Search This Blog

Wednesday, February 26, 2014

Establish Connection on Private Cloud to Windows Azure Using Point to Site VPN

 

There are three way of connecting resources on private cloud to Windows Azure

  • Site to Site VPN
  • Point to Site VPN
  • Express Route (new- Feb 2014)

Site to site VPN is relies on a IPSec VPN appliance to be deployed at the edge of your network for connectivity. This method allow any computers on your premises to connect any virtual machine / PaaS instance within the virtual network.

Next is Point to Site VPN. It work exactly like VPN client. You have to install a VPN client configuration package that enable your computer to connect to any virtual machine / PaaS within the virtual network. Point-to-site connectivity is over SSTP (Secure Sockets Tunneling Protocol) and support up to 250 VPN client.

Lastly Express Route is a dedicated private and high throughput network connectivity and guaranteed Network Qos to ensure faster speed, low network latency and complete network isolation. Check out here.

In today post, we are going to talk about Point to Site VPN so we can connect Active Directory at our premise to a virtual machine holding read only domain-controller roles. This allow us to have a non writable active directory running at  Windows Azure to use by any virtual machine. This is just an example that we are trying to simulate on our testing environment and just to let primary domain controller to communicate with the new VM.

image

It look like our scenario is not connected. New VM has created for read only domain controller but without the connection to our premises, we cannot replicate the active directory object. To do so, you need to

a) Configure Virtual Network

b) Create self signed root certificate

c) Deploy VPN Client Configuration

Configuration – Configure Virtual Network

Click +New | Network Services | Virtual Network | Custom Create

image

Enter Virtual Network Details

image

Make sure to select “Configure a point to site VPN”

image

Configure Virtual Network Address Space on your virtual network

imageimage

Once you have complete the wizard, you need to start create a dynamic routing gateway and this would take around 10 –20 min. Click on your virtual network that you’ve created on previous steps. Click + Create Gateway

image

image

After 20 minutes, this is how it look like . The system require us to proceed to next step.

image

Configuration – Create Self Signed Root Certificate

1. Download and Install Visual Studio Express 2013 for Windows Desktop to create self signed root certificate. In our example, we have created self signed root certificate and client certificate.

Create Self Signed Root Certificate

image

Create Client Certificate. Generate client certificate from the root certificate that does contain the private key and install on each client computer that you want to connect to VPN.

image

Install the self signed root certificate and client certificate on your primary domain controller. You can verify by using MMC Snap-in. Both certificates are listed there.

image

2. Upload root certificate .cer file (without private key) to Management Portal

image

We use SSTP (Secure Sockets Tunneling Protocol) to tunnel through firewalls. This tunnel will appear as a HTTPs connection.

Configuration – VPN Client Configuration

Certificate are uploaded and installed, you can download and install VPN client package on your primary domain controller.

image

On your network connection, a connection has created. Right click and select Connect

image

Click Connect to establish the connection.

image

If successful, you can view the status on the network mentioned “Connected”

image

To verify:- go to command prompt, type ipconfig /all.

Your domain controller will getting a virtual network ip address (10.0.0.2)

image

Back to Windows Azure Management Portal, refresh the dashboard. Voila! The connection is “Established”

image

With the connection established between our premises to Windows Azure, we can now start building read only domain controller VM at Windows Azure.

image

Please check on our other post: