Connecting Windows Azure to On-Premise Active Directory - azure

I am trying to connect my Windows Azure Virtual machines to my On Premise network. I have established a site to site VPN tunnel, and have created the appropriate subnets and placed a virtual machine in one of the subnets that isn't the gateway subnet.
My on premise test network is 192.168.9.x/24 my Azure Network is 10.4.x.x/16 with a subnet for DMZ - 10.4.2.x/24 and ServerNetwork at 10.4.3.x/24.
I have confirmed that the tunnel is up and running both on the Windows Azure side, as well as on my Cisco ASA 5505.
I want my servers to be able to communicate across the tunnel, however currently they cannot see each other. I am missing something, I tried static routes between the two servers, and have not had any success. Has anyone gotten this to work? If so what did you do on the networking side of the config to make it work?
Thanks,
Steve

Windows Azure Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
You can specify the address space that will be used for both your virtual network and the virtual network gateway.
Additionally, new name resolution features allow you to connect directly to role instances and virtual machines by hostname.
These features allow you to use Windows Azure as you would a branch office, or as a protected private virtual network in the cloud.
You can read more about it here:
http://msdn.microsoft.com/en-us/library/windowsazure/jj156007.aspx
Here is a lab exercise to walk you through the process:
http://www.windowsazure.com/en-us/manage/services/networking/create-a-virtual-network/

Related

Azure Web app connect to VM service on private network

I've created windows server virtual machine with active directory controller and my web app is communicating with it on public ip successfully (by ldap), but when i try connect to ldap on private ip (virtual network) it does not respond
to my Web app i have set VNet Configuration
my virtual machine network tab:
But it does not work when i try to connect to ldap://10.0.1.4:389
What should i do?
I can't even test my connection between webapp (by tcpping) and vm neither on public and private ip
i couldn't add to my webapp vnet integration on 10.0.1.0/24 because there was written that this subnet is already in use (or sth like that)
what should i type when i do vnet integration?
VNet Integration with Azure web app is required a dedicated unused subnet for the network connection. The subnet should be a subnet where no other resources like Azure VM located.
Your configuration is correct. You could follow these troubleshooting steps to verify if the VNet integration is working well. You can test via port 3389 on Azure VM. In my case, there is not a DC deployed on Azure VM.
However, please note that
There are some things that VNet Integration doesn't support, like:
Mounting a drive.
Active Directory integration.
NetBIOS.
Thus, I suppose Idap does not work with VNet Integration.
heh...
i've created second virtual network, and integrated web app with it...
next i have connected my second virtual network to first and... everything works great, ping's are < 1 ms...
that's a bit embarassing that it did not work when both web app and virtual machine were in one virtual network and i don't know why

How do I add a website to a virtual network in Windows Azure?

Scenario:
I have a website on Windows Azure. That website needs to connect to a (new) Azure VM.
I have done the following:
Created new Virtual Network on Azure
Added the VM to the Virtual Network, and it does get an IP in the virtual network.
I have configured the appropiate Endpoint for the VM (Public/Private port).
Now, how do I "connect" the Azure website to the same virtual network, such that my .NET code in the website can create a TCP connection to the VM on it's IP on the Virtual Network ?
This is now possible. Be sure to use the NEW Azure Portal. For details, check out:
http://azure.microsoft.com/blog/2014/09/15/azure-websites-virtual-network-integration/
Currently you cannot connect/add Azure Web Site to a Virtual Network. You can only add VMs and Cloud Services to a Virtual Network. However this is a demanded feature and I believe we will see it in the future releases of the Web Sites service (my speculation).
The key here is to create the Virtual Network before the Virtual Machine and then place the VM in the VN during it's creation. The article here gives instructions moving a VM into a VN.
http://blogs.msdn.com/b/walterm/archive/2013/05/29/moving-a-virtual-machine-from-one-virtual-network-to-another.aspx

Connecting to an Azure Virtual Network from PC

We have a Virtual Network of VMs, storage accounts and websites hosted and working together in the Azure cloud.
Is it possible to connect my work/home PC to this Virtual Network using some VPN software?
Generally speaking two options exist, you can read about these here -
Windows Azure Connect let's you configure machine-to-machine VPN and is agent based
Configuring a private network let's you create a site-to-site VPN, but it typically requires a VPN appliance. I've seen posts on the internet about people managing to configure their router as the VPN gateway but, at least at this point, this is not easy nor supported.
Also worth reading is this overview of Windows Azure Networking features that covers both (and Traffic Manager) by David Chappel
have a look at using Azure Virtual Networks in conjunction with Azure Virtual Machines: http://www.windowsazure.com/en-us/manage/services/networking/add-a-vm-to-a-virtual-network/

Azure Reserved websites to virtual network

Is it possible to connect azure websites (type reserved mode) to a VM in an existing virtual network? I want to configure the connectionstring of the websites to the internal ip of the SQL Server VM and not over it's public ip due to security reasons.
I know that it works with a web/workerrole to connect directly to the internal ip, but it's no option to create all websites within a webrole....
No we don't support Virtual Network (yet) but you can consider using Service Bus Relay for some scenarios, look at http://www.bradygaster.com/windowsazurewebsites-onprem-servicebus

Azure VMs Virtual Network inter-communication

I'm new to Azure (strike 1) and totally suck at networking (strike 2).
Nevertheless, I've got two VMs up and running in the same virtual network; one will act as a web server and the other will act as a SQL database server.
While I can see that their internal IP addresses are both in the same network I'm unable to verify that the machines can communicate with each other and am sort of confused regarding the appropriate place to address this.
Microsoft's own documentation says
All virtual machines that you create in Windows Azure can
automatically communicate using a private network channel with other
virtual machines in the same cloud service or virtual network.
However, you need to add an endpoint to a machine for other resources
on the Internet or other virtual networks to communicate with it. You
can associate specific ports and a protocol to endpoints. Resources
can connect to an endpoint by using a protocol of TCP or UDP. The TCP
protocol includes HTTP and HTTPS communication.
So why can't the machines at least ping each other via internal IPs? Is it Windows Firewall getting in the way? I'm starting to wonder if I've chose the wrong approach for a simple web server/database server setup. Please forgive my ignorance. Any help would be greatly appreciated.
If both the machines are in the same Virtual Network, then just turn off Windows Firewall and they will be able to ping each other. Other way is to just allow all incoming ICMP traffic in Windows Firewall with Advanced Settings.
However there is a trick. Both the machines will see each other by IP Addresses, but there will be no name resolution in so defined Virtual Network. Meaning that you won't be able to ping by name, but only by direct IP address. So, if want your Website (on VM1) to connect to SQL Server (on VM2), you have to address it by full IP Address, not machine name.
The only way to make name resolution within a Virtual Network is to use a dedicated DNS server, which you maintain and configure on-premises.
This article describes in details name resolution scenarios in Windows Azure. Your particular case is this:
Name resolution between virtual machines and role instances located in
the same virtual network, but different cloud services
You could potentially achieve name resolution, if you put your VMs is same cloud service. Thus you will not even require dedicated virtual network.
If your VMs are inside a Virtual Network in Azure, then you have to make sure two things.
Required Port is enabled.
Firewall is disabled on the server.
I was trying to connect to one VM where SQL Server DB was installed, from another VM. I Had to enable 1433 port in the VM where SQL was installed. For this you need to add an MSSQL endpoint to the VM on the azure management portal. After that i disabled windows firewall. Then i was able to connect to the VM from another.

Resources