1. VNet and Cross-Premises Connectivity5
Cheryl McGuire | Technical Writer – Microsoft
Ronald Beekelaar | Founder – Virsoft Solutions

2. Lessons Virtual Network Settings Cross-Premises Settings
This should also be a review for the

3. Virtual Network Settings

4. Creating a Virtual Network
Management Portal
Network Configuration file
PowerShell
REST API

5. Creating a Virtual Network in the Management Portal
Custom Create
Quick Create

6. Demo Create a VNet
Basic Virtual Network Demo

7. Cross-Premises Settings

8. Extending Your Infrastructure
Extend your datacenter with virtualization and networking
12/6/2019
Securely connect to Virtual Network from anywhere
Uses VPN client in Windows OS
Traverses firewalls and proxies
Windows Azure datacenter
On-premises datacenter
VPN
Site-to-Site VPN
VPN
Individual computers behind corporate firewall
Let’s say you have individual PCs behind the firewall that you want to connect directly to Azure—or that you have remote workers. You can connect securely to the virtual network In Azure from anywhere using the VPN client in Windows. Because it works across firewalls and proxies, it doesn’t matter if users are behind your firewall, behind someone else’s firewall, or are remote.
Check with YuShun
Point-to-Site VPN
Remote workers
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Cross-Premises Design Considerations
Site-to-Site
- Always connected
- Requires a compatible VPN device with externally facing IPv4 address
- Does not require individual client configuration
- Branch office solution
Point-to-Site
- SSTP can securely traverse firewalls and NAT devices
- Does not require a VPN device
- Connection is configured on each client
- VPN connection is manually started from the client computer

10. Configuration Considerations
Local Networks
Specifies which traffic goes across the VPN
No IP address overlaps
Can specify non-internal IP ranges
DNS Server
Cannot use Windows Azure IDNS for name resolution
Region/Affinity Group
Where do you want your resources?
VPN Devices
Check the list of device requirements

11. Static vs. Dynamic Routing Gateways
Gateway Type - Dynamic or Static?
Site-to-Site – can be either dynamic or static
Point-to-Site – dynamic only
If you want both site-to-site and point-to-site for the same VNet, choose dynamic
Dynamic is presently in preview
Static Routing Gateways
Dynamic Routing Gateways
GA Feature
Preview Feature
“Policy-based” VPN configuration
On-premise VPN devices need to enumerate the combination of prefixes
IPsec/IKEv1
“Route-based” VPN configuration
Slightly more straightforward on-premise VPN configurations
IPsec/IKEv2
Site-to-Site Only
Site-to-Site and Point-to-Site

12. Demo
Add Site-to-Site to existing VNet

13. Site-to-Site Settings
Configuring a Site-to-Site connection requires configuration on both your Virtual Network and your VPN device.
After your Gateway has been created, you’ll need the following information from the Dashboard page to configure your VPN device:
Gateway IP address
VPN Device Script (template)
Manage Key (from the bottom of the page)

14. Point-to-Site Add Point-to-Site to a VNet
Configure the VNet for Point-to-Site in the Management Console
Create the Gateway (dynamic)
Use makecert to create a self-signed root certificate (can’t use a CA)
Import the .cer file (the file without private key) to Windows Azure
Generate a client cert for each client and install
Download the appropriate VPN client package from the Dashboard page and install it on the client computers

15. Point-to-Site Connection
Without root cert
With root cert

16. Point-to-Site Certificates
Create your root certificate using makecert
Download and install Microsoft Visual Studio Express (if you don’t already have a tool to create a certificate)
In the Visual Studio Tools folder, open the x86 Native Tools Command Prompt
Change to whatever folder you want your .cer file to create a copy in
Make the appropriate changes and run this to create the root cert:
Create client certs from the root certificate and install them on the client computers

17. Client VPN Package Install
Download the install package from the VNet dashboard and install it on the client
Installed

18. Demo
Configure Point-to-Site VNET

19. 12/6/2019 1:49 PM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.