In Windows Azure the Virtual Network has provided you with the capability to extend your network into Windows Azure and treat deployments in Windows as a natural extension to your on-premises network. This is the same as when you connect to a remote office with a site to site VPN. Now there is more, I just found out that a few weeks ago the Azure team added in a Point to Site VPN connectivity option. This new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network.
While there are several use case scenarios, I like this feature because of the security it adds to managing my Azure Management. Previously to this feature I would manage my Azure servers by connecting to them over an RDP connection on the internet. I had to hope that someone didn’t guess or crack my RDP password. That didn’t give me the warm and secure feeling that I want because as I have written beforePasswords Suck. With the new feature I have my Azure network that I VPN into and then I RDP to my server. I removed the ability to RDP in directly from the internet. The VPN connection uses a certificate and not a weak password which further protects against a man in the middle attack. This VPN tunnel uses the Secure Sockets Tunneling Protocol and can automatically traverse firewalls and proxies, while giving you complete security.
How to Enable the Point-to-Site Functionality
To enable this functionality there are several steps that you need to do. It isn’t as easy as just clicking a check box. You need to:
- Setup your Azure Network
- Enable Site to Point connectivity in Azure Portal
- Add a gateway subnet
- Create your routing gateway
- Create a root self signed certificate
- Create a client certificate
- export both certificates
- Upload the root cert to Azure via the portal
- install the client certificate on the workstations that will VPN in
- From the Azure portal create the client VPN package
- Install the client VPN package on client VPN machines
Now your ready to VPN into your Azure network!
For detailed instructions on how to do all of the above please read our Tutorial on how to “Configure a Point-to-Site VPN in the Management Portal”