In this article, we will share with you how to configure Azure Point-to-Site VPN connection in Windows Admin Center with Azure Network Adapter.
Table of Contents
Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more.
At Ignite 2018 a couple of weeks ago, Microsoft announced several Azure integration services with Windows Admin Center, such as Azure Backup, Azure File Sync, Azure Site Recovery, Azure Network Adapter, and more. Please check the following document for the complete list of Azure integration services.
One of the features that get my attention is Azure Network Adapter. So What is Azure Network Adapter?
Azure Network Adapter in Windows Admin Center enables a one-click experience to configure a Point-to-Site VPN connection between an on-premises Windows Server 2019 or Windows 10 and an Azure Virtual Network. This helps you to automate the entire configuration for the Azure Virtual Network gateway as well as the on-premises VPN client.
Azure Point-to-Site Connection
Point-to-Site (P2S) VPN connection gives you individual server connections or machine (client) connections that you connect in from outside into your Azure Virtual Network.
Configuring a Point-to-Site connection to Azure Virtual Network especially when dealing with certificates is not an easy task, it is a lengthy process. Thanks to the Azure Network Adapter feature in Windows Admin Center that makes it easy!
Microsoft has a detailed step-by-step guide on how to configure a Point-to-Site connection to Azure Virtual Network, so if you are interested in the manual approach, please check the following guide.
The prerequisites are very simple as follows:
You need to make sure you are running Windows Admin Center (WAC) Version 1809 or later, and your endpoint machine is running either Windows Server 2019, Windows Server Version 1809, or Windows 10 Version 1809.
Once Windows Admin Center is deployed in your environment, you are ready to start.
Configure Azure Point-to-Site VPN
To configure Azure Point-to-Site connection using Windows Admin Center, take the following easy steps:
1) In Windows Admin Center, connect to the desired server and click on Network. This server is deployed in a VM and has a single virtual network adapter. This could be a physical machine as well. Click on Actions and select + Add Azure Network Adapter.
2) You will be prompted to authenticate to your Azure account. If you have already authenticated with Azure, then you can skip this step. Azure authentication is required for other services in Windows Admin Center as well.
3) Microsoft Azure Virtual Network Settings will be populated, so you can see the list of all Azure Subscriptions that you have and the location for Azure Region, select the target Virtual Network. Microsoft also added deep links, so if you can click on View selected Virtual Network in Azure Portal, it will take you directly into the virtual network that you selected so you can do more advanced operations directly from Azure.
4) The next step is to configure Azure Virtual Network Gateway Settings, if you already have a virtual network with Gateway Subnet already created, it will be selected by default, if you don’t have one, Windows Admin Center will create a new Gateway Subnet for you. Next, you need to select the Gateway SKU depending on how much bandwidth do you need (VpnGw1 being the lowest cost and VpnGw3 being the highest cost), and lastly, you have to give the client an address space for what you want to connect to.
The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. Please make sure to specify a private IP address range that does not overlap with the on-premises location that you connect from or the Virtual Network that you want to connect to. The last option is an Authentication Certificate, Microsoft by default will auto-generate a Self-Signed Certificate for you, but if you do create your own Certificate or you have an internal CA, then you can use it. When ready, click Create.
5) You are done! The configuration will take around 35 minutes for the virtual network gateway creation to be completed. However, If you add another machine to the same virtual network, the P2S configuration will take now up to 10 minutes for Azure to complete the update since the virtual network gateway is already created.
Validate Azure Point-to-Site VPN Connection
If you switch to the Azure Portal and browse to the virtual network gateway, you can see the Point-to-site configuration is populated with the Address pool that you defined in Windows Admin Center including the certificates.
After a short period of time, Windows Admin Center will send you three notification messages that Point to Site VPN connection is completed successfully.
You will also see a new Network Adapter name starting with WACVPN- populated in Windows Admin Center with the status connected. You can also Disconnect/Connect the VPN connection directly in Windows Admin Center.
Last but not least, if you switch to the machine with Point to Site connection, you will see now a new adapter for the VPN connection, and finally you can validate the traffic is going through and able to reach any virtual machine attached to the Azure Virtual Network.
Azure Network Adapter in Windows Admin Center is an easy way for you to set up a Point-to-Site connection into your Azure Virtual Network. Even if you have actually set up your Azure virtual network for gateway connectivity, Azure Network Adapter will do that for you, and walk you through it in a way that is very easy to set up. Behind the scene Azure Network Adapter will do the following:
- Takes care of configuring the Azure Virtual Gateway.
- Handles self-signed certificates, or user-generated.
- Auto-reconnect is enabled. This is a great option especially when the connection is unreliable, and you don’t have someone sitting on the server to hit reconnect.
- The connection is persistent even when you are not logged in.
At the time of this writing, Azure Network Adapter in Windows Admin Center is still in public preview, I expect additional enhancement in the near future.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download the latest copy of Windows Admin Center from here, deploy it in a failover cluster, and enjoy the modern server management.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.