Azure DNS Service & Hybrid Networking for SAP​

Introduction

In episode 188 of our SAP on Azure video podcast we talk about about DNS, Domain Name System. DNS acts like a phonebook to resolve IP addresses through their domain names. When something goes wrong, then often the whole network communication breaks down. It’s always DNS! Who doesn’t know this term whenever it comes to networking issues. In a lot of cases we see customers using Azure DNS Services in the context of hybrid networking with SAP scenarios – both Azure native and RISE with SAP. Since this can become quite complicated, I am happy to have two experts with us today again: Evren and Konstantin.

https://www.linkedin.com/feed/update/urn:li:activity:6841398577495977984/

Find all the links mentioned here: https://www.saponazurepodcast.de/episode188

Reach out to us for any feedback / questions:

• Robert Boban: https://www.linkedin.com/in/rboban/
• Goran Condric: https://www.linkedin.com/in/gorancondric/
• Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/

#Microsoft #SAP #Azure #SAPonAzure #DNS #Networking #RISEwithSAP

Summary created by AI

Azure DNS overview: Konstantin explains the difference between Azure public DNS and Azure private DNS, and the three options for Azure private DNS: Azure provided DNS, Azure DNS private zones, and custom DNS. Azure public DNS vs Azure private DNS: Konstantin clarifies that Azure public DNS is for internet-facing domains, while Azure private DNS is for internal domains within Azure virtual networks, and that the article focuses on Azure private DNS for SAP deployments. Azure provided DNS: Konstantin describes Azure provided DNS as the default and out-of-the-box option for every virtual network, which assigns a non-routable IP address and a standard suffix to each virtual machine, but does not allow customers to bring their own custom domains or integrate with third-party solutions. Azure DNS private zones: Konstantin explains that Azure DNS private zones enable customers to bring their own custom domains into virtual networks, and to link multiple virtual networks to one private zone for cross-system communication. He also introduces Azure DNS resolver, a new feature that simplifies the hybrid DNS resolution between on-premises and Azure, and eliminates the need for DNS forwarders. Custom DNS: Konstantin says that custom DNS is the most flexible and common option for customers who want to keep their on-premises DNS infrastructure and extend it to Azure, or who have complex multi-regional or multi-cloud scenarios. He says that custom DNS allows customers to specify the IP address of the external DNS servers for each virtual network, and that it requires proper networking and routing configuration. Azure DNS private zones: Konstantin and Evren describe how Azure DNS private zones allow customers to bring their own custom domains into Azure virtual networks, and how Azure DNS resolver simplifies the hybrid DNS resolution between on-premises and Azure. Azure DNS private zones diagram: Konstantin shows a diagram that illustrates how Azure DNS private zones work, and how virtual machines in different virtual networks can get the same suffix and communicate with each other through the private zone. Azure DNS resolver diagram: Konstantin shows another diagram that demonstrates how Azure DNS resolver works, and how it can resolve DNS queries from on-premises to Azure private zones, and vice versa, without the need for DNS forwarders or zone transfers. Azure DNS resolver benefits: Evren adds that Azure DNS resolver is a fully managed and secure service that reduces the operating costs and complexity of DNS resolution, and that it supports conditional forwarding and integration with Azure monitor. Azure DNS integration scenarios: Konstantin and Evren present four scenarios for integrating DNS in hybrid SAP deployments, with different options for using Azure DNS private zones, custom DNS, DNS forwarders, and DNS zone transfer. Scenario 1: Azure DNS private zones and Azure DNS resolver: Konstantin says that this is the preferred and recommended scenario for native SAP deployments on Azure, and that it leverages the platform-provided features of Azure DNS private zones and Azure DNS resolver. He shows a diagram that depicts how SAP systems in different virtual networks can communicate with each other and with on-premises systems through the private zone and the resolver. Scenario 2: Azure DNS private zones and DNS forwarders: Konstantin says that this is the obsolete scenario that was used before Azure DNS resolver was available, and that it involves deploying DNS forwarders in each virtual network to forward DNS queries from on-premises to Azure private zones, and vice versa. He shows a diagram that illustrates how this scenario works, and why it is more complicated and less efficient than scenario 1. Scenario 3: Custom DNS: Konstantin says that this is the common scenario for customers who want to keep their on-premises DNS infrastructure and extend it to Azure, or who have complex multi-regional or multi-cloud scenarios. He shows a diagram that shows how this scenario works, and how customers can configure custom DNS servers for each virtual network, and point them to on-premises DNS servers. Scenario 4: Custom DNS and SAP RISE: Konstantin says that this is a more complicated scenario that involves integrating with SAP RISE, which is a managed SAP service on Azure that has its own DNS architecture and requirements. He shows a diagram that explains how this scenario works, and how customers need to delegate a zone for SAP RISE, and use DNS zone transfer or conditional forwarding to resolve DNS queries between SAP RISE and on-premises or non-RISE environments. Azure security solutions: Evren highlights the importance of using Azure DDoS, Azure firewall, and Azure monitor to protect the DNS traffic and the SAP systems from attacks and to provide visibility and control. Folgeaufgaben: DNS integration scenarios: Provide more customer examples and use cases for different DNS solutions on Azure (Evren and Konstantin) Azure DDoS protection: Reach out to Microsoft representative to learn more about Azure DDoS and how it can secure DNS and other network services (Customers)

• SAP on Azure. DNS integration whitepaper

• 0:00 Intro
• 1:10 Introducing Evren and Konstantin
• 5:50 Looking at the Whitepaper
• 10:50 Azure DNS - Public and Private
• 12:30 Azure Private DNS Options
• 16:00 Azure Provided DNS
• 23:05 Azure DNS private zones
• 26:40 Azure DNS private resolver
• 35:30 Azure custom DNS
• 36:30 DNS integration scenarios
• 38:40 Custom DNS forwarder (obsolete)
• 43:10 Custom DNS Hub-spoke architecture
• 46:50 Integration with SAP RISE PCE and Azure DNS Zone Delegation
• 48:20 Integration with SAP RISE PCE and Azure DNS resolver (Forwarding)