Jaa


#7 - Configure Name resolution over P2S VPN Connection

 

This post is Part #7 of the:

Windows Azure Monitoring over P2S VPN using System Center 2012 Operations Manager

Available here: https://blogs.technet.com/b/manageabilityguys/archive/2013/11/05/windows-azure-infrastructure-as-a-service-iaas-point-to-site-p2s-test-vpn-setup-virtual-machine-monitoring-over-p2s-vpn-by-using-system-center-2012-operations-manager.aspx

  

Please make sure you read previous post(s) beforehand.

  

Link to previous part:

#6 - Configure and connect the P2S VPN Client to the Windows Azure P2S VPN 

  

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

  

Before the actual Agent deployment (to be covered on last Part 8) we now need to ensure name resolution is in place across-premises.

  

In this scenario the machine that will be used to establish the P2S VPN connection will be the same used for cross-premises name resolution.

  

To further help you understand the scenario, the P2S Client Machine is also running the following workloads:

  • Domain Controller
  • DNS Server
  • SQL Server
  • Operations Manager Management Server

  

I appreciate this won't be the only one scenario nor even the best one for various reasons.

  

Hence please see it as just an easy way to get a TEST LAB working to be able to achieve our end goal: the seamless push deployment of the Operations Manager Agent to the Windows Azure Virtual Machine.

  

Now getting to the actual setup:

  

To get the On-Prem DNS to resolve names for the Virtual Machines in Windows Azure you first of all connect to Windows Azure using the P2S connection as outlined on Part 6.

  

Then go ahead and set the DNS Configuration settings to listen on the IP Addresses that relate to the On-Prem network and the Cloud network:

  

  

Note: The P2S IP Address most probably will change if reconnecting, therefore you may rather prefer to choose ALL IP Addresses.

  

After you need to make sure the server name can be resolved via the Azure IP address by using the DNS server:

  

  

Also you could even make sure the reverse lookup for the Azure P2S subnet is defined in the DNS Server:

  

  

  

Then you will have to configure the On-Premises Network to resolve the Windows Azure Virtual Machine name.

  

If you try to ping either the IP or server name at this time it would fail as shown:

  

  

You will now have to configure name resolution for the Windows Azure Virtual Machine name (as pointed by the blue arrows):

  

  

  

By running a route print command we can see the entries in the routing table (as highlighted):

(This happens because we established the connection earlier on in Part 6)

 

  

Then name resolution should work as expected:

  

  

After; Go to the Windows Azure Management Portal > Virtual Machines > and select the virtual Machine.

Then on the ribbon click the option to Connect to the Virtual Machine as shown:

  

  

  

Just for the purpose of this TEST LAB scenario: After logging on to the Virtual Machine please disable the Windows Firewall.

  

After come back to the On-Premises machine you used to establish the connection (P2S VPN Client Machine).

  

From the P2S VPN Client Machine open a remote desktop connection.

  

  

Provide the required credentials:

  

  

And open the connection:

  

  

You may see the following window, just answer yes to allow the connection.

  

  

Once logged on to the Virtual Machine go to the network settings and add the DNS server IP address as shown:

(In this scenario the DNS IP is 10.0.0.8)

  

  

Note: As outlined before, please keep in mind that in case the P2S Client Machine used to establish the VPN connection is also the DNS Server (like in this scenario) the DNS IP Address set on the Virtual Machine has to be amended any type you re-connect the VPN.

  

At this time you should be able to resolve the Domain Controller server name as well as the On-Premises Domain Name to which you would need to add the machine to.

  

Hence:

  

Add the machine to the On-Premises Domain and reboot the Windows Azure Virtual Machine.

  

After rebooting the Windows Azure Virtual Machine you should be able to login to it with your Domain Account credentials. Once it becomes possible you can follow to the last Part 8 of this Blog series.

  

Next Part:

#8 - Operations Manager Agent deployment and basic monitoring testing over the Windows Azure P2S VPN connection