This spring, Microsoft released some updates to its Windows Azure cloud service that make it much easier for users and companies to connect directly into Microsoft-owned Azure data centers and work with machines and services that are running on Azure as if they were local.
This is accomplished through various types of VPNs and, in this piece, I'll look at each type, what's new in Azure and how to do some of the heavy lifting in the setup process so you can start using it. By the way, there are no release numbers on Azure any longer; Microsoft has stopped numbering the releases because there are so many updates.
New: Point-to-site connectivity
Next up is dealing with certificates. Part of the appeal of the point-to-site VPN connection is the fact it doesn't require a special device and it works without asking the IT department to reconfigure the firewall or do special things to support the connection. That is all accomplished by the use of the Secure Socket Tunneling Protocol, or SSTP, style of VPNs. These SSTP VPNs traverse port 443, which is the same port used by secure HTTP and is guaranteed to be open on any web-connected network. But to ensure security, the SSTP protocol calls for the use of certificates, and you need a certificate on the Azure data center end of the connection as well as on each computer that will have a point-to-site connection.
If you're trying to create a point-to-site connection for yourself and you work in an Active Directory-based environment, chances are there is already a public key infrastructure set up which makes this a snap. Just create an X.509 certificate and have it signed by one of the servers that is a certification authority for your infrastructure.
Easier site-to-site VPNs
Also a part of this recent Azure release is the ability to stand up a plain-Jane Windows Server 2012 installation and use it as a dedicated device to create a site-to-site VPN connection to Azure. Why would you want a site-to-site VPN? When two devices are on either end of a tunnel like this for you, the connections become transparent -- on your users' devices, in your data center, on your servers and in virtual machines.
In other words, the beauty of this approach is that all the resources living in Windows Azure data centers up in the cloud just appear to be part of your local network. The device handles all of the dirty work regarding connections, certificates, tunneling and other assorted administrivia.