2016 Essentials Integration: Azure Virtual Network, part 1

Back to Blog
06Sep2016

2016 Essentials Integration: Azure Virtual Network, part 1

This is one of the new features I am most excited about in Windows Server 2016 Essentials Experience.  Today we are going to setup a connection to an Azure Virtual Network. With this technology, we have the ability to extend our on-premises server and domain infrastructure into the Microsoft Azure cloud, and run additional virtual machines there, without buying any new hardware.

Azure Virtual Networks are perfect for running backup virtual domain controllers, replicating file shares via DFS to the cloud, hosting Line of Business applications, publishing RemoteApps, and more! It can also be your first step toward using Azure as a secondary / DR site.

We will split this topic into two separate posts: first, in part 1 we will set up the virtual network from the Essentials Dashboard, and in part 2 we will deploy a virtual machine into that network, and connect it to our on-premises domain.

Let’s get right into it.

Step 1: Enable Remote Management

When you go to set up the Azure Virtual Network connection, you will need to make sure that you are allowing remote management features (or the wizard will fail). You can find this setting by opening Server Manager and navigating to Local Server from the left menu. In the right pane, find Remote management.

Ess-Azure-vnet-0

If it is set to Disabled, click on it to enable the features.

Ess-Azure-vnet-0a

Step 2: Enable Azure Virtual Network integration

As has been the case with other Dashboard-available, wizard-driven cloud integration features, we return to the Essentials Dashboard, go to Services, find Azure Virtual Network, and click Integrate with Azure Virtual Network.

Ess-Azure-vnet-1

Now you will be prompted to sign into your Azure subscription. If you do not yet have one, they provide some web links to obtain a free trial (at the time of this writing it is a $200 credit to get you started). Be prepared, however–you do need to provide a credit card, even to sign up for the free trial. You can also buy your subscription / credits from an authorized Microsoft Partner.

Ess-Azure-vnet-2

Having already set up my trial subscription prior to this, I am able to sign into my Azure account right from this wizard.

Ess-Azure-vnet-3

In this next step, be aware that it is only asking you to name the remote and local networks, not to provide an IP scheme (it will figure that out on its own). You can also pick a location–this will determine which datacenter / region to use for your virtual network.

Ess-Azure-vnet-4

Step 3: Configure your local firewall/router for the VPN

This step is where you have a choice to make–you can either let the Essentials Server handle the Site-2-Site VPN connection (it will use the Remote Access/RRAS features built-into Windows Server), or you may choose to configure the connection from your own on-premises firewall/router.  For the purposes of this demo, I am just going to let the Windows Server be our connection endpoint.

Ess-Azure-vnet-5

However, I do not actually recommend using the Windows Server / RRAS method (where the local server acts as the VPN device). Other devices on your network will not, by default, have the routing required to contact the remote network unless you initiate it from your default gateway device (usually your firewall). Azure provides some scripts to make the process easier for configuring certain makes & models, but you can also find step-by-step instructions online–just search for your firewall’s make/model number with the keywords “Azure VPN.” Make your selection–Use my VPN router–and click Finish.

Review the configuration and click close. Notice that it automatically configured an Azure Virtual Network address space outside of the detected on-premises address space.

Ess-Azure-vnet-6

Step 4: Monitor the progress on-premises & online

Now let’s see what we’ve got in the Essentials Dashboard… look at that! A new plugin has been activated for AZURE VNET. As you can see, the virtual network still has a status of CONFIGURING.

Ess-Azure-vnet-7

If we login to the Azure portal, we will see that our virtual network has been added. You can click on it to expand some additional details.

Azure-vnet-portal-1

Very cool! With the networking details up top, the VPN topology is shown in the lower pane, and if we click on the symbol between our gateway and the local network on the Site-to-site connection, we can see in the right-most pane that the virtual network is still Not Connected.

Azure-vnet-portal-2

For now, that status is completely fine with us–it can take some time to provision the network and create a gateway connection with a static IP address. We can proceed to the next article and deploy a virtual machine while we wait for this process to finish up.

Technical , , , , , 0 Comments
Share:

Leave a Reply

Back to Blog

Related Posts

29Jul

Permissions required for secure roaming profiles & redirected folders

This post could also be titled "How to break permission inheritance properly, without breaking everything else," and the advice applies well beyond the scope of maintaining roaming profiles and redirected folders. I often run into a lot of new clients that are incorrectly configured when it comes... read more
16Feb

Hyper-V Failover Cluster: Basic Setup

I have previously shared a slightly more complex method for configuring a simple 2-node failover cluster, involving a converged Hyper-V virtual switch, with QoS policies and so forth to manage traffic on the Management, CSV and Live Migration networks. However, there is another config I wanted to... read more
23Sep

Deploying Conditional Access Policies via PowerShell

There is a new GitHub repository available from Microsoft: Manage Conditional Access policies like code. Similar to the infamous Intune samples repo from which I and many others have built their automated Intune setup scripts for new tenants, this repo is replete with the resources... read more
06Apr

Warning: Domain Renames are Not Recommended (or Supported)

I have recently run into a couple of different scenarios wherein I've been asked to fix domain rename operations gone awry.  After having worked through this process extensively twice now, I thought I'd post about my experience, in case this helps anyone else avoid the same... read more
14Jul

U.K. Cyber Essentials Simple Assessment Tool

I recently came across the U.K.'s Cyber Essentials, as published by the National Cyber Security Centre (NCSC). Not two days after I learned about this simple control framework while on a conference call spanning several time zones with friends from around the world, that I... read more
20Jun

Migrating Companyweb from SBS to Office 365 SharePoint Online

Microsoft Windows Small Business Server comes with a watered-down implementation of SharePoint called Companyweb (or WSS). Whether you are migrating from a full-blown SharePoint environment on-premises or the basic Windows Server-included Windows SharePoint Services, you are going to have to come to terms with one major migration hurdle: Microsoft... read more
22Nov

How to improve Remote Desktop performance for remote users through an RDS Gateway Server

Do you have a Remote Desktop Server (properly) configured with the Gateway Role in your environment? In this configuration, all traffic is secured via SSL (port 443), and clients connecting over the internet to your internal RDS host(s) will be encrypted (and not necessarily identifiable... read more
22Nov

Updates to my Exchange Online and Office 365 ATP scripts

Just a quick note--this week I updated the Exchange Online and ATP scripts that I publish and use to provision new tenants--to fall more in line with the new best practices that were published by the Exchange Online Protection and Office 365 ATP teams.* You... read more
29Nov

Three ways to protect your customer’s on-premises data with Azure: Part 3 – Azure Site Recovery

In the previous two posts we looked at: Azure Backup (using the MARS agent) Azure Backup Server (free DPM server) Those two solutions are markedly different from one another, but they both basically provide some kind of backup. The former does only file, folder & system... read more
08Jun

Soft (SMTP) vs. Hard (immutableID) matching with Azure AD Connect

If you are setting up Directory Synchronization from scratch (there are no users in the cloud yet), then Azure AD Connect will be pretty straightforward--the on-premises objects (and passwords if you choose that option) will be synchronized to the cloud, and you can assign services... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me