Site-to-Site VPN AWS and Azure

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good morning good afternoon good evening whenever and wherever you may be listening or watching this video in the future so this recording is to demonstrate a side-to-side vpn connection between multi-cloud providers so this specific one is for aws and azure uh virtual private cloud in aws and virtual network in azure so there are several use cases for hybrid or multi-cloud uh environment uh for on by different enterprises and this is the reason why i thought it will be it will make sense to demonstrate for whoever may be interested or maybe you might have been struggling to to decide whether you can have a multi-cloud and if so how do you go about it there are several ways to go about it uh this is one of the ways to have a side-to-side vpn between the two environments and as a result of what we're doing just to demonstrate and to demonstrate that it works we will be using some web access uh in the two environment or in one of the two environments i will be trying to ping just to establish a ping uh connectivity between them as well so but what will make this different is that we will be using private high piece between the two environments to establish connectivity so without taking much time i will get on to doing the demonstration and one of the things that we'll be doing is some of these uh information have highlighted here so we will be creating vpcs on the aws side and v-net on the on the azure side and we will be creating several other resources including internet gateway route customer gateway and the likes we will be creating similar setup in azure uh virtual network subnet uh creation of virtual private gateway and and and the local network gateway on the other side as your side as well so to be able to test after which we will establish the connectivity uh between the two environments so which may take few minutes or so so while the the virtual private gateway is going on all the uh the side to side i will be creating other resources which i've not created right now for example the instances i will be using on both sides to to carry out the test so i'll be creating a linux os on a windows os on the aws side similar to what i'll be doing on the hydro side as well so so that we can test if actually there are there is a cross connectivity between between the two uh environment so let's go on by creating a virtual private cloud on a v-net on both sides i may be following this happy addressing scheme maybe i will not but i will try to stick to this happy addressing scheme just to kind of make it easy for everyone all right let's get going so we do that so we're starting with the azure side that's how we aws side so as you can see there is already one there but i will be creating another so shall i call it i think we should just call it true just to avoid any form of complexity so when i say complexities i mean so that there is really no uh overlapping which it won't be but just to really kind of avoid any naming convention uh so we're calling this one too then i'll be creating a subnet just to just to reflect that there is already one dailyvee but i will be creating r1 so i'm creating for this one we just created now i called it two if you remember so i'm calling this aws as your vpc sorry let me just call it subnet submit to then let me use uh this uh this availability zone here so let me call this cidr as well so see idea flash 24 um what else i think we are done here for now the other thing i will be doing is i'll be creating a root table just one so let's just call it leave me two to make it consistent then i will be creating an internet gateway so just to and what else would i need to do now so i i need to to attach it to to the vpc here what else do i need to do i need to like i said here i need to create uh edit the route of what i've just created and associate as necessary so so i will need to let's create the route first so this is what allows you to get access to the internet internet ig w2 then i will be associating the subnet that we just created if you see subnet to but there is one thing i would have i need to do here but i can do it right away because it requires some information to be created so i need to create a root propagation but i need some information before that can happen so we will be coming back to this one which is why i have put like second because i need that information to be to be done on the higher side first before i can come to aws to to finalize so uh what else is that which are so let's go to azure then we'll come back so we go to azure we'll create similar stuff uh virtual network which is what is called virtual private cloud on the aws side so sometimes i may need to pause uh the recording so that um while some creation are going on so that i wouldn't have to the recording would not be too too long or too much so so i'll call this azure ws village and just add two to it so let's stay here in this region so let's create some ip addresses i'll stick to these shall i stick to this iprs maybe i should make it one then create the subnet so let me just call it two so let's call this the one once that is done most of the other settings are not required for this for this demonstration but for other things in the future you may need it but not for the side to side we are trying to create so i've created in one breath the v-net and the subnet together so the only the other thing i need to do now is to create a virtual private gateway okay so that's it so the virtual network is finished so let me open another tab and and create because some of the information some of this information i'll need it for the aws side so let me where is it is there so i created yeah i think there is a typo here so it should be your network gateway [Music] but your natural gate will not but you so should be virtual network gateway vng not vpn so cool create this the reason being that there will be some information that i will need on the aws side and i need to have done it on this side so so i'll move the let me just make sure they are holding the same region to avoid any