One of the biggest changes with Nutanix Cloud Clusters (NC2) on Azure compared to it's AWS counterpart is the requirement for Flow virtual networking. Flow virtual networking provides an overlay in Azure to provide secure communication between multiple tenants you may be hosting on the Nutanix cluster and also provides north and southbound connectivity. North and southbound connectivity is provided through the Flow gateway virtual machine (FVGW). Workloads running on the cluster can either go through a network address translation (NAT) path or a routed path not using a NAT.
Which path your virtual machines take in and out of the NC2 Cluster will depend on how other services need to talk to the running virtual machines on NC2.
The FVGW Is a native Azure VM that gets deployed when the first cluster is created. The FVGM has both and internal and external network interface cards(NIC). Traffic from your Azure Nutanix cluster is directed towards the FVGM’s Internal NIC And then eventually routed out through the external NIC. The external NIC grabs virtual IPs directly from Azure to be used as floating IP's. These floating IPS can be directly assigned to virtual machines running on the cluster.
The below video discuss routing inside of NC2 on Azure.
NAT
Using the NAT’ed Path is the easiest option to use because it comes configured out-of-the-box as the default. Once your environment is deployed and you create your first Nutanix VPC for your virtual machines the only thing that you need to do is to add a default route pointing to the NAT-external subnet which is already created for you.
If the majority of the VMs running on the NC2 Azure cluster only need outbound communication with the rest of the world, then this is a good option. If there is only a handful of applications that need to initiate inbound connectivity like a web server you can use floating IP's to provide the inbound IP that they can initiate the connection.
Routed Path(Non-NAT)
if you're going to consume Azure services that need to initiate multiple connections to your virtual machines running on NC2 or you have a management system on-prem as an example that is going to have to talk to the virtual machines directly then a Non-NAT path makes the most sense. For these types of scenarios configuring a floating IP for every virtual machine would be very cumbersome. A good example of this would be if you had a VDI connection broker on Prem and you were bursting desktops on your Azure cluster you would need to use Non-NAT path.
Below is a video showing to configure a Non-NAT path in Prism Central.