This connection is very easy to understand and implement. Point-to-Site (or P2S) here refers as a connection between a single device (namely a connection point) and an Azure virtual network (vnet) site.
A P2S connection requires a subnet defined within the target Azure vnet site. If to examine from a connected Azure vnet site, a connecting device automatically allocates an IP within the defined P2S subnet and connects to the site via a VPN connection.
Technically, a P2S connection is specific to, not the physical but logical device which is the OS instance which a connecting physical device is running on, since the connection is based on a-private-and-a-public key pair generated with the OS. At this time, Azure P2S supports only self-signed certificates, and the x.509 certificate (i.e. a public key) of an employed key pair resides in a target Azure vent site, while the certificate of PFX format (i.e. a certificate exported with a private key) should be installed at a connecting device. An administrator can configure an Azure P2S connection by:
First enabling P2S connectivity and defining a P2S subnet associated with a target Azure vnet site
Generating an x.509/PFX certificate pair
Uploading the x.509 certificate to the site
Distributing to and installing the PFX certificate on intended (logical) devices
Initiating a connection from a logical device
Although one x.509-and-PFX-certificate-pair is sufficient to establish a P2S connection between an Azure vnet site with multiple devices by uploading an x.509 certificate to a target Azure vent site and employing/installing the associated PFX file on all connecting devices. The best practices is to employ a unique certificate pair for each connecting device to better secure the P2S environment.
This is a lab delivered in the spring of 2015 for Microsoft US IT Camps, Extend Your Datacenter to Azure, which is a whole day event with hands-on experience on deploying and migrating workloads to Azure. This lab is specifically for IT pros to experience an automatic deployment of a business function/application, instead of deploying just VMs. The ability to deploy VMs are important and essential. Deploying VMs are however not the ultimate goal of moving to cloud. As I have addressed elsewhere, cloud goes way beyond virtualization and deploying VMs, instead it is about the anytime readiness and on-demand abilities to grow and shrink resource capacities based on demands, i.e. being elastic. And this lab does just that to prove this concept using Azure and PowerShell.
The script is published in github and one can run the script as it is and without making changes. In the recording below, I walked through the steps to acquire and run the script. The intent is to run it as a service, i.e. on demand, to deploy application instances from zero to running instances. Notice this script is for learning and testing Microsoft Azure and PowerShell. It does hard-code and not encrypt employed password, has very limited error handling, is not intended for production use.
For those who are not familiar with the essentials of Microsoft Azure Infrastructure Services, compliance, pricing, and cost structure, here are additional resources:
Azure 101 Series for establishing basic building blocks of Microsoft Azure Infrastructure Services
In part 5 of our “Modernizing Your Infrastructure with Hybrid Cloud” series, Keith Mayer and I got a chance to discuss and demonstrate ways to manage and automate a hybrid cloud environment. System Center, Microsoft Azure and Windows Azure Pack combined with PowerShell are great solutions for hybrid cloud scenarios. Keith is a great guy and we always have much fun working together.
[1:15] When architecting a Hybrid Cloud infrastructure, what are some of the important considerations relating to management and automation?
[4:09] You mentioned PowerShell for automation … how can PowerShell be leveraged for automation in a Hybrid Cloud?
[7:54] Is PowerShell my ONLY choice? Are there other automation and configuration management solutions available for a Hybrid Cloud?
In part 9 of our “Accelerate DevOps with the Cloud” series on TechNet Radio, Keith Mayer and Yung Chou are back and this episode they discuss in depth the ability for DevOps organizations to scale up or scale down cloud applications. Tune in as they discuss Azure’s unique flexibility in terms of capacity planning for cloud applications.
[1:07] How is planning for application capacity different when using a cloud platform?
[4:50] How is scaling application capacity different or better when using the cloud?
[5:52] Are there application scenarios that are particularly well-suited for scaling in the cloud?
[14:01] Is there a way to trigger scaling operations automatically for applications in the cloud?
[15:20] DEMO: Could you show us the basics of how this all works in Azure?
In part 7 of our “Accelerate DevOps with the Cloud” series on TechNet Radio, Keith Mayer and Yung Chou welcome Sr. Program Manager Michael Greene to the show as they discuss the importance of configuration management for organizations that are starting to leverage the cloud for their daily operations. Tune in as they also demo PowerShell DSC and how it can be used with Azure.
[2:30] When an organization is beginning to leverage the cloud, why is Configuration Management important?
[5:01] How is Configuration Management different from Automation?
[6:48] Is Configuration Management more than just initial provisioning?
[10:29] What tools and resources are available to perform Configuration Management?
[13:03] How does PowerShell DSC differ from PowerShell scripts?
[15:11] Is PowerShell DSC specific to only Windows workloads?
[17:23] DEMO: Can you show us how PowerShell DSC can be leveraged with Azure?
Continuing our “Accelerate DevOps with the Cloud” series on TechNet Radio, Yung Chou welcomes Sr. Program Manager Charles Joy to the show as they discuss the be the importance of automation in your datacenter especially when it comes to advancing your DevOps strategy.
[2:36] How does automation help organizations accelerate the delivery of new solutions as they move to the Cloud?
[5:18] What tools and resources are available to help IT Pros get started with automation? Do they need to be a professional “scripter”?
[6:04] Do IT Pros need to learn a different set of tools for automating each component?
[6:26] If an IT Pro is automating cloud resources in Azure, do they have to spin up an entire set of infrastructure components just to handle automation? How does Azure automation organize and leverage these automation sequences?
[7:22] How can Runbooks be triggered? Based on schedule? Based on other events?
[8:24] Is Azure Automation extensible? Can I incorporate other PowerShell modules?