form of issue this uh subnet range is created by default for the virtual network gateway so i didn't have to do that so it's created by default within the virtual network so i'll be providing a should i call i'll call this two just to make sure there are no equals so to i'll call it pip public address even though we're still so this will take time to to be creative or go ahead so this is passed right the validation is passed so this is now to time to create so you can see it's submitting the deployment and deployment is now in progress so this really takes a few moments so while this is ongoing there are a few things we can be doing so one thing we can be doing on the aws side let's see we can create we can create the ec2 instances that we will need for for the for the test so if you see here is where we are jumping to right now to create the easy to instance since we are creating two i will be doing the same thing on the on your side as well so let's start with the rear side so like i said to you i will be uh creating a linux one linux one windows so i'm just going by the default setting i'll be using the vpc i created this so my subnet is the only subnet here so i'll be providing a public ip then i want to be able to carry out some tests so i just want to so i'll tell you the test i'll be doing so i just want to install a stone some um web server on the linux instance and i'll be configuring then i'll be starting the service so that we can actually use it to test that from azure i will be able to to gain access as you can see so that from azure or from either side but now it's going to be from agile i'll be able to use a web server in aws and from aws i'll be able to carry out some things to azure so that's the way i want to do it so we do accessing a web server from azure then carrying out a ping from aws to azure just to kind of split the responsibilities there so i'm not changing anything about the uh the storage i'll be having the time just to give me some but i'll just call it vs limits or and i'm going to put it and just let this leave it this way i think it's fine so what i want to do here is i will okay so i need to just create it i will be so i just call it security group security group so i'll need to include with some services and port so that i can actually use it for both of them at the same time you may not have to do this but um i'm just kind of using wants to kill two birds at the same time so i want to be able to ping that's what i said i want to be able to access a web server potentially maybe not i'm able to access a secure web server as well and the other thing is that i want to move to rdp for my windows server what else do i need i think for the demonstration i think we are good to go without this last one i think that should be sufficient so we're able to ping we are necessary we have rbp there we have this i think that should actually be sufficient for what we need to do for this demonstration and what i need to do now is i've already got some key pair created for other things so i can i can use it uh yeah so i can go ahead and use it hopefully i can find it yeah but i can go ahead that's one thing that one finished one instance finished so i need to go back and create another instance this time this will be windows so i'm creating a windows instance now so i'm using the the default uh the free tier as well so just to be efficient to it with what i'm doing and now how to spend a lot of money if and where i don't have to uh so aws windows right so let's just do that so let's use uh what we've created before our security group here so this is not achieve this and we are good to go so now we can go to back to azure as you can see this is now uh it's still in progress so we're still waiting so let's go back here and [Music] create virtual machines let's create virtual machines okay so if anywhere i need to pause i will do but for the moment we are fine so like i said so we are creating two virtual machines on this side as well so this is just ongoing while we are waiting for the virtual network gateway to be fully deployed so that we can make use of the ip address this ip address is what i really need uh to to be able to use on the aws side or once it's ready i will get the ik address then i will continue uh to deploy the other resource on awsi so what shall i call these are call it uh azure vm limits so i'll create a linux first then i'll use this uh this vm type here but here i'll be using password to login you can use you can use password you can use ssh public key as well so that's this one i believe in the default disk so let me reduce it to standard network so i want to make sure is unit two so i think everything looks okay and i don't really need to do any management so i would just be just go ahead and create that's so we'll see the validation succeed right now then i can go ahead to create the windows so that's it um do not worry about the the uh the notification here saying the ssh is exposed to the internet but we need we need you to be as opposed to the internet in this case in some other cases maybe not but in this case we we do so this is ongoing all right so i'll be going back while we wait for the for the for this one to complete let's go and create for the windows this is very quick it's already finished but we didn't have time to wait for it so let's call it azure what did i mean that um [Music] i hope did you go see if that he did maybe not he did okay so let me use the same region as the other one so where is it so let's go up this will be using request europe so let's use windows so let's stick to the standard uh size and type that we have here let's use azure user login all right so we have the rdp here i will be limiting the the the disk type as well just for the urs in my network i need to make sure i select network2 network too so okay maybe i need to create my my private my public copy by myself normally it should i can see it here so i wanted to assign it did now all right so so i don't want okay let me turn off this diagnostic for windows because it kind of makes it uh sorry with diagnostics let me leave this on where