onne ting two azure su s riptions s a ount · azure subscriptions and couple of virtual machines...
TRANSCRIPT
CONNECTING TWO AZURE SUBSCRIPTIONS SAME
ACCOUNT
Prepared by: Sainath K.E.V
Microsoft Most Valuable Professional
Dated: 14/09/2014
TABLE OF CONTENTS
1 Introduction .................................................................................................................................... 3
Requirements: ......................................................................................................................... 3
2 Configuration: ................................................................................................................................. 4
Settings: .................................................................................................................................. 4
Cloud Services ......................................................................................................................... 4
Storage .................................................................................................................................... 4
Networks: ................................................................................................................................ 4
2.4.1 Creating DNS Server ....................................................................................................... 5
2.4.2 Creating First Virtual Network: VISUAL STUDIO PREMIUM SUBSCRIPTION ................... 6
2.4.3 Creating SECOND Virtual Network: VISUAL STUDIO PROFESSIONAL SUBSCRIPTION ... 11
2.4.4 Creating Gateway: ......................................................................................................... 16
2.4.5 Changing Temporary Placement IP Addresses: ............................................................ 21
Setting IPsec Pre-shared Keys: .............................................................................................. 28
3 Computers Communication .......................................................................................................... 32
4 Disconnect and Deleting Default Gateway ................................................................................... 33
Recreating site-to-site connection across azure subscriptions ............................................. 37
1 INTRODUCTION
This article explains the steps involved in establishing connectivity between two Azure subscriptions
with successful routing and name resolution abilities. This lab assumes that user has two Microsoft
Azure Subscriptions and couple of virtual machines created for testing the connectivity.
REQUIREMENTS:
Below details are used in the following lab to test Azure Subscription connectivity.
Name Subscriptions Region
Australia Visual Studio Premium Subscription
East Asia
Singapore Visual Studio Professional Subscription
East Asia
High Level Diagram:
2 CONFIGURATION:
Below sections explains Azure Configuration information.
SETTINGS:
Ensure the subscriptions are registered appropriately with Azure. Below is an example of my
registered subscriptions
CLOUD SERVICES
I have configured two cloud services each with different subscriptions as shown below
STORAGE
I have configured two Storage Accounts, one with each subscription
NETWORKS:
This is the critical and important component which needs to be carefully configured. This section has
different subsections which should be configured in the order specified. Before starting this section,
understand the IP Address you will be using for both subscriptions.
2.4.1 CREATING DNS SERVER
Step1:
Click on New Network Services Virtual Network Register DNS Server as shown below and
populated the required fields [Name, DNS Server IP Address and Subscription]
Fig 2.4.1.1: Configure DNS Server
Step2:
Click on New Network Services Virtual Network Register DNS Server as shown below and
populated the required fields [Name, DNS Server IP Address and Subscription].
Note: The subscription is changed and rest remains same.
Fig 2.4.1.2: Configure DNS Server
2.4.2 CREATING F IRST V IRTUAL NETWORK: VISUAL STUDIO PREMIUM SUBSCRIPTION
Following section describes the steps involved in creating Virtual Networks in corresponding
subscriptions.
Step1:
Navigate to New Network Services Virtual Network Custom Create and follow the below
steps
Fig 2.4.2.1: Create Virtual Network
Step2:
Enter the Name, Location and Subscription details, as shown below
Fig 2.4.2.2: Virtual Network Details
Step3:
Under DNS Servers option, select DNS Server which was created earlier [AUS-Network]. Select
"Configure a site-to-site VPN" option and under Local Network select "specify a New Local
Network" as shown below.
Fig 2.4.2.3: Configure DNS Server and VPN Connectivity
Step4:
Under Site-to-Site Connectivity wizard, configure the following
a) Name: Enter remote site name. In our example it is "SINGAPORE-Network"
b) VPN Device IP Address: Enter 2.0.0.0 as temporary placeholder IP Address
c) Address Space: I have chosen 192.168.x.x /16
Fig 2.4.2.4: Site-to-Site Connectivity
Step5:
In the below step, I have configured the IP address range with 172.16.x.x. select “add gateway
subnet” which should create Gateway IP address as shown below
Fig 2.4.2.5: Virtual Network Address Space
Step6:
After validating the above settings, Click displayed on the screen above. Once completed,
User should see below screen
Fig 2.4.2.6: Virtual Network Completion
Note: As this stage the Gateway is not yet created.
2.4.3 CREATING SECOND V IRTUAL NETWORK: VISUAL STUDIO PROFESSIONAL SUBSCRIPTION
Step1:
Navigate to New Network Services Virtual Network Custom Create and follow the below
steps
Fig 2.4.3.1: Create Virtual Network
Step2:
Enter the Name, Location and Subscription details, as shown below
Fig 2.4.3.2: Virtual Network Details
Step3:
Under DNS Servers option, select DNS Server which was created earlier [AUS-Network]. Select
"Configure a site-to-site VPN" option and under Local Network select "specify a New Local
Network" as shown below.
Fig 2.4.3.3: Configure DNS Server and VPN Connectivity
Step4:
Under Site-to-Site Connectivity wizard, configure the following
a) Name: Enter remote site name. In our example it is "AUS-Network"
b) VPN Device IP Address: Enter 1.0.0.0 as temporary placeholder IP Address
c) Address Space: I have chosen 172.16.x.x /16
Fig 2.4.3.4: Site-to-Site Connectivity
Step5:
In the below step, I have configured the IP address range with 192.168.x.x. select “add gateway
subnet” which should create Gateway IP address as shown below
Fig 2.4.3.5: Virtual Network Address Space
Step6:
After validating the above settings, Click displayed on the screen above. Once completed,
User should see below screen
Fig 2.4.3.6: Virtual Network Completion
2.4.4 CREATING GATEWAY:
Following section describes the steps involved in creating Dynamic Routing for both Australia and
Singapore Networks.
