Aim: Create a virtual network & machine in Azure to which on-premises SQL Server databases can be backed up as part of a Disaster Recovery process.
Create the virtual network:
In the Azure portal, scroll down through the list of resources on the left-hand side & select Networks. In the Virtual Networks tab on the main pane, click “Create a Virtual Network”. This will only appear if this is the first virtual network created, otherwise click New at the bottom of the pane.
On page 1, type a name for the virtual network & pick a suitable location.
Do not make any changes to the settings on page 2.
On page 3, add a suitable address space & subnet (if necessary). Click the tick to start creation of the virtual network. The ranges of IP addresses for the address space should not overlap with the IP addresses of the on-premises network.
Once the virtual network has been created, it should be visible in the list on the main pane.
Create a virtual machine in the virtual network:
Virtual machines cannot be added to virtual networks retrospectively. They must be added to the relevant virtual network on creation (page 3).
Scroll up through the list of resources on the left-hand side & select Virtual Machines. Click New at the bottom of the pane to create a new VM from the Gallery. On page 1, choose a suitable SQL Server image. This will install a VM running SQL Server & the price of the relevant SQL Server licence will be included in the price of the VM.
On page 2, type a name for the VM, select the tier & size, & set the administrator username & password.
On page 3, in the “Region/Affinity Group/Virtual Network” drop-down, choose the virtual network that was created in the previous step.
Do not make any changes on page 4. Click the tick to start creation of the VM.
Once the VM has been created, connect to it using the administrator account. Open the “Network and Sharing Centre” & click “Advanced sharing settings”. Turn on network discovery & file sharing, & save changes.
Configure point-to-site connectivity:
Configuring point-to-site connectivity will allow the connection of the on-premises server to the Azure virtual network.
In the Azure portal, scroll down through the list of resources to Networks & click on the virtual network to expand the Dashboard. In the Configure tab on the main pane, tick “Configure point-to-site connectivity”. Add a suitable address space & Gateway subnet. The ranges of IP addresses for the address space should not overlap with the IP addresses of the on-premises network. Save the changes.
Click on the Dashboard tab of the main pane to see the virtual network diagram. Note that the gateway has not yet been created. Click “Create Gateway” at the bottom of the pane to start the gateway creation. This can take some time, e.g. 20-40 minutes.
Once the gateway has been created, click on the Configure tab of the main pane & add a public DNS server, e.g. Google (220.127.116.11). This will allow the VM to access the internet if there is no DNS server set up for the network. For this change to take affect, the VM must be restarted.
In the on-premises server, open “Network and Sharing Centre”. Click “Change Adapter Settings” & right-click on the relevant network connection (e.g. Ethernet or WiFi) & click Properties. Highlight “Internet Protocol Version 4 (TCP/IPv4) & Properties” & click Properties. Set the preferred to the local on-premises DNS server & the alternative to the same public DNS server that was set in the previous step (e.g. Google). This will allow the on-premises server to access the internet.
To create a root certificate which will allow the on-premises server to connect to the virtual network, launch “Developer Command Prompt for VS” as administrator. If Visual Studio 2013 is installed, this can be found in C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts\. Run the following to create the root certificate. Note that the destination directory must be created beforehand.
makecert -sky exchange -r -n "CN=testVPNCert01" -pe -a sha1 -len 2048 -ss My "C:\Certs\Azure\testVPNCert01.cer"
In the Azure portal, open the Certificates tab for the virtual network & click “Upload a Root Certificate”.
Upload the root certificate that was created in the previous step.
Once the root certificate has been uploaded, it should be visible in the Certificates pane.
To create a client certificate associated to the root certificate, return to the “Developer Command Prompt for VS” window & run the following.
makecert.exe -n "CN=testVPNCert01Client" -pe -sky exchange -m 96 -ss My -in "testVPNCert01" -is my -a sha1
In the Azure portal, open the Dashboard tab for the virtual network & click “Download 64-bit Client VPN Package”.
Once the download has completed, unblock & run the package on the on-premises server. Click Connect.
In the Azure portal, refresh the Dashboard pane. The new client should be visible.
Take note of the internal IP address of the VM (either from the Azure portal or from within the VM using ipconfig). Verify that the VM is accessible from the on-premises server by accessing its C drive, e.g. \\10.0.0.4\C$.
Next: I plan to set up SQL Server backups to the Azure VM where they will be tested via restore & integrity checks.