Does Azure have any VPN solutions available? - azure

I have an Azure VM that I want to have clients to be able to access. I have used OpenVPN in the past, but was wondering if there are any Azure offerings that will allow Windows clients to access that VM.

Yes, 3 actually:
site-to-site
point-to-site
express route
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
https://learn.microsoft.com/en-us/azure/expressroute/

Related

Create a simple VPN in Azure

TLDR;
I got Azure credits, how do I make a simple VPN?
I recently got some Azure credits through a hackathon. How do I create a simple VPN on Azure. It need not be too feature rich, I just wanna use it to access blocked or region specific websites.
I saw on Azure portal that there is virtual machine and virtual network. I don't exactly need a VM, just want to redirect all network traffic through the virtual network.
How do I do this in Azure, Has anyone done anything similar in Azure?
Free VPN are slow and have bugs and paid VPN are expensive & I would like to use my azure credits to create my own VPN.
It sounds like you want to use Azure VPN similar to a consumer VPN like ExpressVPN or NordVPN which protects your client while you surf the Internet. Azure VPN is not designed to be used to surf the Internet. Azure VPN is a service that allows you to create a secure Site-to-Site or Point-to-Site VPN into an Azure Vnet. This allows you to communicate securely with resources in Azure without exposing them with a Public IP.
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network

Azure Bastion for Hybrid Cloud Environment

Is there any way to use Azure Bastion to connect to on-prem systems as well as Azure virtual machines?
I have a hybrid cloud environment where some key machines are on-prem and some are Azure VMs. The Azure VNet is extended with a VPN tunnel so the azure VMs can talk to the on-prem machines.
In Googling my question, I was not able to find much...
The official page for Azure Bastion describes it as '''Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet)'''
This page talks about hybrid envrionments https://blog.ahasayen.com/introducing-azure-bastion/ , saying:
'''You might also have some sort of hybrid connectivity with your on-premises network and when you are outside the office, you use point to site VPN to securely access your VNET, which is the ideal situation.'"
I am aware of Azure Arc which is currently in preview. Would something like that be appropriate to make this work?
My overall questions are:
Am I totally barking up the wrong tree here? Is my understanding off?
Is it possible to use Azure Bastion to access an on-prem server on an extended VNet?
Thanks in advance!
As far as I know, currently, it's not possible to use Azure Bastion to access an on-prem server on an extended VNet. You only could use Azure Bastion to access all the VMs in the VNet which has AzureBastionSubnet. Refer to this blog
Azure Bastion resides on the same virtual network (VNet) as the
servers accessed and only connects to one VNet.
Actually, you can have a private and securely RDP/SSH connection between your on-premise server and Azure VM via a VPN gateway, you just can not RDP/SSH on-premise server via Azure portal. If you need this feature with Azure Bastion, it's welcome to give feedback or upvote these similar feedback1 and feedback2.
Hope this could help you.
This is now possible via the new capabilities introduced in Azure Bastion Standard Tier.
https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address

Azure Site to Site VPN Connectivity

We are going to work on Azure BizTalk Service + Service Bus Integration for one of our customer. I am exploring those two concepts. but in the mean time, I have also noticed, there is concept of "Site-To-Site" VPN connection" to establish Cloud to On-primes Network.
Can you please let me know in which scenario we need to choose Site-to-Site VPN connection?
Thanks,
Vinoth
You would establish a site-to-site VPN when you want to connect your Azure subscription to your on-premises data center. It could be that your BizTalk or even Service Bus infrastructure is hosted on-premises and you need to connect to it to provide functionality to your cloud service.
We would also use a S2S VPN connection when hosting virtual machines in Azure and want to connect them to networks on-premises. This would let users access these services over our own private network.

Extend On-premise AD to Azure

I want to be able to provision Azure VMs and attach them to on-premise AD. I have read the Azure documentation and there is a requirement for a site-to-site VPN connection.In my case, having a VPN device is not feasible. Would it be possible to do the same with a point-to-site VPN connection? I haven't seen any guidance on the Azure website regarding the same.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-install-replica-active-directory-domain-controller/
While I haven't considered using Point-to-site where my point would be my whole on-premises network, I can assure you that you do not need a special VPN device to make Site-to-Site VPN with Azure.
Check this dedicated article on how to create Azure Site-to-Site VPN with Windows Server Routing and Remote Access.

Connecting to an Azure Virtual Network from PC

We have a Virtual Network of VMs, storage accounts and websites hosted and working together in the Azure cloud.
Is it possible to connect my work/home PC to this Virtual Network using some VPN software?
Generally speaking two options exist, you can read about these here -
Windows Azure Connect let's you configure machine-to-machine VPN and is agent based
Configuring a private network let's you create a site-to-site VPN, but it typically requires a VPN appliance. I've seen posts on the internet about people managing to configure their router as the VPN gateway but, at least at this point, this is not easy nor supported.
Also worth reading is this overview of Windows Azure Networking features that covers both (and Traffic Manager) by David Chappel
have a look at using Azure Virtual Networks in conjunction with Azure Virtual Machines: http://www.windowsazure.com/en-us/manage/services/networking/add-a-vm-to-a-virtual-network/

Resources