Australia Network:
Step1:
Navigate to Networks Aus-Network Dashboard and select Create Gateway option located at
bottom of the page as shown below
Fig 2.4.4.1: Australia Network Configuration
Step2:
Select Dynamic Routing option, as shown below
Fig 2.4.4.2: Selecting Dynamic Routing
Select Yes as shown below
Fig 2.4.4.3: Select option
Singapore Network: Perform the similar steps as above and select Dynamic Routing option as
shown below
Step1:
Navigate to Networks SINGAPORE-Network Dashboard and select Create Gateway option
located at bottom of the page as shown below
Fig 2.4.4.4: Singapore-Network option
Select Yes as shown below
Fig 2.4.4.5: Select option
Note: This activity takes 20 minutes to complete
Once the Gateways are created, you would see the Gateway Public addresses listed as below. I have
erased the Public IP Address below
SINGAPORE-Network Gateway Address:
Fig 2.4.4.6: SINGAPORE-Network Gateway Public IP Address
AUS-Network Gateway Address:
Fig 2.4.4.7: AUS-Network Gateway Public IP Address
2.4.5 CHANGING TEMPORARY PLACEMENT IP ADDRESSES:
This activity requires User to note down the above generated Gateway addresses to be used in this
section.
Australia Network:
Step1:
Navigate to Networks AUS-Network Local Networks as shown below
Fig 2.4.5.1: Change Temporary Placeholder IP Address
Step2:
Select Edit option, delete the previously added VPN Device IP Address to newly generated address
Previous
Fig 2.4.5.2: Specify your local network details
Edited
Fig 2.4.5.3: Add Public IP Address
Step3:
No changes required on Add a local network , select to complete the configuration
Fig 2.4.5.4: Local Network Address Completion Wizard
Singapore Network:
Perform the above steps for Singapore Network
Step1:
Navigate to Networks SINGAPORE-Network Local Networks as shown below
Fig 2.4.5.5: Change Temporary Placeholder IP Address
Step2:
Select Edit option, delete the previously added VPN Device IP Address to newly generated address
Previous :
Fig 2.4.5.6: Specify your local network details
Edited:
Fig 2.4.5.7: Add Public IP Address
Step3:
No changes required on Add a local network , select to complete the configuration
Fig 2.4.5.8: Specify the address space [No changes required]
Validating the changes:
Navigate to Networks Local Networks and view the Public IP address association with Local
Networks and Subscriptions, as shown below
Fig 2.4.5.9: VPN Gateway Address
SETTING IPSEC PRE-SHARED KEYS:
This section describes the key steps required to establish the connection between two Virtual
networks
Step1:
Run the command Get-AzurePublishSettingsFile which would open a new page and prompts you to
save the file in your hard drive.
Fig 2.5.1: Get Azure Settings File
Step2:
Save the file to trusted hard drive location, which should be used in later sections.
Fig 2.5.2: Save Azure Publish File
Step3:
Import the Azure Publish settings as shown below.
Fig 2.5.3: Import Azure Publish Settings
Step4:
Post successful import of Azure settings, run Get-AzureSubscription command which would list the
various options as shown below.
Fig 2.5.4: Get Azure Subscription
Step5:
Setting Azure Network gateway is tied with subscription. User should select the subscription and
then set the Gateway, as shown below
Fig 2.5.5: Select and Set Azure Virtual Network Gateway
Once the above command runs successfully, User can see successful Site-Site Connectivity between
Virtual Network of different Azure Subscriptions as shown below.
Fig 2.5.6: AUS-Network Successful Connectivity
Fig 2.5.7: SINGAPORE-Network Successful Connectivity
3 COMPUTERS COMMUNICATION
Upon successful connection, the next step is to create Azure Virtual Machines and configure them
accordingly. High level steps include
Step1: Create Virtual Machines in both Azure Subscriptions and assign to appropriate Cloud Service,
Storage, Virtual Network, Subnets
Step2: Make any necessary Firewall configuration changes on both the clients
Step3: Test SMB ( Server Message Block ) connection by accessing shared folder
4 DISCONNECT AND DELETING DEFAULT GATEWAY
User can Disconnect and Delete Site-to-Site Connectivity between Azure Subscriptions as required.
Below are the steps required to perform disconnect and delete operation.
Step1:
Navigate to Networks SINGAPORE-Network Dashboard
Fig 3.1: SINGAPORE-Network Dashboard
Step2:
From the below ribbon/ Taskbar, select Disconnect option and select Yes on the prompt. Upon
successful disconnection, you will see the following wizard
Fig 3.2: Disconnected Site-Site Connectivity
This gets Aus-Network to disconnect
Fig 3.3: AUS-Network Disconnected
User can select “Connect” option to get back to Site-Site Connectivity between Azure Subscriptions
and wait for 5 minutes to re-establish the connection
Step 3:
Select “DELETE GATEWAY “ option from the Taskbar below and accept the prompt, upon successful
deletion, user will see the below wizard
Fig 3.4: SINGAPORE-Network Gateway deleted successfully
Step4:
Delete the Gateway for AUS-Network by following the similar steps outlined in Step3. Upon
successful deletion of Gateway, AUS-Network will be as below
Fig 3.5: AUS-Network Gateway Deleted
RECREATING SITE-TO-SITE CONNECTION ACROSS AZURE SUBSCRIPTIONS
If Administrator want to create back the deleted connection, he should follow the steps from
1) 2.4.4 through 2.4.5
2) 2.5 – Step5
Conclusion: This article outline the steps required to successfully establish connection between two
Azure Subscriptions