|By Kevin Remde||
|January 19, 2013 09:00 AM EST||
His article and guide was so good, in fact, that I am going to attempt to do the very same task – to create and configure a network in Windows Azure; but instead of using the Windows Azure portal, we’re going to do it entirely using PowerShell and some special Windows Azure Management Cmdlets.
“Are you out of your mind?”
Perhaps. The goal, as it was in Bob’s article, is that in the end we have a network configured and ready to securely connect to (and extend our) existing on-premises network. From Bob’s introduction:
Before we get started, it’s important to set the stage of what we’re trying to accomplish. The Windows Azure Virtual Network you are about to create establishes a Site to Site (S2S) VPN between your company’s network and the Windows Azure Cloud Service using the steps outlined below, and requires that you have an already installed VPN device on your premise. The list of currently supported VPN devices is located here. Windows Azure currently supports up to 5 S2S VPN tunnels, allowing you to have multiple Virtual Networks hosted in Windows Azure, such as a Test Network and a Production Network.
Set up PowerShell
To make this happen, of course, we’re going to have to have done a couple of things in advance:
- Get a Windows Azure account (start with the free 90-day trial),
- Get the Windows Azure PowerShell tools, and
- Follow some simple instructions to set up the secured connection for Windows Azure management.
Once you have this done, open up your Windows Azure PowerShell window, and open up notepad.
The .netcfg File
For configuring networking in Windows Azure using PowerShell, there are only two Set-AzureVNet commands:
There are Get-AzureVNet… commands that retrieve information (and objects), but for actually creating and configuring the networking, you’re going to be using an XML formatted document that has (by default) a .netcfg extension, and then using Set-AzureVNetConfig to upload that file. And then we use New-AzureVNetGateway and Set-AzureVNetGateway to configure and connect the gateway.
Again, in Bob’s article, we created a network. So as a starting point for creating the network using PowerShell, I’m going to use Get-AzureVNetConfig to retrieve his configuration into a .netcfg file.
Get-AzureVNetConfig -ExportToFile C:\Users\kevrem\Desktop\MyAzureNetworks.netcfg
And the resulting file looks something like this:
<?xml version="1.0" encoding="utf-8"?>
<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
<DnsServer name="YourDNS" IPAddress="10.1.0.4" />
<VirtualNetworkSite name="YourVirtualNetwork" AffinityGroup="KevRemWestUS">
<DnsServerRef name="YourDNS" />
<LocalNetworkSiteRef name="YourCorpHQ" />
Go ahead and copy/paste the above text into Notepad, and save it as a file named MyAzureNetworks.netcfg.
Now please note the highlighted portions. Those are unique for your account. You’ll need to put your own public VPN gateway address, and use your own pre-created affinity group.
Also note the bold text. These are the items that you customize. Put your own names and desired addresses in there, such as your DNS Server name and address. Remove or add <Subnet> </Subnet> sections, or <Subnets>.
But once you have that information, you should be able to use this file with the Set-AzureVNetConfig PowerShell cmdlet to create the same network and subnets. If you’ve saved the file (let’s say to the root of your C:\ drive), and you have the Windows Azure PowerShell window open and connected..
“How do I know it’s connected?”
Try this PowerShell command:
This should return some details on your connected subscription.
Anyway, once that’s verified, and as a first test of creating a network using PowerShell, run this:
Set-AzureVNetConfig -ConfigurationPath C:\MyAzureNetworks.netcfg
This should return successful.
Now open up the Windows Azure Portal, login, and click on the Networks tab. Do you see something like this?:
“Yes, I do!”
Good job! Click on the Local Networks, DNS Servers, and Affinity Groups tabs. You should see the values assigned and items created that match what you configured.
Back in Virtual Networks… Clicking on the network name and opening up the network details should look something like this:
Do you see the problem? We haven’t yet created and enabled the gateway. We can do that with PowerShell, too.
Create the Gateway
To do this, we’ll use the New-AzureVNetGateway command, and specify the name we used for our Azure NetworkThe command for our example looks like this:
New-AzureVNetGateway –VNetName “YourVirtualNetwork”
Once you run that, if you refresh the Windows Azure Portal screen, you’ll see this:
The creation of the gateway may take as long as 15 minutes. You can also check the status of this creation by using the Get-AzureVNetGateway cmdlet.
In fact, you can see from my result in PowerShell that my gateway creation has completed, and my gateway address assigned. Now the Windows Azure Portal looks like this:
But we still have one more thing to accomplish. We haven’t yet connected our Azure network to our corporate network.
Connect the Gateway
This is also very simple: Set-AzureVNetGateway is the cmdlet we’ll use.
