Press "Enter" to skip to content

Azure DR Part 1: Set Up Virtual Network

Deirdre O'Leary Deirdre O'Leary
April 26, 2016
1 Comment

Aim: Create a virtual network & machine in Azure to which on-premises SQL Server databases can be backed up as part of a Disaster Recovery process.

Create the virtual network:

In the Azure portal, scroll down through the list of resources on the left-hand side & select Networks. In the Virtual Networks tab on the main pane, click “Create a Virtual Network”. This will only appear if this is the first virtual network created, otherwise click New at the bottom of the pane.

01_Portal

On page 1, type a name for the virtual network & pick a suitable location.

02_CreateVPN_01

Do not make any changes to the settings on page 2.

02_CreateVPN_02

On page 3, add a suitable address space & subnet (if necessary). Click the tick to start creation of the virtual network. The ranges of IP addresses for the address space should not overlap with the IP addresses of the on-premises network.

02_CreateVPN_03

Once the virtual network has been created, it should be visible in the list on the main pane.

03_VPNCreated

Create a virtual machine in the virtual network:

Virtual machines cannot be added to virtual networks retrospectively. They must be added to the relevant virtual network on creation (page 3).

Scroll up through the list of resources on the left-hand side & select Virtual Machines. Click New at the bottom of the pane to create a new VM from the Gallery. On page 1, choose a suitable SQL Server image. This will install a VM running SQL Server & the price of the relevant SQL Server licence will be included in the price of the VM.

04_CreateVM_01

On page 2, type a name for the VM, select the tier & size, & set the administrator username & password.

04_CreateVM_02

On page 3, in the “Region/Affinity Group/Virtual Network” drop-down, choose the virtual network that was created in the previous step.

04_CreateVM_03

Do not make any changes on page 4. Click the tick to start creation of the VM.

04_CreateVM_04

Once the VM has been created, connect to it using the administrator account. Open the “Network and Sharing Centre” & click “Advanced sharing settings”. Turn on network discovery & file sharing, & save changes.

05_VMDiscoverySharing

Configure point-to-site connectivity:

Configuring point-to-site connectivity will allow the connection of the on-premises server to the Azure virtual network.

In the Azure portal, scroll down through the list of resources to Networks & click on the virtual network to expand the Dashboard. In the Configure tab on the main pane, tick “Configure point-to-site connectivity”. Add a suitable address space & Gateway subnet. The ranges of IP addresses for the address space should not overlap with the IP addresses of the on-premises network. Save the changes.

06_PointToSite

Click on the Dashboard tab of the main pane to see the virtual network diagram. Note that the gateway has not yet been created. Click “Create Gateway” at the bottom of the pane to start the gateway creation. This can take some time, e.g. 20-40 minutes.

07_CreateGateway

Once the gateway has been created, click on the Configure tab of the main pane & add a public DNS server, e.g. Google (8.8.8.8). This will allow the VM to access the internet if there is no DNS server set up for the network. For this change to take affect, the VM must be restarted.

08_SetDNS_01

In the on-premises server, open “Network and Sharing Centre”. Click “Change Adapter Settings” & right-click on the relevant network connection (e.g. Ethernet or WiFi) & click Properties. Highlight “Internet Protocol Version 4 (TCP/IPv4) & Properties” & click Properties. Set the preferred to the local on-premises DNS server & the alternative to the same public DNS server that was set in the previous step (e.g. Google). This will allow the on-premises server to access the internet.

08_SetDNS_02

To create a root certificate which will allow the on-premises server to connect to the virtual network, launch “Developer Command Prompt for VS” as administrator. If Visual Studio 2013 is installed, this can be found in C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts\. Run the following to create the root certificate. Note that the destination directory must be created beforehand.

makecert -sky exchange -r -n "CN=testVPNCert01" -pe -a sha1 -len 2048 -ss My "C:\Certs\Azure\testVPNCert01.cer"

09_CreateRootCert

In the Azure portal, open the Certificates tab for the virtual network & click “Upload a Root Certificate”.

10_UploadRootCert_01

Upload the root certificate that was created in the previous step.

10_UploadRootCert_02

Once the root certificate has been uploaded, it should be visible in the Certificates pane.

11_UploadRootCert_03

To create a client certificate associated to the root certificate, return to the “Developer Command Prompt for VS” window & run the following.

makecert.exe -n "CN=testVPNCert01Client" -pe -sky exchange -m 96 -ss My -in "testVPNCert01" -is my -a sha1

12_CreateClientCert

In the Azure portal, open the Dashboard tab for the virtual network & click “Download 64-bit Client VPN Package”.

13_DownloadClient

Once the download has completed, unblock & run the package on the on-premises server. Click Connect.

14_ConnectToVPN

In the Azure portal, refresh the Dashboard pane. The new client should be visible.

15_Gateway

Take note of the internal IP address of the VM (either from the Azure portal or from within the VM using ipconfig). Verify that the VM is accessible from the on-premises server by accessing its C drive, e.g. \\10.0.0.4\C$.

16_VerifyConnection

Next: I plan to set up SQL Server backups to the Azure VM where they will be tested via restore & integrity checks.

Categories:Disaster Recovery

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *