This connection is very easy to understand and implement. Point-to-Site (or P2S) here refers as a connection between a single device (namely a connection point) and an Azure virtual network (vnet) site.
A P2S connection requires a subnet defined within the target Azure vnet site. If to examine from a connected Azure vnet site, a connecting device automatically allocates an IP within the defined P2S subnet and connects to the site via a VPN connection.
Technically, a P2S connection is specific to, not the physical but logical device which is the OS instance which a connecting physical device is running on, since the connection is based on a-private-and-a-public key pair generated with the OS. At this time, Azure P2S supports only self-signed certificates, and the x.509 certificate (i.e. a public key) of an employed key pair resides in a target Azure vent site, while the certificate of PFX format (i.e. a certificate exported with a private key) should be installed at a connecting device. An administrator can configure an Azure P2S connection by:
- First enabling P2S connectivity and defining a P2S subnet associated with a target Azure vnet site
- Generating an x.509/PFX certificate pair
- Uploading the x.509 certificate to the site
- Distributing to and installing the PFX certificate on intended (logical) devices
- Initiating a connection from a logical device
Although one x.509-and-PFX-certificate-pair is sufficient to establish a P2S connection between an Azure vnet site with multiple devices by uploading an x.509 certificate to a target Azure vent site and employing/installing the associated PFX file on all connecting devices. The best practices is to employ a unique certificate pair for each connecting device to better secure the P2S environment.
Here are the Azure documentation page and complementary videos to walk through the processes and operations to
- Create a virtual network and a VPN gateway (video)
- Create your certificates (video)
- Configure your VPN client (video)
This is a lab delivered in the spring of 2015 for Microsoft US IT Camps, Extend Your Datacenter to Azure, which is a whole day event with hands-on experience on deploying and migrating workloads to Azure. This lab is specifically for IT pros to experience an automatic deployment of a business function/application, instead of deploying just VMs. The ability to deploy VMs are important and essential. Deploying VMs are however not the ultimate goal of moving to cloud. As I have addressed elsewhere, cloud goes way beyond virtualization and deploying VMs, instead it is about the anytime readiness and on-demand abilities to grow and shrink resource capacities based on demands, i.e. being elastic. And this lab does just that to prove this concept using Azure and PowerShell.
The script is published in github and one can run the script as it is and without making changes. In the recording below, I walked through the steps to acquire and run the script. The intent is to run it as a service, i.e. on demand, to deploy application instances from zero to running instances. Notice this script is for learning and testing Microsoft Azure and PowerShell. It does hard-code and not encrypt employed password, has very limited error handling, is not intended for production use.
For those who are not familiar with the essentials of Microsoft Azure Infrastructure Services, compliance, pricing, and cost structure, here are additional resources:
In part 5 of our “Modernizing Your Infrastructure with Hybrid Cloud” series, Keith Mayer and I got a chance to discuss and demonstrate ways to manage and automate a hybrid cloud environment. System Center, Microsoft Azure and Windows Azure Pack combined with PowerShell are great solutions for hybrid cloud scenarios. Keith is a great guy and we always have much fun working together.
- [1:15] When architecting a Hybrid Cloud infrastructure, what are some of the important considerations relating to management and automation?
- [4:09] You mentioned PowerShell for automation … how can PowerShell be leveraged for automation in a Hybrid Cloud?
- [7:54] Is PowerShell my ONLY choice? Are there other automation and configuration management solutions available for a Hybrid Cloud?
- [11:12] DEMO: Let’s see some of this in action
- Brief tour of System Center and Azure / Azure Pack management portal interfaces
- Getting started with PowerShell for Azure, Azure Pack automation
- Intro to PowerShell DSC for configuration management
- Intro to Azure Automation for automated runbooks
In part 9 of our “Accelerate DevOps with the Cloud” series on TechNet Radio, Keith Mayer and Yung Chou are back and this episode they discuss in depth the ability for DevOps organizations to scale up or scale down cloud applications. Tune in as they discuss Azure’s unique flexibility in terms of capacity planning for cloud applications.
- [1:07] How is planning for application capacity different when using a cloud platform?
- [4:50] How is scaling application capacity different or better when using the cloud?
- [5:52] Are there application scenarios that are particularly well-suited for scaling in the cloud?
- [14:01] Is there a way to trigger scaling operations automatically for applications in the cloud?
- [15:20] DEMO: Could you show us the basics of how this all works in Azure?
- Scaling Up Cloud Applications
- How to Scale Out Cloud applications on a schedule
- Auto-Scaling Cloud Applications
Websites & Blogs:
In part 7 of our “Accelerate DevOps with the Cloud” series on TechNet Radio, Keith Mayer and Yung Chou welcome Sr. Program Manager Michael Greene to the show as they discuss the importance of configuration management for organizations that are starting to leverage the cloud for their daily operations. Tune in as they also demo PowerShell DSC and how it can be used with Azure.
- [2:30] When an organization is beginning to leverage the cloud, why is Configuration Management important?
- [5:01] How is Configuration Management different from Automation?
- [6:48] Is Configuration Management more than just initial provisioning?
- [10:29] What tools and resources are available to perform Configuration Management?
- [13:03] How does PowerShell DSC differ from PowerShell scripts?
- [15:11] Is PowerShell DSC specific to only Windows workloads?
- [17:23] DEMO: Can you show us how PowerShell DSC can be leveraged with Azure?
Continuing our “Accelerate DevOps with the Cloud” series on TechNet Radio, Yung Chou welcomes Sr. Program Manager Charles Joy to the show as they discuss the be the importance of automation in your datacenter especially when it comes to advancing your DevOps strategy.
- [2:36] How does automation help organizations accelerate the delivery of new solutions as they move to the Cloud?
- [5:18] What tools and resources are available to help IT Pros get started with automation? Do they need to be a professional “scripter”?
- [6:04] Do IT Pros need to learn a different set of tools for automating each component?
- [6:26] If an IT Pro is automating cloud resources in Azure, do they have to spin up an entire set of infrastructure components just to handle automation? How does Azure automation organize and leverage these automation sequences?
- [7:22] How can Runbooks be triggered? Based on schedule? Based on other events?
- [8:24] Is Azure Automation extensible? Can I incorporate other PowerShell modules?
- [9:10] DEMO: Quick walkthrough of Azure Automation accounts, assets, runbooks, schedule
Websites & Blogs:
This presentation focuses on
- Microsoft Azure Infrastructure Services essentials
- Windows AD operability in Microsoft Azure
It is not about
- Windows AD design, implementation, or sys admin
- Microsoft Azure Active Directory
Call to Action
- Get it! Microsoft Azure 30-Day free trial
- Learn it! Microsoft Azure Infrastructure Services
- Check it! StaticVNet IP
- Find it! Azure pricing
- What-if!! Azure cost calculator
- Know it! Azure compliance
- Read it! Microsoft Azure SLA