Veeam PN for Azure

by ·0 Comments

Veeam PN for Azure

Veeam PN for Azure

This solution is a free solution at Veeam. It brings new features to the Veeam solution by allowing restoration in Azure or creation of a VPN connection. It can be used for the following purposes :

  • Create site-to-site VPN betweeen company office and Microsoft Azure to connect VM restored in Azure
  • Create point-to-site VPN between remote computers and Microsoft Azure to connect VM restored in Azure
  • Allow connection to the corporate network to a remote user via Microsoft Azure

Azure PN use Open VPN technology to connect Azure network and company network.

Site-to-Site VPN site-to-site VPN permit to establish a connection before private network and Azure Network. It is therefore easier to position internal resources in Azure and make them available to the users. Traffic available to the remote network is routed to a secure channel.

Organized around a network hub, this nerwork is the core of the VPN infrastructure. He is responsible for traffic routing, encryption, authentication,… Veeam PN allows two deployment scenarios:

  • Deployment of the network hub in Azure
  • Deployment of the network hub on premise

The Network Hub is one of the points of the VPN tunnel, it’s necessary to create the other point. To do this, a gateway must be deployed. This Gateway is an Appliance whose function is to establish a secure connection with the Network Hub.

Point-to-Site VPN With this scenario, you can establish secure connection between computer and Azure. It’s therefore possible to allow the connection of a computer only and not of an entire network. In this scenario, it is necessary to configure on the Open VPN user’s workstation.

System Requirements

If Network Hub is installed on Azure, it requires Azure VM :

  • A1 minimum – 1 core, 1,75 GB of RAM memory and 70 GB of space disk.

If you choose to install it on on-premise, you need use VMware vSphere ESXi host 5.0 or later. It require :

  • 1 GB of RAM memory, 3.9 GB of space disk for thin-provisioned disk or 16 GB of space disk for thick-provisioned disk.

You need to allow port into your firewall :

  • TCP/UDP 1194, from Site Gateways to Network hub. Allows network hub to listen the connections from the site gateway
  • TCP/UDP 6179, from standalone computer to Network hub. Allows network hub to listen the connections from the standalone computer.
  • HTTPS 443, from browser to Network hub or site gateway. Permit to communicate with the network hub or site Gateway portal.
  • SSH 22, from client machine to Network hub or site gateway. Used as a control channel.

Deploy Network hub

We will first deploy the Network Hub. The hub is the component that provides VPN connections. All traffic in the VPN is routed through the network hub. The hub network is deployed in Microsoft Azure. Access to the Azure portal (Azure.microsoft.com) and click on Create a ressource.

Veeam and Azure

In the search bar, enter Veeam PN for Microsoft Azure and click enter.

Create Veeam PN

In the marketplace, click on Veeam PN for Microsoft Azure and click on Create.

Create Veem PN on Azure

Enter information for create Virtual machine (name, user name, password, …) and click on OK.

Create Veeam PN on Azure

Select the size of your virtual machine and select storage account. Choose Public IP address or create a news IP address. Choose an unique domain name for VeeamPN.

Configure Veeam PN

Configure virtual network and Subnet.

Configure Virtual Network for Veeam PN
Validate network configuration for Veeam PN

Choose the required security level and click on OK.

Configure Security Settings for Veeam PN

Provide VPN information and click to OK. On the Summary Windows, click on OK then on Create to launch installation.

Summary information before create Veeam PN

The virtual machine and other components has been deployed.

All ressources present on Azure

Configure Network Hub Settings

Into the Azure portal, click on Virtual Machine then on your virtual Applicance.

Veeam PN are present on Azure console

In the properties of your Appliance, get an Ip address.

View Public adress of Veeam PN

Open, browser on your computer and enter https://IPAdress for access to the configuration page. Enter username and password configured when you created Appliance.

Configure Veeam PN

A wizard appear, click on Next. You need authenticate in Microsoft Azure Active Directory. For this action, you need click on the link (present in Azure Setup Windows) and enter the authentification code.

Connect Veeam PN to Microsoft Azure
Connect to the Azure Portal Veeam PN

Click to continue and connect with your Azure Active Directory account. Close Windows when authentification is OK.

Enter Credential on Azure Portal for Veeam PN

On the Azure Setup wizard, click on Next.

Azure Setup for Veeam PN

Configuration has now finished, click on Finish.

Finish Azure Configuration for Veeam PN

Configure Veeam PN Services

On the configuration portal, click on Settings then on Services. Diable point-to-Site options.

Configure type of VPN on Veeam PN

The VPN settings has configured when the VM was created. You can modify this parameter if you click on VPN tab.

Configure VPN Site to site for Veeam PN

Select Alerts tab and click on No Action for configure Action. Choose the action that you want.

Configure Alerts on Veeam PN
Choose action on Veeam PN

If you choose Send Email action, you need to configure SMTP Server. Click on SMTP tab and configure SMTP Server. Check the box Use SSL and Require authentification if you use Office 365 and enter username/password. Specify email address to send alert information. Click to Apply for commit Settings.

Configure Veeam PN

You can configure SSH (Start-Stop service or configure service autostart) from the tab System. Backup, Restore or Reset configuration can also be done from tab System.

Start service for Veeam PN

Configure Client

Network hub has been configured, you must register client to have access to the VPN. Into the Network Hub portal, click on Clients then on Add.

Configure client Veeam PN

You can choose option Entire site (for Site-to-Site VPN) or Standalone computer (for Point-to-Site VPN). I want to configure Site-to-Site VPN so I choose Entire Site option. Click Next to validate the settings.

Configure entire site Veeam PN

Enter the name of the site and Network address then click on Next.

Configure Name and network address

You need download Veeam PN Open virtual Appliance and deploy it into your ESXi. You need to download the configuration file for configuring Veeam PN Open virtual Appliance.

Add Client VeeamPN
Download Client

Access vSphere Client and connect to the ESXi. Import the OVA file previously downloaded. After starting the virtual machine, retrieve the IP address of the virtual machine.

Add VM on ESXi

Launch an internet browser and enter the address http://adresseIP.

Connect Veeam PN

Enter the default credentials (root / VeeamPN) and click to Login. Enter old password and new password, click to change.

Change password on Veeam PN

On the Initial Configuration Windows, select Site Gateway and click on Next.

Configure Veeam PN

On the Initial configuration Windows, click on Browse for select configuration file previusly downloaded and click onFinish

Finish configuration VeeamPN

Wait few seconds for the connexion to the server. After having configured the network part, it’s possible to join the site present in Azure.

Test access by Veeam PN

Leave a Reply

Your email address will not be published. Required fields are marked *