Save to My DOJO
As established organizations adopt a cloud migration strategy, many are realizing that moving their services to the public cloud is not an “all or nothing” operation. In fact, more businesses are opting to use a hybrid cloud approach, where their critical or sensitive data, such as customer records or intellectual property will usually remain on-premises. They will deploy their scalable or commodity services, such as their web servers, on the public cloud. To connect these distributed components, administrators need to configure some type of secured and reliable network connection between their datacenter and the public cloud to create a hybrid cloud application. However, setting up this secure interface between sites has traditionally been challenging.
In the past, deploying the cross-premises virtual adapter basically required setting up a site-to-site VPN connection between two endpoints. The on-premises site would use a VPN device and Azure would use an Azure VPN gateway on the Azure virtual network. Next you would have to go through a complex series of steps (documented here by Microsoft) which may include creating private IP address spaces, VPN devices, changes to your routing infrastructure, a web proxy, Routing and Remote Access Services (RRAS) configuration, DNS updates, AD updates, routing table updates, an IPsec shared key, along with correctly executing dozens of PowerShell cmdlets. With the latest release of Windows Server 2019, point-to-site connections no longer require a VPN device or public-facing IP address. This blog will show you how to quickly configure this connection using Windows Admin Center with Windows Server 2019.
Hybrid Cloud Connectivity with Windows Admin Center
The latest release of Windows Server 2019 has enabled the hybrid cloud connection to be made using the new Azure Network Adapter which is configured from Windows Admin Center (Demo of WAC here if interested). Windows Admin Center started as a centralized GUI management console for Windows Server hosts, clusters and virtual machines. It has since evolved to support a variety of other roles, including some hybrid cloud management capabilities. In addition to supporting the Azure Network Adapter, WAC also provides identity through Azure Active Directory authentication, basic management of Azure IaaS virtual machines, disaster recovery for VMs using Azure Site Recovery, and patching of VMs using Azure Update Management.
Windows Admin Center is a powerful suite of management tools. If you want to learn more, we have a webinar coming up led by two expert Microsoft MVPs demonstrating key features of Windows Admin Center which will provide the greatest benefit to your running of Windows Server. The live demo webinar How to Manage Windows Server Like a Boss with Windows Admin Center will be held on April 9th, 2019, and is open for registration now! Save your seat
How to Configure the Azure Network Adapter in Windows Server 2019
1. Install WAC and Prepare Microsoft Azure
Once you have planned which parts of your distributed application will run in Azure and designated a safe maintenance window, you should prepare both sites. Within your own datacenter, you need to install Windows Admin Center and ensure it has access to manage any servers which will be directly connected to Azure. If you are already using System Center or other solutions to manage those servers, that is fine, but make sure that WAC sees any servers that will function as a gateway to Azure. For Microsoft Azure, you need to ensure that you have an account which is backed by a valid payment method. Within the Azure Portal you must then deploy at least one Azure Virtual Network which is what Windows Admin Center will discover and connect to.
2. Register your Gateway with Azure
Once you have installed Windows Admin Center, the first step to unlock any of the hybrid cloud capabilities is to connect your on-premises environment to your Azure subscription. You do this by selecting the Azure tab under the WAC settings. Next, a wizard will guide you through the steps of creating an Azure AD app in your directory, the component which is used for authenticating any clients accessing this connection.
Figure 1 – Registering your Azure account within Windows Admin Center
3. Add the Azure Network Adapter
After registering your gateway to provide identity and security, you can configure the Azure Network Adapter to connect your site and hybrid applications. Through the Windows Admin Center console, select Network > Add Azure Network Adapter which will launch a wizard in the right pane. Simply enter and review the pre-populated information about the Azure subscription, location, virtual network, gateway subnet, gateway SKU, client address space, and type of authenticate certificate. Once you click create, this connection will seamlessly be established, however, this may take some time (up to 30 minutes), so be patient. As you may have inferred from reviewing the previous configuration steps, a lot of discrete tasks are happening behind the scenes. You can see the progress and status from the WAC alerts console.
Figure 2 – Adding an Azure Network Adapter from Windows Admin Center
4. Test the Azure Network Adapter
Once the wizard completes, you will see the status as “Connected” in the WAC console. To test that you have connectivity through the expected IP Address, from your on-premises server you can simply ping an IP Address on the gateway subnet which you configured. A response indicates that the connection was successful. If you look at your Network Connections under the Control Panel, you can also see a Point-to-Site VPN connection has been configured as a WAN Miniport (IKEv2).
Figure 3 – Windows Admin Center with a hybrid cloud connection to Azure
Now your hybrid cloud network has been configured and you are ready to take advantage of the public cloud. If you are migrating an existing on-premises service to Azure, make sure you closely follow every step and be sure to test the solution before you go live. Consider configuring monitoring and network load-balancing in Azure to help you scale and grow your hybrid infrastructure. One popular migration method is to take a complete backup of your on-premises application and restore it to Azure, which essentially moves your workload to the public cloud. Backup providers such as Altaro VM Backup make this easy and cost-effective, helping you streamline your hybrid cloud deployment. Also, consider using the Azure Migrate toolkit to help you plan, inventory, size, and migrate any parts of your hybrid cloud application.
How about you? Do you find this feature useful? Why or Why not? Let us know in the comments section below!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!