Microsoft’s latest cloud solution, Windows Azure, is a marvelous new service for any organization or company that utilizes co-location facilities or datacenters. With Windows Azure, you can create an entire virtual network infrastructure in the cloud. But the bonus is the ability to interconnect that virtual network infrastructure with your existing on-premise network, making co-location facilities and datacenters a thing of the past. There are many benefits to using Windows Azure instead of a data center solution. A few benefits are:
- Better Scalability and flexibility
- Decreased cost and pricing
- Less labor
And the list goes on and on. The sky is the limit when working in the cloud!
Below is a high level walk through of how to expand your network using Windows Azure. The steps we will be looking at are:
- Create virtual network within Windows Azure
- Create virtual network Gateway
- Connect Azure virtual network to on-premise network via VPN
- Windows Azure subscription (of course)
- On-premise Juniper branded firewall or Cisco router
Create a Virtual Network Within Windows Azure
- Log into the Windows Azure Management Portal.
- In the lower left-hand corner of the screen, click New.
- In the navigation pane, click NETWORKS > VIRTUAL NETWORK > CUSTOM CREATE.
- On the Virtual Network Details screen, enter the following information, and click the Next arrow:
- NAME: Name of your virtual network (i.e Cloudsite)
- AFFINITY GROUP: From the drop-down list, select Create a new affinity group, and type your desired Affinity Group name.
Affinity groups simply allow you to physically group all of your Azure services and resources at the same Microsoft data center to increase performance.
- REGION: From the drop-down list, select the desired region.
- On the Address Space and Subnets screen, enter the following:
- Your desired address space and address count/CIDR for your Azure virtual machines. This address space will be used to by Azure’s DHCP service to assign IP addresses to your Azure virtual machines.
- Your desired address space and address count/CIDR for your Virtual Network Gateway. This address space will be used when creating the Virtual Network Gateway, as you will see in the next steps.
- On the DNS Servers and Local Network screen, enter the following information, and then click the forward arrow:
- DNS SERVERS: From the drop-down list, select Specify a new DNS server. Type the hostname and IP address of your on premise DNS server.
- Check the box labeled Configure connection to local network.
- GATEWAY SUBNET: Type in the gateway subnet that you specified in the previous step.
- LOCAL NETWORK: Select the default Create a new local network.
- On the Create New Local Network screen, enter the following information. Once completed, click the check mark in the lower right-hand corner:
- NAME: Desired identifying name of on-premise network (i.e CompanyHQ).
- VPN DEVICE IP ADDRESS: Enter the public IP address of your on-premise firewall, router, or VPN appliance. (NOTE: As mentioned in the requirements sections, Azure only supports the use of Cisco and Juniper branded devices.)
- ADDRESS SPACE: Address space and CIDR of on-premise network
The virtual network process takes a few minutes to complete. Once it is complete, the next step is to create the virtual network gateway.
Create Virtual Network Gateway
This step is a must when interconnecting Azure virtual networks to your on-premise network. The Azure virtual network gateway is the remote endpoint that your on-premise network will be connecting to. Below are the steps to create this gateway.
- Within the Windows Azure management portal, click NETWORKS in the left navigational pane, and select the newly created virtual network to open the dashboard.
- On the Dashboard page, on the bottom navigational pane, click Create Gateway. When prompted to confirm, click YES. This process can take up to 15 minutes to complete.
- After the gateway is created, document the following information:
- GATEWAY IP ADDRESS: This will be needed when configuring your on-premise firewall or router to connect to Windows Azure.
- SHARED KEY: To get this, click VIEW KEY in the bottom navigation pane.
At this point, your Azure virtual network is configured, and your Azure gateway is created. But notice the graphic showing a disjointed link between your Azure virtual network and your on-premise environment. To connect this link, we will need to configure your on-premise router or firewall to connect to your Windows Azure environment.
Connect Azure Virtual Network to On-Premise Network Via VPN
The connection between Windows Azure and your on-premise environment is accomplished via an IPSEC VPN connection. At this point, the Windows Azure gateway is already configured and just waiting for your on-premise router or gateway to connect to it.
Microsoft makes the process of configuring your on-premise router/firewall EXTREMELY EASY by supplying you with a template script based on your router/firewall make and model. The steps to do this are listed below:
- Within the dashboard of your Azure Virtual Network, click DOWNLOAD in the bottom navigation pane.
- In the Download a VPN Device Config Script, select the Vendor, Platform, and Operating System of your on-premise router/firewall. Click the check, and save this config file to your computer.
This config file contains all of the commands necessary to configure an IPSEC VPN tunnel between your on-premise environment and Azure, and can be directly imported into your on premise router/firewall. It’s just that simple!
Once your router/firewall has been configured, you will notice that Azure Virtual Network graphic now shows a connect link between Azure and your on-premise environment. You can now begin to build a server infrastructure within Azure that has full connectivity to your on-premise environment. This allows you to do really cool things, like create replica domain controllers and replicate DFS shares to Azure. Remember, the sky is the limit when working in the cloud!