Microsoft Azure AZ-800 — Section 16: Implementing on-premises and hybrid network connectivity Part 2

122. Implement and manage Azure Network Adapter

So one of the really neat features that Microsoft has introduced that allows us to kind of integrate on-premise, and Azure is a feature called Azure Network Adapter. The, you know, there’s multiple ways we can connect our on-premise network to the cloud. Number one, we can get a on-premise, a VPN gateway. We can purchase a VPN router or VPN concentrator that can connect into Azure VPN, Gateway feature or number two we can get. We can use the Direct Route feature with Azure, where we can we can basically pay to have a in connection connected on-premise directly into Azure using a telecommunications provider.

So, of course, that’s the more expensive route. But alternatively, one of the neat things we can do if we have installed the Windows Administration Center whack on our server is we can actually connect our server on-premise to Azure directly using a virtual VPN gateway that’s actually hosted by Azure.

So again, couple of pieces of criteria here. You need to make sure you set up some virtual machines and a virtual subnet, whatever out there in the cloud. And then number two, you have set up whack Windows Administration Center, so you need to make sure you’ve done that ahead of time and have demonstrated how to do that.

So now I’m going to do a little configuring and make sure that we’ve got everything we need in order to set this up. I’m going to go over here to my menu button and I’m going to go to resource groups and I’m just going to create a new resource group real quick that we will use for the configuration of this.

So, we’ll click Create and we’ll create a resource group. I’m going to just call it Azure. Network adapter demo.

OK. Click to review and create create. Very easy to create a new resource group there.

Now what I’m going to do is we will go into that research group and we are going to create a vignette.

So, we’re going to click to create Kagan and do a search for virtual network. All right. There it is. Right there. And So, we’re going to create a virtual network. And of course, part of the reason we needed the need to do this, I have demonstrated creating virtual networks in the past, but I need to make sure that I can have multiple subnets because when we do something called a VPN gateway, we have to make sure it’s on its own subnet.

So here we are. We can create a subnet and I’ll call it the I’m sorry a vignette. I’m going to call this the Azure Net Adapter -vignette, and that will be the name of it. This little vignette.

So that’s fine. We’re going to click next to specify the IP addresses.

OK, it’s going to choose a default subnet range here. And so, I’m going to go ahead and I’m going to just call that the VM subnet. All right. And we’re going to set this to 10 Dot. Let’s set it to 10 Dot.

OK. Two zero zero slash 16.

So try 24, because the whole range of 16, which is going to be about 65000 addresses, So, we’re going to do 10.0 ten point two zero zero slash 24 is going to be our all range and that’s going to be 254 addresses. That’s fine for our first subnet. We’re going to click Save. All right. We’ve got our first little subnet created. We’re going to click review and create. And create again.

OK, So, we’re letting that go ahead and deploy. And then after that, we’ll be able to create a gateway, so, I’m going to go to go to resource. And we’ve got our Azure net adapter, -V Net created, if we click on subnets, you can see that we have a grand total of one subnet so far. We’re going to click to create a gateway subnet now. All right.

So, we’re go right here and click Gateway Subnet.

OK, they gave me some adults be 10.2.1 Dot zero slash 24, that’s going to be 284 addresses, even though you don’t really need that many addresses for a gateway subnet. We have plenty of addresses, So, we’re not really stressed out about that.

So then I’m going to go and click save on that. And it’s now created the Gateway subnet. The next step is I’m just going to create a really quick virtual machine in order to just throw it on the subnet and go from there. All right.

So let’s do that.

OK, so, I’m going to go up here to the menu button and go to research groups. I’m going to click on the Azure Network Adapter demo and we’re going to click to create. All right, and we’ll just. I’m just going to pick this one here. Create a server 2019 data center server. That’s fine.

OK. Resource Group. Give it a VM name.

So, we’ll just call it. As you’re doctor.

OK. And then from their region, we’re going to say it’s east us, OK? And we’ll go from there, so, we’ll see availability options.

OK, I’m not going to change all those, I’ve talked about all this stuff in the past, so from here, we’ll just going to call it Azure Ad Man and set the password.

OK. What we want the pastor to be.