Set-AzureVNetGateway -Connect –LocalNetworkSiteName “YourCorpHQ” –VNetName “YourVirtualNetwork”
Which shows up on the Windows Azure Portal like this:
Of course, it’s not going to succeed in connecting until we actually have something to connect to on the corporate side. As you’ll recall, there are specific VPN endpoint devices that are supported on the corporate side, and to configure them you can use the Windows Azure Portal to download the Configuration as well as the Shared Key.
“But.. can you do that with PowerShell, too?”
Absolutely. Well, two out of three, anyway…
Get the Gateway IP Address and Shared Key
There are three things you’ll need to configure the VPN device on your corporate side:
- The Gateway IP Address
- The Shared Key, and
- A Device Configuration Script
You can use the Get-AzureVNetGateway cmdlet to find the Gateway IP Address:
Get-AzureVNetGateway -VNetName YourVirtualNetwork
To get the shared key, use the Get-AzureVNetGatewayKey cmdlet:
Get-AzureVNetGatewayKey -LocalNetworkSiteName YourCorpHQ -VNetName YourVirtualNetwork
For the getting a script that will automatically configure your device, you’re still want to use the Windows Azure Portal. Down at the bottom of the page while looking at your network dashboard, you see the “Download” button:
Click that, and then walk through the wizard to select your device type and version information.
The result will be a script that can be used by your VPN / Network administrator to configure the device. You can get the VPN configuration script from the Management Portal or from the About VPN Devices for Virtual Network section of the MSDN library. For more information, see Establish a Site-to-Site VPN Connection and your VPN device documentation.
The remainder of this article is “borrowed” directly from the end of Bob Hunt’s excellent article:
The procedure assumes the following:
The VPN device has been configured at your company.
To configure the VPN device:
Modify the VPN configuration script. You will configure the following:
a. Security policies
b. Incoming tunnel
c. Outgoing tunnel
Run the modified VPN configuration script to configure your VPN device.
Test your connection by running one of the following commands:
Check main mode SAs
show crypto isakmp sa
show crypto isakmp sa
get ike cookie
show security ike security-association
Check quick mode SAs
show crypto ipsec sa
show crypto ipsec sa
show security ipsec security-association
Once the Virtual Network tests out, you’re ready to go. Enjoy!
Thanks, Bob. I think we will!
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
May. 25, 2016 04:45 AM EDT Reads: 2,416
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...
May. 25, 2016 04:45 AM EDT Reads: 777
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
May. 25, 2016 04:15 AM EDT Reads: 3,032
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
May. 25, 2016 04:00 AM EDT Reads: 1,687
As cloud and storage projections continue to rise, the number of organizations moving to the cloud is escalating and it is clear cloud storage is here to stay. However, is it secure? Data is the lifeblood for government entities, countries, cloud service providers and enterprises alike and losing or exposing that data can have disastrous results. There are new concepts for data storage on the horizon that will deliver secure solutions for storing and moving sensitive data around the world. ...
May. 25, 2016 04:00 AM EDT Reads: 1,036
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
May. 25, 2016 02:00 AM EDT Reads: 1,111
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
May. 24, 2016 11:45 PM EDT Reads: 785
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
May. 24, 2016 11:30 PM EDT Reads: 1,086
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
May. 24, 2016 06:00 PM EDT Reads: 4,655
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
May. 24, 2016 05:00 PM EDT Reads: 1,852
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...
May. 24, 2016 04:00 PM EDT Reads: 2,359
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
May. 24, 2016 04:00 PM EDT Reads: 1,685
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
May. 24, 2016 02:15 PM EDT Reads: 2,084
SYS-CON Events announced today the How to Create Angular 2 Clients for the Cloud Workshop, being held June 7, 2016, in conjunction with 18th Cloud Expo | @ThingsExpo, at the Javits Center in New York, NY. Angular 2 is a complete re-write of the popular framework AngularJS. Programming in Angular 2 is greatly simplified. Now it’s a component-based well-performing framework. The immersive one-day workshop led by Yakov Fain, a Java Champion and a co-founder of the IT consultancy Farata Systems and...
May. 24, 2016 02:00 PM EDT Reads: 3,857
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
May. 24, 2016 01:45 PM EDT Reads: 1,377
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
May. 24, 2016 01:45 PM EDT Reads: 2,067
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
May. 24, 2016 01:30 PM EDT Reads: 1,760
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
May. 24, 2016 10:30 AM EDT Reads: 771
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
May. 24, 2016 09:30 AM EDT Reads: 1,688
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...
May. 24, 2016 09:00 AM EDT Reads: 1,971