is this one and i just go ahead and create so hopefully this is it's not done yet let me check it if i can find the ip address which i don't think i will but let's see if i'll be looking what's happening i don't want to take it you can see it's still in progress so i don't think the public ip address is ready it's not okay so i need to wait for this to happen so while this is going on so let me plug it here so while this is going on while this is going on let's see [Applause] so what i want to do now is i want to create so this is what you'll need to get you so this has finished a while ago so i want to create one we call the network security group so network security group so i'll be creating this and i'll be associating it to you do the to the virtual machines maybe i could they've got they've got one already but i want to see if i could overwrite it with this new one so that i can have all the similar to all the information i i have on the security groups here if you remember we had a security group here from the top so that you see so i'll call it you know our resource group then let's just call it so i want to do similar thing and have four for a web port uh rdp port ssh port on the secure http port though so let me leave these all create you should excuse me this shouldn't take a long time it should be done pretty quickly so let me have a look on my virtual network gateway is still in progress as you can see still in progress so i wait for it or while i'm waiting i'll keep creating the natural wire as this key so i'm just gonna try and plug this back in i'll put it on the other ones so this is done so let's try and create are all the services we want so so there are two services that we need for so we need so so this is not common to the to both boys it's needed by by the linux instance one support from umbrella so let's say oh sorry parity 110 okay so let's import so let's just go in the other 3 3 8 9 4 3 3 8 9 so this is for the rdp for the windows so let's go again i could do this in powershell but i'm doing it after the gui so this is done 22 done three three eight nine so let's do zero four four pin we can we can select this as well if you want so let's do so let's do about 80 80 80. then now the last one that i believe we need is like two what four four three yeah we may not need it but let's just put it there just for just in case we do for free that's for the secure http so now what i'll do is to assign these to to associate it to the to the v-net i'm interested in so i'm interested in this v-net and i'm interested in this sub 2 the one we just created it will not be associated to this but it will be associated to this so if it does all my virtual instance should be it's not so let's try again maybe because it was still in progress let's try again if he's still not going what i will need to do is i may have to do it manually on the individual instance in that environment so hopefully it goes through now still finished okay so it's not the end of the world so let's go ahead to the individual this is deployed when i say this i'm talking about this is still in progress still in progress or the windows server with windows vm we created is is ready so i just want us to to create the the firewall or the network security group as it's called here so i want two main things so i want to be able to ping it that's one important thing for me to be able to ping it that's one and the other thing is to be able to to access the port 80 if i need to uh so 320 so i need to change the priority i'll i'll leave that then i'll go to i just want to quickly uh speed things up a bit so i'll go to so we have rdp then we have ping then we have 480 there therefore they are all i've been concurrently so let's go back here so let's do the ssh once it comes up so all we're doing is just to make sure we are waiting for this to be fully deployed as you can see it's not fully deployed because i don't have my public ip address here even if i refresh still not here so i need it to be here and the reason why it's not there is because this is still the deployment is still in progress for the virtual network as you can see the virtual network gateway so it's from the virtual natural gateway there i'll get my i my public health address which i'm still waiting let me refresh again you can see it's still not ready so let's go ahead and and create a a network security group for the vm uh linux 16 you know having it here so how do you have bought 22 open so i need to create 480 so i'm just going through to the point of 0.8480 priority 320 320 a 1.0 about zero zero so those are three main parts that i need for 22.80 and point zero so i i could have done or uh four four three or will not actually be needed for this particular deployment and the particular lab we're having right now so let's go to aws now while this is this is ready i can assure you that uh so let's create as part of i'll bring up my slide again so as part of uh the connectivity that we're trying to establish that's what we are waiting for so for that we need to create a customer gateway or customer gateway for in 80 years but for higher and we need to create a virtual private gateway in aws for the aws side so we need the customer side then we need the the virtual private gateway concentrator in awsi so those are the things we need to create now so we go ahead and create those are the things we are creating on the azure side one of it the prequel side before we can actually continue but it's yet to be ready so uh so let's go yeah so now what we'll do is let's just call it nwbs um shall we call it zero customer gateway let's just put two there just to make sure uh we're not making any mistake so but we need this address here this address is for the public ip address on the azure site that's why we waited we need it yes you can see here specify the internet routable ip address for your gateways external interface the address must be started so we need the external interface so which is in our case which is the uh the public routable address of azure to establish the site to site so i think it should almost be ready now it's still not