As I mentioned yesterday, I’m struggling with setting up the “perfect” lab environment for myself. So instead of trying to make it perfect, I’m just going to start by simply getting started and letting in evolve. Because starting is most of the battle, right? Most environments grow and change and become a bit messy, so I am just going to embrace a little chaos!
My starting goal is to create two networks in Azure (in two different regions) and connect them. To start I’ll need two VNETs in Azure. I also created two corresponding storage accounts in each region, so that when I’m building my servers, everything is as neat an organized as I can make it.
In each of the networks, I carved out a few subnets, because I don’t know exactly what I’m doing with them yet. Keep in mind you will need to make at a small Gateway subnet in each. Also, as soon as you put a VM in a subnet, you can no longer edit it.
- ImperfectNet – 192.168.1.0/22 (West region)
- AnotherNet – 192.168.4.0/23 (East region)
Because I want to connect them together with site-to-site networking, I have to create corresponding “local” networks in Azure to sort of trick each network into thinking its connecting to a physical network. So under the “Local Networks” tab, I created “ImperfectLocal” and “AnotherLocal” with the same IP address ranges as the virtual networks. Be sure to put in a fake VPN Gateway Address as a placeholder here, you’ll update it later after Azure gives you a real gateway address.
In each network, I threw the ticky-box under Site-to-Site Connectivity, selected the correct “local” network and then created the Gateway subnet. After everything was finished configuring, when you return to the dashboard page of each network, you will see the remote network showing. Azure will tell you that “the gateway was not created”.
Click “create gateway” at the bottom. For VNET to VNET connectivity, you have to go with Dynamic Routing. Do this for each network and wait for it to complete. (Creating gateways actually takes a while, this might be a good time to get lunch.)
Once your gateways are created, write down the IP addresses carefully and then edit those “local networks” with the fake VPN gateways to the correct ones Azure just assigned you.
Finally, you have connect the networks together with shared key. There isn’t any way to do this in the portal, so pop over to PowerShell and use the following code to hook them together. You have to run the command twice with the corresponding network names and the SAME shared key. Please make your key longer then the sample I put in here.
Set-AzureVNetGatewayKey -VNetName YourVNETName -LocalNetworkSiteName TheOppositeLocalNet -SharedKey abc123xyz
Set-AzureVNetGatewayKey -TheOtherVNetName YourVNETName -LocalNetworkSiteName TheOtherLocalNet -SharedKey abc123xyz
So now I’ve got two connected networks in Azure, albeit empty of servers. Next up… starting to build out my “imperfect” domain.
One more thing… if you want the offical “Azure” instructions for this, complete with images, go to http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx.