Windows Server

How to Configure Site-to-Site VPN Connection on Azure

This post will show you how to create a Site-to-Site VPN gateway using Azure. And I will not just stop at creating it, I will also show a test sample of the connection working. Yes, that’s how I roll, you have to see what you’re configuring working in real-time. Things to consider before creating a site-to-site VPN: If you’re unfamiliar with the IP address ranges located in your on-premises network configuration, you need to coordinate with someone who can provide those details for you. When you create this configuration, you must specify the IP address range prefixes that Azure will route to your on-premises location. None of the subnets of your on-premises network can overlap with the virtual network subnets that you want to connect to. What is Site-to-Site VPN Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. What is a VPN Gateway A VPN gateway is a type of virtual network gateway that sends encrypted traffic between your virtual network and your on-premises location across a public connection. You can also use a VPN gateway to send traffic between virtual networks across the Azure backbone. What is a Local Network Gateway A local network gateway is a specific object that represents your on-premises location (the site) for routing purposes. A local network gateway is used to establish a secure, encrypted connection between your on-premises network and your Azure virtual network. This enables you to extend your on-premises network to the cloud and access resources in Azure as if they were located on your local network. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you’ll create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. What we will need to Configure the Site-to-Site VPN. Virtual Network VPN Gateway Local Gateway Connecting Routing and Remote Access If you have read my previous post about Point-to-Site VPN you should be familiar with some of them.   Creating a Virtual Network Firstly, we need to create a Virtual Network Step 1: Sign in to the Azure Portal. Step 2: Search for virtual network in Azure portal. Step 3: In the search results, select virtual network right under Marketplace. Step 4: On the Virtual network page, click on Create. Step 5: Under the Basics tab, choose the Subscription you want to use for this project. Step 6: Resource group can be selected from existing resource group, or a new resource group can be created by clicking on Create new. Step 7: Enter a preferred name for the virtual network. Step 8: Choose a preferred location for the Virtual Network, by clicking on the drop-down and selecting the region you prefer, and then click on next at the bottom. Note: The location determines where the resources that you deploy to this VNet will live. For this tutorial, we will leave the Security tab with the default settings and then click on next again. We will be using the 172.16.0.0/16 for our address space and for the subnet we will create two subnets: abcofcloudsubnet with a subnet address space of 172.16.0.0/24. Step 9: On the IP addresses tab click on the Add an IP address space and select the Address space type radio button for IPv4. Starting address type 172.16.0.0, Address space size use the drop-down to select /16 (65536 addresses) and click the Add button. Step 10: After this has been added you can now delete the default address space. Step 11: This is the time we add our subnet, click on the plus(+) button beside Add a subnet, and on the pop-out button by the right under the Subnet details enter a preferred name, for this tutorial I will be using abcofcloudsubnet, the Starting address as 172.16.0.0 and Subnet size as /24 (256 addresses) then click on the Add button. Step 12: Click on the Review + Create button to have an overview of your settings and then click Create. Let’s Create the VPN Gateway Step 1: Search for Virtual network gateway in Azure portal. Step 2: In the Search result, under Marketplace select Virtual network gateway. Step 3: Choose the subscription you want from the drop-down. Step 4: The Resource Group will be auto-filled when we select the virtual network. Step 5: Enter any preferred name for your gateway. Step 6: We will be using VPN as the Gateway type in this tutorial. Step 7: Route-based is the VPN type we will be using for this tutorial, this can be selected based on your requirement or business need. Step 8: SKU will be VpnGw2AZ for this tutorial, I will be adding some links where you can learn more about the SKU, resizing, and zone redundant. Step 9: Generation2 will be the choice for this tutorial. Step 10: Our Virtual network will be the one we created previously. Step 11. You can either create a subnet in your virtual subnet with the name Gatewaysubnet or you get the Gateway subnet address range automatically. Step 12: We will change the default Gateway subnet address range to 172.16.1.0/27 or larger which is (/26,/25,/24, etc.)  Anything lesser will throw an error if you’re trying to deploy a zone-redundant/zonal gateway and also this allows enough IP addresses for future changes. Step 13: Public IP address is set to Create new; you can choose to use existing if you already have one created. These settings specify the public IP address object that gets associated with the VPN gateway. The public IP address is assigned to this object when the VPN gateway is created. The only time the primary Public

