Azure Site Recovery enabling recovery in @MSAU @Azure directly with Hyper-V

Azure Site Recovery has introduced the ability to replicate and recover VMs directly to Azure without requiring System Center Virtual Machine Manager.

http://azure.microsoft.com/en-us/services/site-recovery/

Aaron @aaronw2003

Advertisements

Aug Session Thurs 21st- Altaro Hyper-V Backup & Mailstor presented by DataStor

August Thursday 21st- Altaro Hyper-V Backup and Mailstor

See what can be achieved with Altaro Hyper-V Backup and Mailstor email archiving solutions.

  1. Altaro Hyper-V Backup Software is a fast growing developer of easy to use backup solutions targeted towards SMBs and focused primarily on Microsoft Hyper-V Server.
  2. MailStore Email Archiving is one of the world’s leading solutions for email archiving, management and compliance for small and medium-sized businesses with the advantages of modern email archiving as a service thanks to MailStore Service Provider Edition.

Great prizes on offer!

Register Here

Presented by DatastorDatastor_500

Using a Point-to-Site VPN

The following is the work of Aaron Whittaker and should not be reproduced without prior permission.

Using a Point-to-Site VPN

Do I need a bigger Laptop?

Customers want to use Azure.  There are many different use cases and scenarios.  The following would be a great solution where on premise does not need direct tunnel connectivity to Azure.  The more permanent option is a static Site to Site VPN utilising a hardware device.

Eg. Developers utilizing extra computing power, maintenance on webservers, IT guys that want to get by with a Surface2 and don’t need more than 4 gig or ram.

Ingredients:

CA or Windows SDK

Azure subscription, with a running VM to test

Cooking time 35 mins.

CERTIFICATES

CERTIFICATION CREATION PROCESS

To establish a firstly you need create some certs.  You only need a private CA cert if you are running a domain.  An even quicker you can make certs just by using makecert.exe provided free in the Windows SDK

PS C:\Program Files(x86)\Windows Kits\8.1\bin\x86>makecert.exe -r -pe -n CN=AzureCertName -ss my -sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 AzureCertName.cer

Succeeded

PS C:\Program Files(x86)\Windows Kits\8.1\bin\x86>makecert.exe -n “CN=AzureCertName2” -pe -sky exchange -m 96 -ss My –in “AzureCertName2” -is my -a sha1

Succeeded

EXPORTING CLIENT CERTIFICATE

Now go to CertMgr.exe to will open the current user certs that you have just created.  Go to personal certificates.

Right Click Certname1, export, select YES to export the private key

1

Select Next twice, enter a password (mandatory step), next, select a location to save and create PFX.

What have we done?  This cert will now be installed on client pc’s that need to connect to Azure with VPN.

Recommendations are that if you right click and install on client pc it will put it in the correct location (current user).

Browse to Trusted Root Cert Auth, Certificates, right click Import PFX.

EXPORTING ROOT CERTIFICATE

Now lets get the cert for Azure.  If you get confused which cert is for which, this below cert cannot be turned into a PFX because you can’t export the private key.  You can only make a CER which is required on Azure.

Go to CertMgr.exe to will open the current user certs that you have just created.  Go to personal certificates.

Right Click AzureCertName, export, select NO to export the private key

2

Select Next twice, select a location to save and create CER.

We need to put the cert in our Azure Virtual Network.

CREATING A Point-to-Site VPN CONNECTION IN WINDOWS AZURE

Now log into Azure, networks, new, select custom create. Enter and Name and select your Affinity Group.

3

4

Select the next arrow, enter your tenants DNS server if you have one, if not, this is not needed, Azure will provide DNS for you.  Check the box for Configure Point-to-Site VPN, next arrow twice.

5

Here you can add your local address space by selecting Add address space, next, wait 2 mins.

Here is the finished product and settings I required.

6

Next go to the Certificate tab.  Browse and upload your CER.  Here you can’t get it wrong as it won’t allow you to upload the PFX you also made.

7

8

Now go to back to your Virtual network dashboard and on the right you will see quick glance, select download client vpn package.

9

Once downloaded install it, if you get an error like I did simply select more information and force the install.

Then go to the bottom right and select the network icon, select Network VPN (this network name is what you called your Virtual Network), connect.

10

Now select connect

11

Are we connected yet? Yes

12

What can I do now?

RDP to Azure VM, and RDP to local server at the same time.  See my network configurations on my 3 different machines at once.  DC2 (Azure), Win2012r2 (local Hyper-V host), lenovo (my laptop).

See the screenshot below, access to 2 different networks at the same time and yet my local laptop ip address does not change.

13

Do I need a bigger Laptop? No, I can do everything I need from a Surface2.

Here is the Azure article to follow, minus any screen shots. http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx

Thoughts and comments welcome.

Next time we will extend the Hyper-V datacentre to Azure.

Aaron @AaronW2003