what it says is ready now okay so we should have this fairly it's maybe it should probably be ready now see all right so now it's ready so i think we're good to go okay so we've created this so i need this name because that's the same name i will be using for the virtual private gateway that i need to create which this virtual private gateway is what i need to attach to the vpc so there are two vpcs here but i need to attach it to vpc2 so it's attaching now that this is done i need to go back to my route if you remember in my route here route 2 we did not establish we did not create a uh root propagation because at that time we are not creating virtual gateway virtual private gateway which is what we just created like literally few seconds ago so i just need to make sure it can propagate now once that is done when you begin to see now that it's attached but the other thing the last thing we need to do on this side is to is to actually create this side to side connection so shall we call it aws as your side two sides so we're calling just number two just to make sure we're not making any uh contradiction so i've already created the customer gateway which we created about two minutes ago as well so if you look at the address you'll see it's just what we collected from here about two minutes ago that's what we have here because we have to wait for it to be able to create the the customer gateway which is the remote the remote end of the connection um so we make sure this is static uh so that we can because what we try to establish is if i go back to my slide so what we want to establish is we want to be able to have a ping and a web uh access between the two uh cloud environment so what that means is that they will believe behave as if they are like on one side so the vitro the primary type addresses can actually interact and communicate that's what we're trying to do and you know in order to do that i need to as my static ip prefix on the aws side i need to include that of my azure site so my hydro side if i hopefully i followed this uh ip address scheme so it should be uh just to just make sure i did so as you can see it is 10.1.0.4 here so that means you should 10.1.1.0.0.16. so i think that that should help us to establish the private ip address connectivity between the two environment so i'm just using um for a lab purpose i'm just using this you would not do this you would not do this for production environment or for life environment this is because i'm just demonstrating you will need to look for something really complicated you know something very complicated to do rather than what i've just done but for the purpose of this lab i can use this uh and that's what i'm doing but do not take or learn from me what i've done right okay so what we are waiting for now is for there to be connectivity between these two you can see that it's done and this is even still pending can you see it's still playing it's going to take a few minutes so let's go back to azure side so what we will be doing on the highest side is to create what we call the local gateway so the liquid gateway is what actually provides the information of the aws side for us so i'm just opening a new tab you can open a new tab or you can do it uh any any other way so um it's not there so i can call [Music] no so i created local network gateway so what shall we call it shall call it angel mbs local natural training let's just call it so we call it two as well okay it's connected i don't think i've created any before just to make sure so here i will need the ip address of aws so and i will be taking this after address here so because that's the private address of aws and the private ip address range is if everything is correct it should be based right start system if you remember if we went back to uh [Music] so if you went back here you see if i followed all the things i wanted to do this is what we should have and that's what i'm hoping we have i'm just hoping um so our resource group is this and our location is that so so what this means is that this should be let me see what is happening here so this should have attached my number it doesn't matter it's still pending okay so my my local natural gateway is ready now i need to look for my so as you can see the address you have for my liquid natural gateway is the address of the aws uh the terminal for the for the private the virtual private network address that's provided so that's what i have here so all i need to do now is to connect it with my virtual natural gateway the virtual need will get right here so let's open it so we establish some form of connection this is available because it's fully deployed now however we're waiting for the connectivity between these two between the aws and azure and the second leg is what i'm doing the other side of the connectivity so once i'm done the next thing we should be expecting is this to be hot so a azure in the mirrors connection side to side let's go in side to side right should i say inside the side 2 as well and we are using a site to site then we are using the local network gateway that recently created which is this the equator the appreciate key that i told you not to use i think that's what i be i think so let me go back and just make sure so the same information i can get it from this download here or i need to get because i'm not using specific virtual appliance i'm just using generic one provided by aws so so you can see you receive the view and you can see my address as well the virtual project gateway address that i use so which is i'm fine so ladies so this is fine these are all okay i just wanted to make sure before i click on okay so what this means hopefully is once this is fully created it will come up here and it will be going back and forth to establish connectivity with with the rear side so so this is here i think if you go through series of status changes uh unknown maybe known or something that connected and something along the line and this this will come up as well and say it's up so what i need to do while i'm waiting this will be like this for for a bit and let's go up and down i will