Chicken or the egg? - azure

I am not quite sure how to approach this and appreciate everyone's input.
I need to make a vnet and provision a windows server. No big deal so far. But after the windows server is provisioned, I will be elevating it to a domain controller.
I then need to go back to the vnet and set DNS to the IP of the windows server that I provisioned after the vnet.
How do I set the DNS server for the vnet if the server isn't setup yet? I can't setup the server w/out the vnet up first.
How do you approach this?
thank you much

If anyone runs into this in the future, the answer is assign a static IP to the server so you can assign that same IP to the DNS in the vnet. doh!

Related

Is it possible for a Azure Container App to access on-prem network share using a UNC path?

Hey all I've been trying to look into whether this is possible or not.
I was working with Infra-Engineering to setup a VNet with peering to the on-prem network. Everything was smooth sailing until we found out that the Azure Sandbox for Function Apps blocks the SMB ports. I saw a reply on this thread: https://learn.microsoft.com/en-us/answers/questions/290531/how-can-i-access-a-on-premise-network-file-share-d.html
that if we use a Container App that we would not have this restriction. Can anyone corroborate this? I just want to get some insight before committing to trying this out.
In short - you need a VPN/Express Route connection to on premise, the container app needs to be in a VNet peered with the VPN VNet (if separated), a DNS server able to resolve on-premises DNS records, if there are firewalls, NSGs involved you will also need access rules there, and obviously the IP address ranges need to be routed (BGP or Static) and should not overlap
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/azure-container-apps-virtual-network-integration/ba-p/3096932
https://learn.microsoft.com/en-us/azure/architecture/hybrid/hybrid-dns-infra

How to use another machine within Azure P2S VPN as a gateway?

I have configured Azure P2S IKEv2 VPN and downloaded the VPN client (in machine it shows as PPP adapter) into 2 machines, one each in different countries. Say our IP addresses are 170.10.10.121 & 170.10.10.122 . From here on we'll call the site with .121 machine as site A.
My machine(.122) would like to use (.121) as a gateway, so that I could browse the internet in my computer using site A's public IP address. Is this possible or have I got this terribly wrong?
My end goal is that, we have multiple sites(B,C,D) that'd like to use the internal network as well as access public internet using site A. This site has dynamic IP address for public internet and port forwarding is not an option as ISP is non cooperative.
As shown in the below picture, machines PC-B-1,C-1,D-1 are trying to use the PC-A-1 as a gateway to access the internet through Site A.
Thanks.
what you need to do is installing the P2S on all PCs in all sites and setup a FW/NVA in Azure and route the traffic through that one or setup S2S from all sites to Azure and route the traffic to a FW/NVA in Azure. Basically you will need a NVA/FW in Azure to get the same IP for all computers. You cant use a P2S as a gateway.
Prefered solution is to setup S2S VPN with NVA to get the same IP.
So this is the setup I am using as a work around.
Since setting up a S2S is not an option for lack of infrastructure and lack of time,
As given in the question, I installed P2S VPN agents in all the machines that is involved, from the machine whose internet we wanted (in site A) to be used by others, to all the other machines (in B,C,D). Now that all the machines are in Azure Vnet, I installed WinGate application at Site A machine and activated proxy.
Then I configured proxy on the rest of the machines in sites B,C and D to proxy through the machine in Site A using its Azure Vnet ip address.
Machines involved are all Windows 10.
This might not be the best solution, but given the extraordinary list of limitations definitely this was the quickest and easiest.
Let's see if we can get better and quicker solutions for the same :)
Meanwhile thanks for all the suggestions :)

Is it possible make requests to the server from another network

To elaborate more on the title, (that I know is confussing, I would appretiate if someone make it better)
I need to connect a PC that is off the office to the server that is being hosted on azure,
but only the calls being made from the office IP are trusted by the server.
I need to be able to connect to it from of the premisses, on my laptop.
Is there any way to do this, with a vpn or something like that?
I think the easies way to achieve your goal without exposing VM to public Internet is Point-to-site VPN:
You add and configure a VPN gateway on Azure Virtual Network where VM is placed
You allocate a private address space to Point-to-site connections and authorize its IP range at VM level (Security Group, Firewall or any other method that you use to protect the traffic in Azure)
You install a VPN client on your laptop and connect to VM with it's private IP address

Join Active Directory on a DC VM in azure

I'd like to set up a small lab in Azure.
Two vm's, one is the domain controller and the other is the Windows 10 client.
Both are in the same subnet IP 10.0.0.1 /24.
My problem is , my client can't join the ad on my dc. And the client get always "AD with name ifa.local can't contacted".
I've some picture from the window, ip config and dns suffix I added.
Has anyone an idea why it's not working and could help me.
Thank you guys
You have to make sure Windows 10 VM can reach the DC. Just because there in the same subnet doesn't mean that, you need to update the DNS server on the 'Azure Network interface' for the Windows 10 machine or on the VNet to point to the DC IP.
That will allow you to join the domain.
Example
Hope this helps.

Point Azure VM to Local DNS

I feel like I may be trying to sprint before I can even walk here, but I'm getting there! I've got a VM on Azure that I want to be able to access a local fileserver from. We have the following setup:
$COMPANY.net is the local domain, $COMPANY.com is the Azure domain. They are connected using Azure AD Connect, and the VM on Azure is using AADDS; we have a site to site vpn setup between Azure and our local network. I can put in the IP address of the local fileserver and reach it from the Azure VM, but I can't resolve the name if I try that. I believe it is a DNS problem, I need the Azure VM to use my local DNS server to resolve the host name rather than the AADDS addresses. Do I need to set up a DNS server on Azure that will point the requests to my local DNS, or is there another way?
Thank you!
You can specify DNS server for your Azure VM to use. The doc is quite large: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md
Your name resolution needs might go beyond the features provided by Azure. For example, you might need to use Microsoft Windows Server Active Directory domains, resolve DNS names between virtual networks. To cover these scenarios, Azure provides the ability for you to use your own DNS servers.

Resources