This is more one for curiosity and learning.
I currently have an Azure VM (Windows 2016 and SQL 2017) which I just use for R&D. The RDP port is enabled - no big deal as there is nothing top secret.
But just to learn more about Azure I wanted to create a VPN so I can connect via that. Googling, has left me a tad confused as how to go about this gateways, gateway subnet etc etc. I'm not sure if the articles I am reading are the right ones as whatever I try doesn't appear to work.
Does anyone know of any links that might help me start from scratch with VPN settings to connect?
You can try to set up a VPN type of P2S, you can make a Self-signed root certificate for free. And the steps are also simple. And you can follow the document Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: Azure portal. I'm glad if this can help you.
I found these series of Microsoft training guides to be super helpful. (you can find them via the azure portal on the overview page of a virtual network resource)
https://learn.microsoft.com/en-us/learn/modules/introduction-to-azure-virtual-networks/
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=portal
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-monitoring/
https://learn.microsoft.com/en-us/learn/modules/design-implement-network-security-monitoring/
https://learn.microsoft.com/en-us/learn/modules/integrate-vnets-with-vnet-peering/
https://learn.microsoft.com/en-us/learn/modules/design-a-hybrid-network-architecture/
Related
I currently have an Azure VM (linux) configuration with a custom domain name. Can someone please provide a tutorial (or explain) how I can go about setting up a SSL certificate?
Tried searching but no luck - appreciate all the help!
As Bruno has mentioned in the comment, certificate needs to be configured on OS level.
Here is a good article about how to create a certificate on Apache.
Azure VM is IaaS. It can not configure the settings on OS directly. That's the reason why we need the Azure VM Agents.
I have a couple of web applications deployed in Azure and I would like to move them to another subscription. The problem is that these apps are connected to the VPN gateway which cannot be moved. I suppose that if I will ask support stuff to move my applications, applications will be disconnected from the old VPN. Am I right and is there any better way to switch to the new subscription with minimal service interruption?
You have a good question. Actually, VPN gateways can be moved between subscriptions. However, the migration between subscriptions is all or nothing. If you want to migrate subscriptions, everything within that subscription will be migrated to the other.
Our support engineers will migrate everything, including VPN gateways, with minimal interruption. Please open a support ticket and our support engineers will be happy to take care of this migration for you.
Thanks,
Bridget [MSFT]
We have an application running in Azure that consists of the following:
A Web App front end, which talks to…
A WebApi running as a Web App as well, which can (as well as a couple other services) talk to…
A Cloud Service load balanced set of VMs which Are hosting an Elasticsearch cluster.
Additionally we have the scenario were dev’s whitelist their IPs so that their localhost version of the API can hit the VMs as well.
We have locked down our Elasticsearch VM’s by adding ACLs to the exposed end point. I whitelisted the outbound IPs that were listed on my App Services. I was under the mistaken impression that these were unique to my Api. It turns out that these are shared across the scale unit in Azure. Other services running in the same scale unit, could, if they knew the endpoint, access the data exposed on the endpoint in my cluster. I need to lock this down, and I am trying to find the easiest way. These are the things I am looking at, and I would appreciate advice and/or redirection.
Elastic Shield: Not being considered. This is a product by Elastic
that is designed to secure ES. This is ideal, but at the moment it
is out of scope (due to the cost and overhead)
List item
Elastic plugins: Not being considered. The main plugins (such as
Jetty) appear to be abandoned.
Azure VPN. I originally tried to set this up, but ran into too many
difficulties. The ACLs seemed to give me what I need without much
difficulty. I am not sure if I can set this up now. The things I
don’t know are:
I don’t think I can move existing VMs into a new VPN.
I think you have to recreate the VMs in that VPN from the get go
Could I move my Web App into the VPN? How does that work?
This would prob break my developer scenario as the localhost API
would not be able to access the VPN, right?
Add a certificate to requests: It would be ideal if I could have
requests require a cert or a header token. I assume to do this I
would need to create a proxy that would run on the VMs and do the
validation before forwarding the request on to my Elasticsearch.
Anything else? Is there another option I have not thought of?
Thanks!
~john
You can create a VPN point-to-site connecting your Web App with your IaaS VMs. This is the best solution because you will be able to use just internal IPs on your IaaS.
The easiest way to do that using Azure Portal is create a Web App and, create a new VPN and VNet using "setup" option at "Your Web App" -> Settings -> Networking -> VNET Integration -> Setup -> Create New Virtual Network.
After that, create your IaaS inside this new VNet.
You also can create a ARM template to create Web App, IaaS, VPN and everything that you need. Take a look at my ARM template to create PHP+MySQL using Web App and MariaDB Cluster connected by VPN: https://github.com/juliosene/azure-webapp-php-mariadb
I would like to connect two VM from two different account in Windows Azure.
Is it possible?
Because I've searched in the web and the e.g are only about the same account.
Thank you all for the help
This is not possible. Azure Connect is per subscription scope. See if the new endpoint to site VPN works for you https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/, I haven't tried it.
I'm trying to migrate my SQL Server 2008 database to Azure, but I can't find the FQDN to connect from SQL Server Management Studio. I've been searching for two days and found nothing. On the web interface (https://manage.windowsazure.com/), google, and all other place. Everyone just assumes that the reader know where the FQDN is.
I've tried servername.database.windows.net, the "Manage URL" link from Azure web interface which both fails. Database firewall has been set to allow my current IP address. Where can I get the FQDN to connect to the sql database?
I need this because I'm doing a database-first development with ASP.Net MVC3 as opposed to code-first. It would really helpful if there's a tutorial on deploying that too (because I only found tutorials for code-first development).
Thanks before.
You do have correct SQL Database FQDN name as shown above and your connectivity problem is not related with FQDN name so you would need to troubleshoot the connectivity issues first.
The following article provides a wide verity of steps to troubleshoot the problems:
http://social.technet.microsoft.com/wiki/contents/articles/1719.windows-azure-sql-database-connectivity-troubleshooting-guide.aspx