In the previous blog post http://bit.ly/1FQxdn6 we just talk about how to get started with VNets so let’s deep dive in it.
When creating a VNets there are a few definitions we have to well defined it
Address Space and Subnets, DNS servers, POINT-TO-SITE CONNECTIVITY a point-to-site VPN, SITE-TO-SITE CONNECTIVITY a site-to-site VPN and Private site-to-site connectivity [ExpressRoute].
- Address Space
When creating a virtual network you have to specify the ” address spaces and subnets ” of the virtual network
1- Address Space is the range of addresses that the VMs and services in your network can use. this range must be private and not accessible from the public networks so you must use unroutable IP addresses like 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
2- You can set the address space using the azure portals in the drop-down list which give you by-default 3 Address Spaces 10.0.0.0/8 gives you a usable address range from 10.0.0.0 to 10.255.255.255. you can use the subnetting process to obtain a customized addresses like 10.0.0.0/27 which gives you a usable address range from 10.0.0.0 to 10.0.0.31 and save your addresses and you although can add different Subnets to your VNets
you might assign 10.1.0.0 to VMs, 10.2.0.0 to back-end cloud services, and 10.3.0.0 to SQL Server VMs …etc.
Remember the Address Space Cannot overlap other virtual network or local network sites and Required.
- DNS servers
Let’s talk about DNS in brief …
1- Domain Name System (DNS) is the name resolution protocol for TCP/IP networks. Client computers query a DNS server to resolve names to the IP addresses that computers use to communicate with each other.
So What about Microsoft Azure? What about the VMs and VNets?
Every time i am wanna connect to a VM i have to type the IP address of it or we can connect using the VMs name, so If you want to refer to your VMs by host name or [FQDN] directly, rather than using an IP address and port number, you need a DNS service to provide name resolution.
2- Let’s talk about Azure DNS There are two options: you can use the Azure name resolution or you can specify a DNS server that is not maintained by Azure ” if you have your DNS in your infrastructure On-premises you can use it in azure.
SO it’s very simple and optional if you need the communication process between VMs to be using the Host Name this mean you need to configure a DNS Server.
- Configure a point-to-site VPN
What about connecting from your on-premises Server “Single Server” to your cloud?
Point-to-site VPN enables you to connect from your local machine over a Secure Socket Tunneling
to your virtual network in Microsoft Azure.
This uses certificate authentication between the client machine and virtual network in Azure.
You can connect up to 128 clients to the virtual network in Azure [The maximum bandwidth is 80 MBPS per gateway] The connection has to be configured on each client machine that you want to use. Once configured, the user can start the VPN connection.
SO if you want to connect over azure from a determined VM or a single server you have to configure the point-to-site VPN connection
- Configure a site-to-site VPN
What about connecting from your on-premises Servers “Multi Servers” to your cloud?
A site-to-site VPN lets you connect securely from your on-premises network to your virtual network in
Azure. so what you need to configure this type of connection?
1- Have a public IPv4 IP address
2- compatible VPN device or Routing
3- Remote Access (RRAS) running on Windows Server 2012.
Once you have the connection up and running, your local network such computers and VMs can communicate with the resources in the virtual network on Azure.
if you host a company application on Azure like SharePoint and all your employees need to have access on this web application!? your employees can access and run that application securely using your site-to-site network connection.
You actually can use site-to-site connectivity to connect entire on-premises networks to virtual
networks in Azure not a single point or VM.
a company that has multiple branch offices and one of the offices servers running on Azure cloud. You can establish a connection between each branch office’s network and Azure.
Comparison between site-to-site and point-to-site connectivity
1- You don’t need a VPN device or RRAS.
2- Configuration must be done on each client machine.
Point-to-site is a good choice when:
b) You only have a few clients that need to have access.
a) You don’t have access to a VPN device that you can use for a site-to-site connection.
1- You need a VPN device or RRAS.
2- Configuration done on the site clients are not required changes or any configuration.
Site-to-site is a good choice when:
a) You have a huge amount of users need access so you have to configure site-to-site connection.
b) You have a Secure connection in your infrastructure.
ExpressRoute [Private connectivity]
ExpressRoute lets you create private connections between Microsoft Azure data-centers and your infrastructure, this is called private because the network traffic occurs over the network provider NOT over the public Internet. so this will ensures and enable that applications with privacy requirements and security polices can run on Azure.
ExpressRoute connections enable you a higher security, reliability and faster speeds.
BTW we will not talk deeply about ExpressRoute in this blog we just intro this new way of connection but we will talk about it in another Blog, Scenario soon. if you wanna deep dive just click 😉
In this blog we talk about the concepts of VNets and the connectivity ways, wait for the Next part we will deploy a CUSTOM CREATE, configure DNS Server and VPN Connectivity.