OK. Port 389 is open, I’m just going with the default, remember when you create VMS, if you’re just playing around, just make sure you don’t leave them running all the time. Of course they will take up. They’ll cost you.

OK, so that’s fine. From there, I am going to click next. Don’t need to change anything for the disc. Actually, you know what? I will go with the state of standard HDD networking case, so this part’s important.

OK, so from there, I want to specify the virtual network. This going to be on is the Azure Network Adapter virtual vignette. That’s fine. And then the subnet that we want to make sure this on is the VM subnet.

OK, that’s all great. It’s going to give it a public address. That’s fine. We’re going to click, review and create. And we’re going to tell the VM to go ahead and get created, and I’ll pull the video while the VM is getting created.

OK, so after that’s done, I can now go to the resource and you can see that it’s started.

OK? You can see the public address that I’ve got. You can also see the private address, which is Tin 2.0, about four here. All right. And so the next step is going to be for me to open up my wax server.

So, I’m just going to open up another Tab and I’m going to go to my wax server, which is https slash slash NYC -SVR one going to hit Enter and that’s going to start loading up now. It’s just going to let that connect. All right. And then as you can see, my two servers here, if I wanted to set this up on an AC DC one or server one, I can I need to make sure I put in my credentials here, so, I’m going to go ahead and do that. All right. These are my on-premise credentials, of course, to connect and make the connection.

So, I’ve now officially got whack loaded up. And at that point, I would be ready to start configuring my Azure network adapter. The next thing I’m going to do is I’m going to click on right here where it says Azure Hybrid Center, and I’m just going to sign in here.

So she was going to click to sign in and give consent on behalf of organization, except that. All right. With that run. It’s going to load our Azure service information.

OK, so, I’ll go ahead and Paul’s video while that’s happening.

OK, so once that’s done, you’ll notice it gives you a few options here on things you can now do. But of course, I’m talking about as your network adapter.

OK, so that’s what we want to set up. But there is a couple of other pieces of criteria. We need to make sure everything is connected and ready.

So, I want to show you something else we need to do. The next thing I’m going to do is scroll down over here on the left and I’m going to click networks. All right. And once I do that, I’ve got an option here that says Azure ad Azure network adapters, I’m going to go in and click on that and it’s going to tell me that it’s not richer now. You could have registered. If you’ve been playing around, you could have already registered with Azure. You may not have to go do this step. If if you’ve already registered with Azure AD. I have not. I do have a hybrid. My hybrid environment is set up. I just have it connected my windows admin center to Azure 80, so, I need to do that real quick. I’m going to click Register.

OK, says all right, you’ve if you’ve already got an account, then great, you’re going to do Azure Global. Copy this code and then it says, enter the code something and click there. You know, to come to a screen where it’s going to let me enter the code, so, I’m just going to paste that code in here and click next. And go ahead and let it authenticate, so, you know. Go ahead and continue and continue. All right. And so as you have been signed into the Windows admin center, so as you can close the window now. All right, so, I’m going to close the window. All right.

So, when you get back to the previous screen, there’s a little scroll down bar and you just got to click Connect. And I apologize, had a little glitch in my video and I didn’t get to show that, but it’s literally just like one button and click Connect. And so at that point, everything should be connected and we are now able to go and start adding our Azure network adapter.

OK, so the first thing I need to do, make sure I got the right subscription and then change the location, so, I’m going to go ahead and set the location to east us. It’s going to take my virtual networks, so, I’m going to be going with the Azure Net Adapter -vignette and then it’s going to detect my gateway subnet. I’ve already created a gateway subnet. And if you wanted to view your subnet, you can select that little link and that’ll bring you back over. And of course, you can take a look at the subnet that you’ve already created.

So, I’ve already got the I created two subnets one for the virtual machine or virtual machines. If you’re doing multiple virtual machines on the other subnet I created was the Gateway Subnet.

OK, so, we’ve got all of that already configured.

OK, we can click on subnet and we should be able to see. The two subnets there, so, we should be good to go there.

So coming back here, at that point, we would choose the gateway skew.

So the Gateway Skew is going to involve. Basically, the virtual private network gateway and there are various virtual private network gateways.

