and the provider service key is the one that you copied in the preceding step.

    A screenshot of the FastConnect Create Connection Configuration page.

    Figure 11: Set Up a FastConnect Virtual Circuit in Oracle Cloud Infrastructure

  6. Click Create.

    When provisioning is completed, the lifecycle state for the FastConnect circuit is UP, and the provider status for the ExpressRoute circuit changes to Provisioned, as shown in the following screenshot.

    A screenshot of the OCI_Azure_ExpressRoute details page, with the provider status changed to Provisioned.

    Figure 12: ExpressRoute Provisioned in Azure

Step 3: Link the VNet to Azure ExpressRoute

In this step, create a link between the Azure VNet and the ExpressRoute circuit. Then, configure the security groups and routing for the virtual network.

  1. In the Azure portal, navigate to the VNet that you created. In the Dashboard, click Resource groups, and then select the OCI_Azure resource group. Then, click Azure_OCI and then click Connections.

  2. Click Add, and enter the required values. In this example, the connection is named OCI, the connection type is ExpressRoute, the virtual network gateway is Azure_OCI, and the ExpressRoute circuit is OCI_Azure_ExpressRoute. Then, click OK.

    A screenshot that shows the Add connection page with name, connection type, virtual network gateway, ExpressRoute circuit, and resource group fields filled in.

    Figure 13: Link from the VNet to the ExpressRoute Circuit

Step 4: Associate a Network Security Group (NSG) and Route Table with the Azure VNet

For detailed steps, see the Azure documentation.

  1. From the Azure portal menu, select Create a resource.

  2. Select Networking, and then click Network security group.

  3. Enter the required values. In this example, the NSG is named OCU_Azure_Demo_SG, the region is US East, and the resource group is OCI_Azure.

    A screenshot the shows the Create Network Security Group page for the OCU_Azure_Demo_SG instance.

    Figure 14: Create an NSG in Azure

  4. Click Create.

    When the NSG has been created, the following message appears: “Your deployment is complete.” Now, associate the NSG with the subnet in your VNet that’s hosting your VM.

  5. Select the new NSG and click Subnets.

  6. Associate the NSG with the Subnet_1 subnet.

    A screenshot that shows the NSG associated with the Subnet_1 subnet.

    Figure 15: Associate the Subnet with VNet in Azure

    Next, add security group rules to allow traffic from the VCN on Oracle Cloud Infrastructure.

  7. Navigate back to the NSG. In the Dashboard, click Resource groups, and then select the OCI_Azure resource group. Select the NSG.

  8. Select Inbound security rules.

  9. Add two rules, one for an SSH connection to the Azure VM and one for the connection between the VCN subnet (10.0.0.0/24) to the VNet subnet (172.16.0.0/24).

    A screenshot that shows the inbound security rules page for the security group. Several rules are listed.

    Figure 16: Inbound Security Rules in Azure

  10. From the portal navigation menu, select Create a resource.

  11. Select Route Table, and then click Create.

  12. Enter the required values. In this example, the route table is named Route_Table, and it’s created in the OCI_Azure resource group and the US East location. Click Create.

    A screenshot that shows the Create route table page.

    Figure 17. Create a Route Table in Azure

  13. After the route table is successfully created, associate it with the VNet subnet that’s hosting your VM and then add a route.

  14. Select the route table, go to Routes and click Add. In this example, the route is called OCI, the address prefix is the Oracle Cloud Infrastructure VCN CIDR (10.0.0.0/16), and the next hop type is the Azure virtual network gateway. Click OK.

    A screenshot that shows the Add Route screen with route name, address prefix, and next hop type.

    Figure 18: Add a Route in Azure

We have now successfully created an ExpressRoute, linked it with the virtual network gateway, and configured an NSG and route table to allow traffic connectivity with the Oracle Cloud Infrastructure VCN.

Step 5: Configure VCN Security Lists and Route Table

In Oracle Cloud Infrastructure, configure the security lists and route table associated with the subnet that’s hosting the VM.

  1. From the main menu of the console, select Networking and then click Virtual Cloud Networks.

  2. Click the name of the network (in this example, VCN_OCI_Azure).

  3. Under Resources, click Security Lists, and then click Default Security List for VCN_OCI_Azure.

  4. Add an ingress rule with a source type of CIDR, and enter the CIDR of the Azure VNet subnet (172.16.0.0/24). Specify All Protocols for the IP protocol.

    A screenshot that shows the Add Ingress Rules dialog box with the specified values entered.

    Figure 19: Add an Ingress Rule to the VCN in Oracle Cloud Infrastructure

  5. On the details page of the VCN, under Resources, click Route Tables.

  6. Click Default Route Table for VCN_OCI_Azure.

  7. Add a route rule with the target type Dynamic Routing Gateway and the destination CIDR block of the Azure VNet (172.16.0.0/16). This adds a route table entry for routing the traffic to the VNet.

    A screenshot that shows the Add Route Rules dialog box with the specified values entered.

    Figure 20: Add a Route Rule to the VCN in Oracle Cloud Infrastructure

Step 6: Test the Connection

Now that the interconnect is set up, test the connection. Use SSH to connect to the VM in each virtual network, and test the connectivity by doing a basic PING test.

Locate the private IP address of each VM on the details page of that VM.

  • The private IP address of the Oracle Cloud Infrastructure VM (OCI_Azure_Demo) is 10.0.0.2.

  • The private IP address of the Azure VM (OCIAzureVM) is 172.16.0.4.

A screenshot that shows the details pages in Azure and Oracle Cloud for each VM, with the Private IP address highlighted.

Figure 21: Azure and Oracle Cloud Infrastructure VM Details

From the Oracle Cloud VM, run ping 172.16.0.4. The following screenshot shows a successful test.

A screenshot tat shows the ping command and a successful response.

Figure 22: Ping Test from the Oracle Cloud VM to the Azure VM

From the Azure VM, run ping 10.0.0.2. The following screenshot shows a successful test.

A screenshot tat shows the ping command and a successful response.

Figure 23: Ping Test from the Azure VM to the Oracle Cloud VM

The following additional ping results show the latency between the Azure US East region and the Ashburn region in Oracle Cloud Infrastructure, which is about 2 ms!

A screenshot of two more ping commands to each VM, showing latency times at about 2 ms.

Figure 24: Latency Test Between Oracle Cloud and Azure

Conclusion

This post explains how to create the interconnect between Oracle Cloud and Azure environments, which enables the VMs to communicate with each other through their private IP addresses as if they were in the same network segment. Furthermore, this cross-cloud direct interconnection between Oracle Cloud and Microsoft Azure enables the following use cases:

  • Migrate to the cloud or build cloud native applications by using the best of Oracle Cloud and Microsoft Azure.

  • Set up extremely low-latency, private connections between workloads distributed across Oracle Cloud and Microsoft Azure.

  • Extend your on-premises data centers to both Oracle Cloud and Microsoft Azure.

  • Provide single sign-on (SSO) access to resources deployed in Oracle Cloud and Microsoft Azure.

To learn more about the benefits of the Oracle Cloud and Microsoft Azure Interconnect, see the following resources:

Join the discussion

Comments ( 1 )
  • Raj Ramachandran Thursday, October 29, 2020
    Has any major client implemented Oracle EBS + Hyperion using the suggested configuration? As an alternative configuration can the non-prod environments be in Azure and PROD in OCI? What are the pros and cons of this?
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Recent Content