Connect to Azure Stack

Applies to: Azure Stack Development Kit

To manage resources, you must connect to the Azure Stack Development Kit. This topic details the steps required to connect to the development kit. You can use either of the following connection options:

  • Remote Desktop: lets a single concurrent user quickly connect from the development kit.
  • Virtual Private Network (VPN): lets multiple concurrent users connect from clients outside of the Azure Stack infrastructure (requires configuration).

Connect to Azure Stack with Remote Desktop

With a Remote Desktop connection, a single concurrent user can work with the portal to manage resources.

  1. Open a Remote Desktop Connection and connect to the development kit. Enter AzureStack\AzureStackAdmin as the username, and the operator's password that you provided during Azure Stack setup.

  2. From the development kit computer, open Server Manager, click Local Server, turn off Internet Explorer Enhanced Security, and then close Server Manager.

  3. To open the user portal, navigate to (https://portal.local.azurestack.external/) and sign in using user credentials. To open the Azure Stack operator's portal, navigate to (https://adminportal.local.azurestack.external/) and sign in using the Azure Active Directory credentials specified during installation.

Connect to Azure Stack with VPN

You can establish a split tunnel Virtual Private Network (VPN) connection to an Azure Stack Development Kit. Through the VPN connection, you can access the Azure Stack operator's portal, user portal, and locally installed tools such as Visual Studio and PowerShell to manage Azure Stack resources. VPN connectivity is supported in both Azure Active Directory(AAD) and Active Directory Federation Services(AD FS) based deployments. VPN connections enable multiple clients to connect to Azure Stack at the same time.

Nota

This VPN connection does not provide connectivity to Azure Stack infrastructure VMs.

Prerequisites

Configure VPN connectivity

To create a VPN connection to the development kit, open an elevated PowerShell session from your local Windows-based computer and run the following script (make sure to update the the IP address and password values for your environment):

# Configure winrm if it's not already configured
winrm quickconfig  

Set-ExecutionPolicy RemoteSigned

# Import the Connect module
Import-Module .\Connect\AzureStack.Connect.psm1 

# Add the development kit computer’s host IP address & certificate authority (CA) to the list of trusted hosts. Make sure to update the the IP address and password values for your environment. 

$hostIP = "<Azure Stack host IP address>"

$Password = ConvertTo-SecureString `
  "<operator's password provided when deploying Azure Stack>" `
  -AsPlainText `
  -Force

Set-Item wsman:\localhost\Client\TrustedHosts `
  -Value $hostIP `
  -Concatenate

# Create a VPN connection entry for the local user
Add-AzsVpnConnection `
  -ServerAddress $hostIP `
  -Password $Password

If the set up succeeds, you should see azurestack in your list of VPN connections.

Network connections

Connect to Azure Stack

Connect to the Azure Stack instance by using either of the following two methods:

  • By using the Connect-AzsVpn command:

    Connect-AzsVpn `
      -Password $Password
    

    When prompted, trust the Azure Stack host and install the certificate from AzureStackCertificateAuthority onto your local computer’s certificate store. (the prompt might appear behind the PowerShell session window).

  • Open your local computer’s Network Settings > VPN > click azurestack > connect. At the sign-in prompt, enter the username (AzureStack\AzureStackAdmin) and the password.

Test the VPN connectivity

To test the portal connection, open an Internet browser and navigate to either the user portal (https://portal.local.azurestack.external/) or the operator portal (https://adminportal.local.azurestack.external/), sign in and create resources.

Next steps

Make virtual machines available to your Azure Stack users