Now, you know, alternatively, obviously we’re not we didn’t connect a VPN router in our on private network to the cloud.

So, we’re doing we’re doing what is known as a point to site VPN.

OK, that means we’re connecting our we’re going to be connecting our server into the VPN and it’s going to provide a VPN gateway to do that. And in order to do that, it’s it has to create this component in Azure that’s going to make that connection. Let Me Connect is basically a virtual appliance. You can look at the SKUs that are available by clicking the little link there. And then I would also suggest going to the Azure calculator and you can look at look up with the pricing. And all of that stuff is so the VPN gateway one generation one is actually, you know, dirt cheap. There isn’t really, you know, too much too expensive to have one connection go in or even just a few. But you can look up the cost for that.

So the next thing is going to be the client address space.

So the client address base is going to be the address space that you’re on-premise machine is going to get when it gets assigned an address to connect into the VPN, or if you’ve got multiple machines that are going to be making connection with with the network out there with Azure, then it’s important that you would have multiple addresses that are available.

So the main thing here, you can really enter whatever address space here you want, as long as it’s a private address space and it doesn’t conflict with any of your existing networks, both your on-premise network as well as Azure. It needs to be a unique subnet that does not conflict.

OK.

So, if I wanted, I could. I could put in something like 10 dot 55.0 Dot zero slash 24 as my address space. And really, it’s really just a temporary address space that’s going to be used to again to give out addresses to the devices that are connecting it. At that point, we have auto generate self-signed route and client certificate. This going to be used for security, for encryption and then that point. You also have the ability to use your own certificate for encryption if you’ve got a certificate authority that’s been set up. From there, I can go ahead now and click Create, and it’s going to start processing through. I’m going to in Paul’s video while it processes through.

OK, so while that’s processing through, it does take about 10 minutes and I’ve actually had it take a lot longer than that.

So just be aware that even though it’s supposed to only take about 10 minutes, it could take longer. But the other thing that needs to happen is we’re going to connect into our virtual machine and make sure that our firewall isn’t going to block. When we try to actually ping, I’m going to do a ping to verify that the connectivity is working.

So, we’re going to go to the menu option here on Portal Dot Astrakhan. We’re going to go to virtual machine or sorry, yeah, virtual machines. And then we’ll go to our Azure Adaptor VM and then we are going to connect.

So, we’ll just click to connect RTP.

OK, going to go ahead and connect into that now. Put in my credentials. All right. Connecting into the VM now.

OK, I’m going to go to control panel. And I’m just going to open up the Windows Defender firewall and you can go in and like edit rules and stuff for pinging, but for time I’m going to just turn the firewall so that pinging will be allowed because Windows servers by default, you won’t be able to ping them. The next thing is we’re just going to check and see what the IP addresses to verify that, and the IP address is 10 to zero four.

So ultimately, what we’re going to try to do now is we’re going to use our on-premise server to try to ping 10 to zero four. And if we can ping it, then we are successful. All right.

So now we’re going to jump back over and try opinion. All right.

So, if you take a look here, you can see. It’s connected, I’ve opened up PowerShell. And it’ll auto connect, by the way, you there’s a disconnect, but you can click as well, but know what I’m going to do is I’m going to try to ping 10 to zero four and if we get connectivity, we should be good to go and we do.

OK.

So from there, you can see that it it did successfully work for one to disconnect. We can disconnect.

OK, the VPN is disconnected, so, I’m just going to hit the up arrow and see if pinging works and pinging. As you can see, pinging no longer works, so that is there you go. We’ve got the connection working. We could reconnect if we wanted, and that is Azure network adapter.

Related posts:

  1. Choosing Your Path Wisely with Top Python Certifications
  2. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 19
  3. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 40
  4. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 51
  5. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 8
  6. Microsoft Azure AZ-800 — Section 14: Implement on-premises and hybrid name resolution
  7. Microsoft Azure AZ-800 — Section 4: Configure and manage multi-site, multi-domain, and multi-forest environments Part 2
  8. Microsoft Azure AZ-800 — Section 7: Implement and manage hybrid identities Part 2
  9. SSCP vs. CISSP: Which Certification Is Better?
  10. Top Highest Paying IT Certifications for 2020