I have been running different test VM’s in Azure for some time now. After running a Trial Account then switching that to Pay As You Go (word of warning, if you are running Pay As You Go too, don’t leave a SQL Enterprise VM running if you’re not using it – SG$150 dollars after powering mine up and realising I quickly shut it down!), I am now fortunate enough to have an MSDN Subscription and Azure credits. With the number of different VM’s I run on my hardware at home, all competing for resources and all requiring me to carry my laptop with me, I wanted to move as much as I could to Azure. The issue for me is, Azure does not support running Hyper-V Hosts with running VM’s on top. Kind of an issue as that is one of the areas I am investing a lot of learning time in at the moment. I wanted to be able to run all of my Applications and Infrastructure services in Azure so I could use my home hardware for Virtualization and System Center only. The challenge of course is, how to you connect Azure and your home environments together?
After some research it seems that Azure only supports a select number of Network appliances to a Site-to-Site VPN Connection. It does now support the VPN Server in Windows Server 2012 R2, however, this server needs to have a public facing NIC with public IP address also. Kind of an issue for a home lab. I am a Starhub customer running one of their Cisco Routers, apparently static/reserved IP with Starhub is not an option and I wasn’t going to start messing around with different Routers and so forth, I don’t find consumer network appliances and the thought of trying to get the help of a service provider to make something non-standard work all that interesting, still, I needed a solution.
After trawling around on the internet I was lucky enough to stumble across Azure VPN Behind NAT on the Cheap by Bhargav. This post describes how to set up a VPN to Azure using a Netgear firewall that sits on your home network behind your NAT. This was exactly what I needed! Even more fortunate for me, I had US$60 of unused Amazon.com credit that had been sat there for over a year. So, a quick order later and my Netgear FVS318 was on it’s way and arrived yesterday morning. So last night during a study break I set about configuring the device as per Bhargavs post. I won’t reproduce the steps here so I encourage you to visit Bhargavs Blog and check it out.
Azure seems to have changed a little bit since the post and the only thing I really found I had to look out for was making sure I selected Static Routing when I set up the VPN Gateway. I took a guess and chose Dynamic Routing first but couldn’t get this working. I assume there is an obvious reason for this but I am not anywhere near a network guy, so it wasn’t something I understood. But I found some additional instructions here on Canadian IT Pro Connection and put those together with what I already had and eventually, after double checking and correcting all of my typo’s in address space configuration, I got a connection!
I will go into the detail of my home network set up in a later post due to lack of time, but if I list it out it looks something like this:
- A Cisco Router with Wireless Access Point provided by Starhub. This connects to the Internet. This has a 192.168.15.0 address space
- My Netgear VPN Device connects to the Cisco Router on a 192.168.15.x address. On the other side of the Netgear device is a 192.168.20.0 address space.
- On my two machines at home I have Vyatta Virtual Routers running which use the physical Ethernet network, they are connected to the Netgear device on the 192.168.20.0 address space.
- The Vyatta Routers have different Virtual Network interfaces configured and they are able to route to each other through the Physical network they are on.
- Virtual Machines use the Virtual Networks that are assigned to the Vyatta routers
- Hyper-V and ESX hosts are Virtual Machines running in VMWare Fusion on Mac OS X Mavericks
Between the Virtualization hosts I have full management, production, storage and Live Migration networking functionality and everything works like a charm. I can contact my Azure machines from my ‘On Premise’ machines and I have a full extension of my lab into the cloud. Just amazing!
There are only 2 real issues I face at the moment.
- The IP Address of my Cisco Router is not static, therefore in the event it changes I will need to update my Azure VPN Configuration. This is a lab though, so I can live with that
- I cannot ping/rdp my On Premise VM’s from my Azure VM’s at the moment. I know this is just down to routing, DNS and Firewall rules so all I need to do is track these down and open them up.
Once I have done this and have everything working correctly I will write a detailed post with Diagrams on my set up. In the meantime, I wanted to share this because if anyone else is looking to set up the same sort of environment, I can tell you that this definitely worked for me (Disclaimer: Different ISP’s and different routers have different capabilities. If you decide to invest in some hardware to try this and fail miserably I can’t be held responsible 😛 and neither can Bhargav of course!). If you do go ahead and try this, I would love to hear how you get on.
So, it really is possible to extend your lab into Azure with a minimal investment, why not consider maximising your home hardware use. You can get started with an Azure trial account here.
Categories: Microsoft Azure