Windows Azure Virtual network configuration (point to Site)

Description: This article takes Azure international as an example, there are some differences in the Chinese version of the network location.

1. Scene

Virtual networks provide us with the ability to build network definitions on the Windows Azure Cloud computing environment, and with virtual networks, we can easily plan resources such as virtual machines in Windows Azure according to different roles and users. We can also build a "hybrid cloud" environment with our local it channel, assuming we have a web App for customer loyalty points on the Azure cloud, but customer information is stored on a private server in the company intranet or in other cloud service platforms. Therefore, it is necessary to connect the services through the virtual network, and ensure the security of the connection.

Therefore, it is highly recommended that you establish and plan virtual network settings before you use Windows Azure to establish virtual machine applications.

But the virtual network also has its limitations, the following are the key points to note:

• The same virtual machine cannot join multiple virtual networks at the same time
• Virtual machines cannot be changed after joining a virtual network
• Does not support broadcast, multicast
• Virtual machines can only specify subnets and cannot specify IP
• Communication between virtual networks is via the Internet

2. Azure Virtual Network configuration

1). Sign in to the Azure management portal

International Version: Https://manage.windowsazure.com

Domestic version: https://manage.windowsazure.cn

Select the network in the Management Portal Navigator, and on the right, select Create virtual network.

First step: Fill in the name and select location

Fill in the appropriate name and select the appropriate network access location after clicking on the Next button

Step Two: Configure DNS and VPN types

Fill in the DNS server address and, if empty, use the Azure default DNS server;

Select the VPN type: If you need to connect to a local network, select site-to-site connection, and we'll take the point-to-site connection as an example.

　　

Step three: Set the client IP address space

The 172.16.0.0 address segment and 27 child segments are set for the client.

　　

Fourth step: Set up the azure virtual network address space

Here we have added two subnets and gateway subnets for distribution to Web servers and other servers.

Click "Finish" to end the creation of the virtual network.

　　

　　

Fifth step: Create a Gateway

Tap into the virtual network you just created, go to the dashboard, and tap create Gateway

　　

After the wait is complete, the gateway is created.

Sixth step: Create a certificate and complete the connection

There are several ways to get a certificate:

• Certificate servers within an enterprise, such as AD Certificate Services
• Build using the MakeCert command in the SDK that came with the Visual Studio development tools ( such as not installing Visual Studio to download from an attachment Makecert.exe

The root certificate is downloaded locally using a Certificate Server in the enterprise (typically the address is http://<server>/certsrv).

Click "Certificates" to upload the root certificate to Azure.

　　　　

In Certificate Services, request a new user certificate that is installed with the root certificate on the local compute that connects the VPN.

　　

After the client certificate is installed, go back to the Azure virtual network dashboard and download and install the Virtual network Client Setup program

　　

Connect after the local computer installation is complete until the connection is successful.

　　

If this step fails with "no suitable certificate found", verify that the user certificate and root certificate are installed successfully.

Use the ipconfig command to view the connection status:

　　

View the virtual network "CorpNet" dashboard to see that there is currently a client connection

　　

Step Seven: Deploy the virtual machine to the virtual network

Create a new virtual machine named "CORPNETWEB01" and select Use Windows Server R2 SP1 as the virtual machine template.

　　

Select the "CorpNet" virtual network and subnet, and Azure will automatically assign the virtual machine the IP address in the network segment that we specify.

　　

After the virtual machine is created through the wizard, we use Remote Desktop to connect to the newly created virtual machine CorpNetWeb01, and also use the ipconfig command to view network connection information

　　

After connecting the Corpnet VPN to the local computer, use the ping command to test network connectivity (to test the effect, shut down the virtual machine CorpNetWeb01 firewall, which is not recommended in the actual production environment).

　　

With a virtual network, you can interconnect your local computer to virtual machines in Azure.

Back in the dashboard of the virtual network "CorpNet", we can see the virtual machine CorpNetWeb01 that was just created in the resource with an IP address of 10.8.8.4

　　

At this point, we have completed the connection to the Azure virtual network point-to-site mode, and we will describe the connection to the site to site mode in the next article.

Attached: Makecert.exe tool download

Windows Azure Virtual network configuration (point to Site)