[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Microsoft AZURE Setup

Posted on 2014-08-03
11
Medium Priority
?
1,016 Views
Last Modified: 2014-11-12
Hi,

 I created a trial Microsoft AZURE account for testing.
 In that I created a Virtual Machine running Windows 2012 R2 Server as a domain controller.  I have been setting up on-premises File Server boxes only; therefore I am new to this. With that I just have some questions and let me ask one at a time.

 So far:
 - I spun up Windows 2012 VM and installed Active Directory with DNS service.
 - Create three user accounts in AD.

 Here is 1st question:
 (1) In on-premises File Server system, you join Windows 7 workstation to the domain and log in to the domain using your account which runs login script (for drive mapping .. etc). Then the user sees the desktop screen with application icons & printers. So you access files/folders via map drives (F, G .. etc) and print.
     
  How does this work in AZURE Cloud system?  Windows 7 OS is not an option in when creating a new VM. If I can't create a virtual machine running Windows 7 or 8, how do users log in to the W2012/VM? What is the process?

Thanks.
 




 

      How do
0
Comment
Question by:sglee
  • 5
  • 5
11 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40237826
You can create a VPN tunnel between Azure and your on-premises network. Then you can join local workstations to the domain. This works very much like on-premises AD networks with multiple sites. Just think of azure as another site and define it that way in AD sites and services.
0
 

Author Comment

by:sglee
ID: 40237838
"create a VPN tunnel between Azure and your on-premises network" --> Is this a constant VPN between on-premises network and Azure? If this is the case, then I need a new router (at my customer site) that is capable of doing a VPN.
Or can I create MS VPN on each user workstation?
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 40237873
Since we are talking about Active Directory and the workstation needs to see the DC *before* login, it needs to be a site-to-site VPN, not per workstation. It'll be a constant connection. It also means you have a single point of failure.

There are situations where putting a DC in Azure makes sense. But given that you don't have a router in place, and it sounds like it'll be a single connection, when you take into account the latency issues, the single point of failure, and a few other considerations, I'd recommend rethinking this course of action. I don't think a DC in Azure is a good fit for this situation.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:sglee
ID: 40237884
TCPIP on DC in CloudI have set up a VPN router like Linksys/CISCO RV042 which was simple. I could have CISCO 1811 and have it configured for me. But I did not realize MS Azure would require such a setup.

I originally imagined that I would create a multiple VMs (Windows 2012 as DC and several Windows 7 or 8 VMs in Azure. Then each user would log into their respective VM using remote desktop connection program.

 So If I understand Azure correctly, you only create servers like DC or APP Servers. And then users are actually using their own workstation PCs to connect to share folders from DC or App serves that reside in the cloud?
 If that is the case, you are correct. The user network would need constant VPN connection with Microsoft cloud system. I posted IPv4 properties from the DC. So I would need to create a VPN tunnel based on IP information above?
0
 
LVL 4

Expert Comment

by:ambatihp
ID: 40237885
You could do a site to site vpn on your file server and that should allow you to do things as if your active directory is local (also gives ability for the file server to have domain permissions and security on file shared also)

You could do the vpn on clients, but

 if the clients lost their passwords or another user who had not logged on before need to log on to domain, you will have to do a special setup like logon to WiFi before logon, plus allows ras before logon etc..
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40237895
"I originally imagined that I would create a multiple VMs (Windows 2012 as DC and several Windows 7 or 8 VMs in Azure. Then each user would log into their respective VM using remote desktop connection program."

That type of setup is called VDI and is not allowed with Azure. In fact, Microsoft does not offer desktops via SPLA so there Is no legal way to have a hosted VM like you describe with any provider. So this limitation is not just Azure.

Regarding creating the VPN tunnel, no, you would not use the information above. You actually need to create the VPN through the Azure portal, not within the VM. This is because of how Azure virtualizes the network. Like I said, setting up Azure for this kind of use is not trivial (and it'll be expensive.)
0
 

Author Comment

by:sglee
ID: 40238109
I know of a customer who uses remote desktop (on workstation PC) to connect to the terminal server of the "cloud" provider. Once connected, each user sees their desktop where Word/Excel/Outlook/QuickBooks/IE plus any other business apps.
They pay about $600 per month and I thought Microsoft Azure is something like that.

Again I thought that, in Azure, if I can't create Win7 VMs, I can create another Windows 2012 VM and add  Remote Desktop Service/Terminal Service role and let each user log in to that terminal server using remote desktop connection using 3389 or 3390.

If AZURE requires constant VPN connection, what happens if you travel and need to run QuickBooks off the cloud server then?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40238140
No, azure is nothing like a cloud-based VDI solution.

Azure does not require a constant VPN connection, nor have I ever said it does. But if you have a domain controller in azure and you want client machines to be able to log in using that DC, *that* requires a VPN connection. This is not unique to azure. If a company has two offices, one in Seattle, and one in New York, and you only have a DC in Seattle, New York would need a network connection (VPN, etch) to Seattle for machines to access the DC. Azure is no different.

You cannot have win7/8 VMs in azure. But you can set up an RDS server. You'll need RDS CALs and will need to setup up all the RDS stuff to make it work. Multiple VMs. And yes, you can open it up so you can access it from any client on the internet. That isn't very secure, but it is doable.
0
 

Author Comment

by:sglee
ID: 40238158
Cliff,
 
 How would you do it if the goal was to move all the data to the cloud so that you have connect to the cloud system to run Word/Excel/Outlook/QuickBooks and other business apps no matter where you are around the world?
 On-premises file server system is NOT an option. This business already has a VPN router where there is a VPN tunnel between two offices.

  VPN as I have experienced is a slow connection. That is the reason I am surprised.
  Based on my experience, Terminal Server solution provides the fastest experience to the users. Maybe I need to look for VDI solution provider.

 I can set up Terminal and App Server in my shop for this customer (they only have 4 users). But I don't have extra power generator or system redundancy, I can't host mission critical data or apps in my shop and that was the reason I was looking to use Microsoft.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40238193
I am not in the habit of providing my consulting services for free. If you have a specific question about azure, I will answer it. But asking me to plan out an entire solution is well beyond what I (or most other experts here) will do.
0
 

Author Comment

by:sglee
ID: 40238205
understood.

Thanks for your help.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question