Wednesday, December 16, 2015

Step by Step Configuration of Traffic Manager in Azure

we will configure the Traffic Manager to direct traffic to the closest instanced based on latency.
image
Step 1: Create a Traffic Manager Profile
  1. In the Azure portal, navigate to Traffic Manager
     
    image
     
  2. Click Create a Traffic Manager Profile. or at the bottom of the portal click New, click Network Services, click Traffic Manager, then click Quick Createto begin configuring your profile.
     
    image
     
  3. Configure the DNS prefix. Give your traffic manager profile a unique DNS prefix name. You can specify only the prefix for a Traffic Manager domain name. Select the appropriate subscription and select the load balancing method. Select the load balancing method. For more information about load balancing methods, see About Traffic Manager Load Balancing Methods.  and Click “Create” to create your new profile.
     
    image
     
  4. When the profile configuration has completed, you can find the newly created profile in the Traffic Manager pane in the Management Portal
     
    image
Step 2: Add a Cloud Service or Website Endpoint to the Profile
  1. In the portal in the Traffic Manager page , click the Endpoints tab to view the endpoints

    image

  2. At the bottom of the page, click Addto access the Add Service Endpoints dialogue box. It will lists the cloud services in your subscription under Service Endpoints.  In our case we are running our App in VMs contained by Cloud Service.  So we will select the cloud services in the list to enable them as endpoints for this profile.   If we had Azure websites, we would click the Service Type dropdown, and then select Website.

    After you select the endpoints for this profile, click the checkmark on the lower right to save your changes.

    image

  3. In the configure tab, you will find the DNS Name you gave your profile (in case you forgot what you entered)

    image

    To point your company domain name to a Traffic Manager domain name, modify the DNS resource record on your Internet DNS server to use the CNAME record type, which maps your company domain name to the domain name of your Traffic Manager profile.  for example:

    www.contoso.com IN CNAME canitprocampapp.trafficmanager.net
Step 3: Test the Profile
To test our profile I connected to all my VMs and edited the logo on each server to show a specific tag
image image image image
1 and 2 are the 2 instances in the “East US” zone, Central 1 and 2 are in the “Central US” zone.
from Ottawa, Ontario I opened a browser and navigated to http://CanITProCampApp.trafficmanager.net and got the following result:
image
I asked one of my coworkers in Vancouver BC to do the same and he got the following result:
image
Posted by at No comments:

Thursday, November 19, 2015

Working with Virtual Network in azure

To create a virtual network

To create a VNet by using the Azure portal, follow the steps below. Note that the screenshots are provided as examples. Be sure to replace the values with your own. For more information about working with virtual networks, see the Virtual Network Overview.
  1. From a browser, navigate to the Azure portal and, if necessary, sign in with your Azure account.
  2. Click New > Networking > Virtual Network.
    VNetBlade
  3. Near the bottom of the Virtual Network blade, from the Select a deployment model list, select Resource Manager, and then click Create.
    Select Resource Manager
  4. On the Create virtual network blade, configure the VNet settings. In this blade, you'll add your first address space and a single subnet address range. After you finish creating the VNet, you can go back and add additional subnets and address spaces. This is a current limitation of the portal. You can always come back to update these values by editing the VNet properties in the portal, or by using PowerShell. The values that you use will depend on the configuration you want to create. Be sure to refer to your planned configuration values.
    Create virtual network blade
  5. Verify that the Subscription is the correct one. You can change subscriptions by using the dropdown.
  6. Click Resource group and either select an existing resource group, or create a new one by typing a name for your new resource group. If you are creating a new group, name the resource group according to your planned configuration values. For more information about resource groups, visit Azure Resource Manager Overview.
  7. Next, select the Location settings for your VNet. Note that the location will determine where the resources that you deploy to this VNet will reside. You can't change this later without redeploying your resources.
  8. Select Pin to dashboard if you want to be able to find your VNet easily on the dashboard, and then click Create.
    Pin to dashboard
  9. After clicking Create, you will see a tile on your dashboard that will reflect the progress of your VNet. The tile will change as the VNet is being created.
    Creating virtual network tile

2. Add additional address space and subnets

You can add additional address space and subnets to your VNet once it has been created.

To add address space

  1. To add additional address space, click All settings to open the Settings blade.
  2. On the Settings blade, click Address space to open the Address space blade. Add the additional address space in this blade, and then click Save at the top of the blade.
    Add address space

To add subnets

  1. To add additional subnets to your address spaces, in the Settings blade, click Subnets to open the Subnets blade.
  2. In the Subnets blade, click Add to open the Add subnet blade. Name your new subnet and specify the address range, and then click OK at the bottom of the blade. Once a subnet has been created, you can use the subnets blade to view all of your subnets for a VNet.
    Subnet settings

3. Specify a DNS server

If you are creating this configuration as an exercise, refer to these values when specifying your DNS server.

