Today with great help from Catapult’s IT Manager, we setup a VPN connection between Catapult’s On-Premises network and the Windows Azure network. This is a very cool thing, it allows me to bridge our on-premises network and servers with servers hosted on Windows Azure IaaS. The entire setup and configuration was really not that bad. I first researched this and talked to my internal IT team about the possibility of setting this up. First think I checked was for supported VPN devices for the Windows Azure service, here is the list http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx. Unfortunately Catapult does not utilize a Cisco or Juniper Networks VPN device. But this did not stop me, in the URL that listed the supported VPN devices it also lists out the requirements and our Catapult VPN device met all the requirements. Today we then went forward with the setup and configuration of the Windows Azure IaaS Virtual Network and Cross Premises Connectivity, http://www.windowsazure.com/en-us/manage/services/networking/cross-premises-connectivity/. This was pretty straight forward to setup (I do want to point out that some of the screen shots in the URL have changed, but not in any major way to prevent completion of the setup). A couple of important items:
- Networks cannot overlap, so ensure that your on-premises and IaaS network are completely separate
- AES 128 encryption is required, not 256, for the on-premises VPN device
Once we completed the setup and configuration we ended up with, Whola!
After getting the point to point VPN connection up and functioning I was then able to create a new VM in Windows Azure and connect it to the network, http://www.windowsazure.com/en-us/manage/services/networking/add-a-vm-to-a-virtual-network/ With this completed, I setup a second Site for this Server in my on-premises test domain and added the corresponding subnet to cover the IaaS network that was created. With this done I then installed ADDS into the IaaS server (built this as Windows Server 2012) and then promoted it as a domain controller into my test domain.
Now I have an on-premises domain controller and a domain controller hosted in Windows Azure IaaS. Over the next couple days my plan is to then enable ADFS on the IaaS domain controller and setup Identity Federation with my Office 365 Tenant.