Access (Point to site) Azure VPN from non windows OS - azure

Currently I am designing a solution for connecting Smart devices that are hosted behind a Router using NAT. The Central service etc are hosted on Azure. One idea is to join all devices and the Azure components in a VPN using the Point to Site solution. The smart devices do not have a Windows based operating system. In the portal the configuration for the Windows standard VPN client is available. I now would like to find out if it is posible to Connect to the Azure VPN using other clients and so how to configurate these(Setting the GateWay, attachint the client cetificate etc.)

If your client architecture permit it, you may put in place on the client side a Windows (or Linux) machine having a gateway role. You will either:
connect this machine to Azure via Point-to-Site SSTP VPN and expose a service acting as proxy from the cloud service to the local devices
use Azure IoT Gateway SDK for all this: https://azure.microsoft.com/fr-fr/blog/introducing-the-azure-iot-gateway-sdk-beta/
In any case this architecture is more robust. But works only if it possible from your client architecture point of view.

Related

Enabling Azure PaSs web app to communicate with Back office

We are migrating our website on Azure platform in PaSS model. our website needs to communicate to our back office system using web services.
Currently the Back Office system is in a providers data center. and we have a firewall which enables web service communication for specific IP's
Now website going to be hosted on Azure with PaSS model, can some one please advice which IP address we need to add in whitelist of our Back office firewall.
Please note we want to set up our web app to be out-scaled to multiple instances.
will each instance will be able to communicate with out Back office ?
Regards
Umesh Deshmukh
can some one please advice which IP address we need to add in
whitelist of our Back office firewall. Please note we want to set up
our web app to be out-scaled to multiple instances. will each instance
will be able to communicate with out Back office ?
For a long-term, Hybrid Connection is much better. If you still want to know whitelist the outbound IP of web app service, you could find these possible outbound IP addresses in additional outbound IP addresses setting of the web app properties. You can't know beforehand which IP address a given app instance will use to make the outbound connection, so your back-end service must open its firewall to all the outbound IP addresses of your app. You could get more details about Inbound and outbound IP addresses in Azure App Service.
You could use Azure Service Bus Relay to connect your web app to your on-premises database that's behind the firewall. Azure service bus relay uses internet port 80 so there should be no firewall issues. Hope it helps.
Within an App Service is a feature called a Hybrid Connection, which can be found under the Networking section of the App Service you want to connect to your back office.
You will create a new Hybrid Connection via the Portal.
Complete the form with the information that pertains to the back office system you want to connect to. You should always use a Fully Qualified Domain Name for all your back office systems. If you are connecting to multiple back office systems, you will need one Hybrid Connection for each one.
A Hybrid Connection relies on a Service Bus Relay to communicate with your on-premises resources.
You will install the Hybrid Connection Manager in your on-premises systems and connect it to the Service Bus Relay you created in the portal.
Once the Hybrid Connection you create in the Portal has been connected to a Hybrid Connection Manager (called a Listener), the connection will show as Connected in the Portal.
Once connected, an application running in an App Service will be able to communicate with your on-premises resources as if they were sitting right next to each other. There is going to be some inherent latency involved with using a Hybrid Connection and this should be planned for. The latency we have seen using Hybrid Connections have been minimal and are usually barely noticeable. I have even heard that people are streaming media from on-premises systems using Hybrid Connections.
More information about Hybrid Connections can be found here.

Azure VPN Configuration - Connect to existing VPN

I'm trying to connect my Azure Web App to an Existing VPN.
To connect to this VPN I must give to the admin some configurations, but I'm not sure of HOW can I provide them from Windows Azure.
As far as I have understand is all about creating the Virtual Network and the "connect it".
Like:
Create Virtual Network
Create Public Gateway
Create Local Gateway
Connect something somehow
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
In my specific case, for the configuration, are required a lot of parameter that I don't know how / where to find:
VPN Endpoint IP
IKE (Encryption type, Authentication Method, Diffie-Hellman Group, Sec Lifetime, Preshared secret)
IPSEC (Perfect Forward Secrecy)
Network profile
In the docs there is a link to Check Point NGX and Microtik so I check out this tutorial:
https://blogs.technet.microsoft.com/netgeeks/2017/07/11/creating-a-site-to-site-vpn-ipsec-ikev2-with-azure-and-mikrotik-routeros/
But how can I get this parameter to perform the connection? Do I need to install extra software on my WebApp? How can I include my web app in the VPN?
And, is there any simplify way for Web App that does not include creating the whole infrastructure?
Thanks in advance
As EvilSnobu said, you can use Hybrid connections to connect your Azure APP service and your on-premises.
Hybrid Connections can be used to access application resources in other networks.
My understanding is that you have Azure Web App and you need to
connect to an on-premises network via VPN?
You are right, the Hybrid connection feature requires a relay agent in the network that hosts your Hybrid Connection endpoint.
You should download and install Hybrid connection manager (HCM) on your local machine and use it to connect to that app service.

Expose corporate webservices to azure web role

We have a corporate web services with back end SAP, CRM etc. We would like to expose this web service (java web service) so that azure web role can connect to corporate intranet web services.
Could someone please suggest which of below technologies will fit and why:
1. Windows Service Bus
2. Windows Azure Connect
or 3. VPN (Virtual Network).
Service bus will require some effort to get working, but is a good solution if your corporate network overlords are very picky about exposing endpoints. Windows Azure Connect creates a VPN-like tunnel, but requires that specific software be installed, configured and maintained. I have an app that successfully uses virtual networking and utilises existing VPN gateways and skills - very understandable to the security and networking people.

Azure to on premises web services

Can anybody tell me how to connect a web app running on azure to existing web services (.ASMX) on premises?
We do not have the source for the services they are exposed by third party applications and we do not want to open them up to public access.
Sounds like Azure's Service Bus Relay Service might be what you're looking for...
There might be three options based on your scenario. But I personally prefer the third one.
If you used azure cloud service (web role, worker role), you can use Windows Azure Connect. It builds an IP-sec communication between the azure machine and your local machine. Then you can connect to your local service through the its IPv6 address.
If you used azure virtual machine to host your azure project you can use Virtual Network. It's more powerful than the Windows Azure Connect.
You can use Windows Azure Service Bus Relay. It can open your local service to the cloud regardless how your azure project is hosted. But since it's only support WCF of Service Relay, and since you cannot change codes and config of your service, you might need some more works. Maybe you can create a small WCF on your local machine as a proxy, register it to Service Bus Relay, and pass all request/response to your local service.

VPN connection from enterprise to windows azure

My application is hosted in Windows Azure.
I have partnered with enterprise to offer service to their customers.
However , they require VPN connection between us (in the cloud) and their enterprise application.
What is the best way to do this?
Installing software on their machine is not an option.
Windows Azure now has a Virtual Network, announced as part of the Spring 2012 release. It lets you connect your on-premises network to Windows Azure via IPSEC, and takes advantage of your on-prem hardware VPN device.
Summary information here, and tutorials here.
As Azure roles accepts only http/https ant tcp connections "classic" IPSec or PPTP is not an option.
Az Azure roles are Windows Server 2008/R2 you can configure SSTP connection to Azure with startup script or cutom VM Role.
Azure roles has random internal IPs so you'll have to deal with IP resolving too.
Windows Azure Connect allows you to setup an IPSec tunnel between your Azure application and a local network. See:
https://azure.microsoft.com/en-us/services/virtual-machines/
and
http://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/

Resources