To specify a DNS server

This setting allows you to specify the DNS server that you want to use for name resolution for this virtual network. It does not create a DNS server.
  1. On the Settings page for your virtual network, navigate to DNS Servers and click to open the DNS servers blade.
  2. On the DNS Servers page, under DNS servers, select Custom DNS.
  3. In the Primary DNS server field, enter the IP address of the DNS server that you want to use for name resolution.
  4. Click Save at the top of the blade to save your configuration.
    Custom DNS

4. Create a gateway subnet

Before connecting your virtual network to a gateway, you first need to create the gateway subnet for the virtual network to which you want to connect. The gateway subnet you create must be named GatewaySubnet or it won't work properly.
The gateway subnet prefix for some configurations requires a subnet of /28 or larger to accommodate the number of IP addresses needed in the pool. This means the gateway subnet prefix needs to be /28, /27, /26 etc. You may want to create a larger subnet here to accommodate possible future configuration additions.
If you are creating this configuration as an exercise, refer to these values when creating your gateway subnet.

To create a gateway subnet

Warning:
Associating a Network Security Group (NSG) to the GatewaySubnet will cause your VPN gateway to stop functioning as expected. DO NOT associate NSGs to Gateway subnets.
  1. In the portal, navigate to the virtual network to which you want to connect a gateway.
  2. In the Settings section of your VNet blade, click Subnets to expand the Subnets blade.
  3. On the Subnets blade, click +Gateway subnet at the top. This will open the Add subnetblade. The Name for your subnet will automatically be filled in with the value 'GatewaySubnet'. This value is required in order for Azure to recognize the subnet as the gateway subnet.
    Add the gateway subnet
  4. You can change the address range CIDR block if necessary. Check the specific requirements for your configuration to confirm the recommended CIDR block.
  5. Click OK at the bottom of the blade to create the subnet.

5. Create a virtual network gateway

If you are creating this configuration as an exercise, refer to these values when creating your gateway.

To create a virtual network gateway

  1. In the portal, go to New > Networking > Virtual network gateway. This will open theCreate virtual network gateway blade.
    Gateway
  2. On the Create virtual network gateway blade, in the Name field, name your gateway. This is not the same as naming a gateway subnet. It's the name of the gateway object you will be creating.
  3. Adjust the Location field to point to the location where your virtual network is located. If you don't do this, the VNet list will not show your virtual network.
  4. Next, choose the virtual network to which you want to add this gateway. Click Virtual network to open the Choose a virtual network blade. Select the VNet. In order for the VNet to appear in the list, it must already have a valid gateway subnet.
  5. Choose a public IP address. Click Public IP address to open the Choose public IP addressblade. Click +Create New to open the Create public IP address blade. Input a name for your public IP address. This will create a public IP address object to which a public IP address will be dynamically assigned. 
    Click OK to save your changes.
  6. For Gateway type, select the Gateway type that is specified for your configuration.
  7. For VPN type, select the VPN type that is specified for your configuration.
  8. For Subscription, verify that the correct subscription is selected.
  9. The Resource group is determined by the Virtual Network that you select.
  10. Don't adjust the Location after you've specified the settings above.
  11. At this point, your blade will look similar to the graphic in step 1. Verify that the settings match the settings for your own configuration. You can select Pin to dashboard at the bottom of the blade if you want your gateway to appear on the dashboard.
  12. Click Create to begin creating the gateway. The settings will be validated and you'll see the "Deploying Virtual network gateway" tile on the dashboard. Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.
    Gateway
  13. After the gateway is created, you can view the IP address that has been assigned to it by looking at the virtual network in the portal. The gateway will appear as a connected device. You can click on the connected device (your virtual network gateway) to view more information.

6. Create a local network gateway

The local network gateway refers to your on-premises location. Give the local network gateway a name by which Azure can refer to it.
If you are creating this configuration as an exercise, refer to these values when adding your local site.

To create a local network gateway

  1. In the portal, navigate to New > Networking > Local network gateway.
    create local network gateway
  2. On the Create local network gateway blade, specify a Name for your local network gateway object.
  3. Specify a valid public IP address for the VPN device or virtual network gateway to which you want to connect.
    If this local network represents an on-premises location, this is the public IP address of the VPN device that you want to connect to. It cannot be behind NAT and has to be reachable by Azure.
    If this local network represents another VNet, you will specify the public IP address that was assigned to the virtual network gateway for that VNet.
  4. Address Space refers to the address ranges for the network that this local network represents. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks that you want to connect to.
  5. For Subscription, verify that the correct subscription is showing.
  6. For Resource Group, select the resource group that you want to use. You can either create a new resource group, or select one that you have already created.
  7. For Location, select the location that this object will be created in. You may want to select the same location that your VNet resides in, but you are not required to do so.
  8. Click Create to create the local network gateway.

