[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows Azure on local AD

Posted on 2014-04-08
12
Medium Priority
?
437 Views
Last Modified: 2014-11-12
We are wanting to do some testing in Azure.  I've spent the past two weeks trying to make the following scenario work but keep hitting speed bumps.  Any advice would be greatly appreciated:

I've created an Azure 2012 server.  I would like to have this be a member of our local AD domain.  I would also like to have the test users be able to use their local AD credentials to log onto the Azure server and our application.  Example:

Azure server name:
TestAzureServer

Local AD domain name:
4dcompany.com

Local test user credentials:
paulj@4dcompany.com
password

Ultimately TestAzureServer would be a member of 4dcompany.com and Paul J would log on as paulj@4dcompany.com, thereby being authenticated in the domain for our application.

Any advice on how to make this happen?

Thanks.

Felmer
0
Comment
Question by:fcummins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39986294
Create a site-to-site VPN connection (was in testing up to a couple of weeks ago)

Otherwise, create a windows VPN between the two servers and you should have adequate connectivity to connect the two sites.

Get a second NIC which is in the same subnet as your LAN
0
 

Author Comment

by:fcummins
ID: 39986352
Imtiaz,

Thanks for the reply.  Re: your suggestion for site-to-site ... that's what I thought but was told by our MS Advisory consultant that it needed point-to-site, which makes no sense to me as I thought that was the reverse of what I was looking to do.  Can you verify that you meant site-to-site?

I did try to set up a VPN connection on TestAzureServer that would connect to our Win 2012 R2 RRAS VPN but it failed with error 800.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39986385
I did mean site-to-site but point to site would also work.

Error 800 means you couldn't get in. please ensure GRE Protocol and port 1723 is open on your FW.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:fcummins
ID: 39994137
Imtiaz

Would setting up the AD integration between Azure and our local AD also accomplish the same thing - i.e. the Azure server "on" our local network using our local AD for security?
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39994611
It would, however, you cannot modify the AD using the Azure network - I am currently deploying the Directory Sync Setup.
0
 

Author Comment

by:fcummins
ID: 39994618
That's the next phase as we need the Directory Sync for single sign on with Office 365.  Interested to know how it goes for you ...
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39997511
Hi,

I am extremely tied up with work for the next couple of weeks so postponed by DirSync with Azure but you can get a lot of articles - one of my most interesting discussion panel has been https://www.youtube.com/watch?v=MfcjwNxy5ks with it's huge amount of information
0
 

Accepted Solution

by:
fcummins earned 0 total points
ID: 40007721
I eventually got both Microsoft RRAS working as well as SonicWall VPN (not officially supported by Microsoft).  The SonicWall was much easier than the RRAS and, honestly, I feel much better about the security of using SonicWall's VPN instead of the RRAS outside of our firewall but also inside (the MS tech said it would work if it was in SonicWall's DMZ).

Go ahead and close this and thanks for the suggestions.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40008199
Dear Fcummins,

Please ensure you patch your sonicwall for heartbleed.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40008233
PS - the closing needs to be done on your end.
0
 

Author Comment

by:fcummins
ID: 40008614
Thanks, Imtiaz.
0
 

Author Closing Comment

by:fcummins
ID: 40017018
The original scope of the question was using RRAS to configure a VPN with Azure.  I was unable to do it and used SonicWall instead.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question