How to Configure Site-to-Site VPN Connection on Azure Read More »

How to Configure Azure File Sync

Over the years there have different ways files are shared and how access is given to people. One of the popular ways of sharing files has been mapping drives from servers to domain-joined computers in the organization. I will be showing how files can be shared using Azure File Sync making the files to be highly available across the organization. The files are automatically replicated on the server to a central Azure storage location, allowing cloud tiering which allows files that are not often used to be moved from on-premises to Azure Storage while the frequently accessed files are cached on the local server and the amount of local disk space used for caching can be controlled. Administrators continue to support local data access and permissions.   What is Azure File Sync? Azure File Sync enables centralizing your organization’s file shares in Azure Files while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world. Now that we know what Azure File Sync is let’s go straight to setting one up. I have a computer that is domain joined to the server and another that is not and I will create a file share drive that will be mapped to the computer that is not domain joined while on the other hand, I will map a network drive from my local server to the domain joined computer. At the end of this, you will see how the file will be available to all devices and how files from the local server will be synced to the cloud. Creating a Storage Account Step 1: Sign into the Azure portal Step 2: Under Azure services, select Storage account or search for Storage and select the Storage accounts.   Step 3:  On the Storage Accounts page, click on create. Step 3: On the Basics blade, select the Subscription, the desired Resource group, or create a new Resource group. Step 4: Enter the name of your storage account, for this tutorial we will be using abcofcloudstorage. The name must be unique across Azure. The name must also be between 3 and 24 characters long and may include only numbers and lowercase letters. Step 5: Select the region for the storage account. Step 6: Select the performance tier for the storage account. Step 7: Choose how you want the Storage account to be replicated. Step 8: Additional options are available on the Advanced which you can select based on your requirement. Step 9: Select Review + Create to have a review of all the options you selected then Click on Create. Creating a File Share Now that we are done with creating the Storage account, we will go ahead to view the storage account and create a file share. Step 1: Click on the storage account (abcofcloudstorage) that was created. Step 2: From the left menu, Under Data storage select File shares then click on the plus (+) button beside File share. Step 3: On the right pop-out, Name the New file share, for this tutorial we will be using abcofcloud-hrdept leave the tier set to Transaction optimized and then select Create. Step 4: Now double-click on the new File share you created. Step 5: Now click on Upload then on the pop up click on the folder icon. You can browse through your local disk and select any file you want to upload and Click the upload button.   What we will be doing now is connecting this New File share to a computer that is not domain-joined to our local server just to show how every file will sync together at the end. Connecting Azure File Share from Windows Step 1: Click on the Connect button on the pop-out by the right, select Windows, and Under the Drive, letter select the letter you want to use for the drive from the drop-down. Step 2: Choose the Storage account key and copy the script that will be displayed to you. Step 3: Log in to the computer, Open PowerShell and paste the script, then hit the enter key.     Now that we have successfully created and connected the file share to our computer we can then move to the next part. We will be creating the Azure File Sync Step 1: Search for the Azure File Sync in Azure portal. Step 2: In the search results, select Azure File Sync. Step 3: Select create to open the Deploy Azure File Sync tab. Step 4: Select the Subscription. Step 5: Select the desired Resource Group. Step 6: Give the Storage sync service name a unique name, we will be using abcofcloudsyncfile. Step 7: The Networking and tags can be selected based on your requirements and after that click on Review and create.   Creating the Sync Group A sync group defines the sync topology for a set of files. A sync group must contain one cloud endpoint, which represents an Azure file share. A sync group also must contain one or more server endpoints. A server endpoint represents a path on a registered server. To create a sync group: Step 1: Go to the Resource Group and select the Storage Sync Service we just created. Step 2: On the left menu under Sync, select the Sync groups and then click on the plus(+) button to add a Sync group. Step 3: Name the Sync group with a name that is unique within the Storage Sync Service, but can be any name that is logical for you. Step 4: Select the subscription where the Storage Sync Service is deployed. Step 5: Select the storage account of the Azure

How to Configure Azure File Sync Read More »

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Decline
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Suggested text: Our website address is: https://abcofcloud.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.
Save settings
Verified by MonsterInsights