7. Configure your VPN device

To configure your VPN device, you'll need the public IP address of the virtual network gateway for configuring your on-premises VPN device. Work with your device manufacturer for specific configuration information and configure your device. Refer to the VPN Devices for more information about VPN devices that work well with Azure.
To find the public IP address of your virtual network gateway using PowerShell, use the following sample:
Copy
Get-AzureRmPublicIpAddress -Name GW1PublicIP -ResourceGroupName TestRG
You can also view the public IP address for your virtual network gateway by using the Azure portal. Navigate to Virtual network gateways, then click the name of your gateway.

8. Create a Site-to-Site VPN connection

Create the Site-to-Site VPN connection between your virtual network gateway and your VPN device. Be sure to replace the values with your own. The shared key must match the value you used for your VPN device configuration.
Before beginning this section, verify that your virtual network gateway and local network gateways have finished creating. If you are creating this configuration as an exercise, refer to these values when creating your connection.

To create the VPN connection

  1. Locate your virtual network gateway and click All settings to open the Settings blade.
  2. On the Settings blade, click Connections, and then click Add at the top of the blade to open the Add connection blade.
    Create Site-to-Site connection
  3. On the Add connection blade, Name your connection.
  4. For Connection type, select Site-to-site(IPSec).
  5. For Virtual network gateway, the value is fixed because you are connecting from this gateway.
  6. For Local network gateway, click Choose a local network gateway and select the local network gateway that you want to use.
  7. For Shared Key, the value here must match the value that you are using for your local VPN device. If your VPN device on your local network doesn't provide a shared key, you can make one up and input it here and on your local device. The important thing is that they both match.
  8. The remaining values for SubscriptionResource Group, and Location are fixed.
  9. Click OK to create your connection. You'll see Creating Connection flash on the screen.
  10. When the connection is complete, you'll see it appear in the Connections blade for your Gateway.
    Create Site-to-Site connection

9. Verify the VPN connection

You can verify your VPN connection either in the portal, or by using PowerShell.

To verify your connection by using PowerShell

You can verify that your connection succeeded by using the Get-AzureRmVirtualNetworkGatewayConnection cmdlet, with or without -Debug.
  1. Use the following cmdlet example, configuring the values to match your own. If prompted, select 'A' in order to run 'All'. In the example, -Name refers to the name of the connection that you created and want to test.
    Copy
    Get-AzureRmVirtualNetworkGatewayConnection -Name MyGWConnection -ResourceGroupName MyRG
  2. After the cmdlet has finished, view the values. In the example below, the connection status shows as 'Connected' and you can see ingress and egress bytes.
    Copy
    Body:
{
  "name": "MyGWConnection",
  "id":
"/subscriptions/086cfaa0-0d1d-4b1c-94544-f8e3da2a0c7789/resourceGroups/MyRG/providers/Microsoft.Network/connections/MyGWConnection",
  "properties": {
    "provisioningState": "Succeeded",
    "resourceGuid": "1c484f82-23ec-47e2-8cd8-231107450446b",
    "virtualNetworkGateway1": {
      "id":
"/subscriptions/086cfaa0-0d1d-4b1c-94544-f8e3da2a0c7789/resourceGroups/MyRG/providers/Microsoft.Network/virtualNetworkGa
teways/vnetgw1"
    },
    "localNetworkGateway2": {
      "id":
"/subscriptions/086cfaa0-0d1d-4b1c-94544-f8e3da2a0c7789/resourceGroups/MyRG/providers/Microsoft.Network/localNetworkGate
ways/LocalSite"
    },
    "connectionType": "IPsec",
    "routingWeight": 10,
    "sharedKey": "abc123",
    "connectionStatus": "Connected",
    "ingressBytesTransferred": 33509044,
    "egressBytesTransferred": 4142431
  }

To verify your connection by using the Azure portal

In the Azure portal, you can view the connection status by navigating to the connection. There are multiple ways to do this. Below is one way to navigate to your connection.
  1. In the Azure portal, navigate to Virtual network gateways. Click your gateway name.
  2. In the pane, under Settings, click Connections. You can see the status of each connection.
  3. For more information about the connection, click the name of the connection. In the Essentials page for your connection, pay attention to the Connection Status. The status will be 'Succeeded' and 'Connected' when you have made a successful connection. You can check the data flowing through by looking at Data in and Data out.
    In the example below, the Connection Status is 'Not connected'.
    Verify connection
Posted by at No comments:
Subscribe to: Posts (Atom)