Easy VPN with Windows Azure Connect

Windows Azure and Windows Azure Connect are like chocolate and peanut butter – awesome together, but pretty good on their own as well. As many blogs (e.g. Maarten's blog and Adam's blog) have pointed out, you can use Windows Azure Connect to create a secure network connection between your own machines, regardless of where they are. Let’s say you have an on-premise line-of-business (LoB) server and roaming users who want to access it from the field. Without network configuration or expensive VPN hardware, you can install the Windows Azure Connect Endpoint on your machines and configure them to connect in a matter of 5 minutes. The easiest way to set this up is to follow the below steps:

1. Install the Windows Azure Connect Endpoint software on the LoB server and laptop using the install link from the Windows Azure Management Portal. Full instructions are at here.

2. Create an endpoint group containing all of the machines you would like connect. In the “Create a New Endpoint Group” dialog, check the “Interconnected” checkbox. This checkbox allows all of the machines in the group to connect to each other.

3. Wait up to 5 minutes for the endpoints to implement the new connectivity. At this point, your machines can connect. (If you’re in a hurry, you can also manually refresh on your machines if you follow the instructions here).

One caveat worth noting: in certain networks, if both Windows Azure Connect endpoints are in the same LAN, connections will go through Windows Azure Connect instead of the local LAN connection. If some of your machines are always on the same network, consider putting them in a separate, non-interconnected group and following the next set of instructions.

Using the “Interconnected” checkbox works well if you’re ok with having all of your machines connect to each other, but sometimes you want a little more control. For instance, say you have two roaming laptops that you want to connect to your LoB server, but you don’t want them to connect to each other. Maybe they belong to customers or outside contractors, or maybe you’re connecting branch offices to the central office. Instead of using interconnection, you can create endpoint groups and connect them to each other. Machines in the first group will be able to connect to machines in the second, but not to each other. To set this up, follow the steps below.

1. Install the Windows Azure Connect Endpoint on the LoB server and both laptops.

2. Create an endpoint group for the LoB server.

3. Create another endpoint group for the roaming laptops and connect it to the LoB group.

4. Wait up to 5 minutes for the endpoints to implement the new connectivity. At this point your laptops can connect to your LoB server, but not to each other.

You can mix and match interconnection and connecting endpoint groups and Windows Azure roles to build whatever kind of connectivity suits your needs.

 

--Morgan Brown