not be waiting for anything to happen i'll just be doing other things so the some of the other things i want to do right now is to launch all those uh to access all those virtual machines that we created both in aws and in azure so shall we go to aws first so for aws let's go to linux the linux environment so so let me let me do uh i'll just pause for a second i'll be back in two minutes all right just pause for a second i'll access all the all the resources all the virtual instances the vm and the the instances on the aws side so i'll access four of them put them on the screen and i'll come back it's okay see you in a second yeah here we are right now so we have both connection up and running we have we have the side to side here upper running and if you remember this tunnel is also off and running both of them were done before and the the only one we created on this side is up and running if you remember it says unknown before but now it's connected so that means there is some form of connectivity between the two uh cloud environment right now so what we need to do is just to verify and check that that is actually the case so i've already launched all these uh already logged into them all these resources so i'll be bringing them to your screen now so that you can see see them i've got the the azure side as well this is the windows for the azure side um also i will be bringing to your window in linux for in the vsi so is the limit for azure side right so so you have all of this right now so as you can see you see two amazing it is so this is azure user so which is on your site so what we need to do now is to actually test what we said we have done so first of all i think most importantly let's do the cross verification i'll be putting something else on your screen so that makes it easy for us so you know not this so i've already copied all the relevant type here versions here so these two are the azure linux and windows these are the interviews linux some windows so just in case we need to pin something we just do it from here so what i'll be doing is i will be pinging the linux in in abs from azure then we will be doing we will be accessing the web server from both linux you can actually do it either way so let's do let's do it i want to make sure my demonstration everything falls within one hour i know it's been longer than one hour but in terms of my recording so i want to see if you can forward in one hour so so let's paint the aws the azure side so i want to ping it from the public right now you can see it's going but i want to also ping it from the private ip on its private interface you can see it's going as well also i want to think i want to access the from aws from azure i want to access the the if you remember we created the uh the web server on aws so our azure i'll access it as well so i can i can ping as well so so if i can it ping works right so if i if i access the web server http you see it it goes through but i want to actually access it from the private ip as well private ip the exactly the same thing so what i need to do is that let's do it from windows so that you can have a gi experience right so let's do that obviously there is a default security enabled here or let's do see what happens i can see you can see i have my the access to my web page default webpage i'm on windows right now this is the windows and i'm accessing the web server that we created here so i've done it on the linux environment and i'm doing on the windows environment so i'm doing like from both of these environments from azure to aws right so and i can do the same thing here as well anyway obviously they are both in the same subnets and in the same environment it really doesn't count that much if you understand what i mean what does it come though just to try see he takes us there uh what what else do we need to test i actually think we've tested what we set out to achieve so we've been able to test that connectivity exists between azure and aws over the side-to-side connection that we created for both of them so just that you remember these are the side to side connectivity that we created for for both environment and it is half and it is running on the other side as well so i want you to bring it up okay and not this one machine is the with this one so it's connected it's connected is connected and we've actually demonstrated and tested tested everything as well so as you can see is i can access it you can access it how you can ping you can ping as well on both sides so you can if i brought back my window here so we can bring both sides as well so thank you very much for watching this video what i would really uh appreciate that you do now is to really support this channel by subscribing by sharing with friends by commenting in the description i will provide more information in the form of reply to your comment or actually uh probably carry out other videos to really answer your question or any question you might have so that is what we are here to do and so that we can really kind of support and provide you some experiences and share our knowledge with you as well so thanks so much for your time and we hope this has really kind of been helpful like i said uh earlier please do subscribe to this channel and really kind of support what we're trying to do and hopefully uh you'll find it interesting and you'll be able to find more other uh compelling reasons to come and see what we have on our channels for other use cases or other questions you might have in the future so sometimes we think about what we need to share with you sometimes it's whatever you ask us to do that we will do um if it's something we can do so we will do our best to share experiences with you and hopefully continue to share the link and continue to ask your friends and family to to to access some of these instructional uh messages and videos that we have put out there thank you so much for your time all right then cheers bye

Info

Channel: sttadvideo

Views: 1,265

Rating: undefined out of 5

Keywords:

Id: -1yfCEx6ccM

Channel Id: undefined

Length: 60min 53sec (3653 seconds)

Published: Thu Dec 10 2020