Dean, first thanks for all these fantastic videos.... I have learned (in the last 48 hours) more than I have had watching some other videos online in the last two years.... I appreciate your level of consistency explaining end to end with details, having said that... the only part where I got a bit lost was when configuring the Local Network Gateway IP address which you said "I do not need to show you where I am" and created it anyway with a "blank" IP address (was that possible because you do not have validation on you resource creation process? (mind you I am watching these videos two years later after you created them and certain things have changed in Azure) also, the IP address you refer to that needs to be in this box, which one is it since the whole idea is to create a DC in the cloud that can become a secondary DC in the cloud that one can extend on-premises ADDS? I would appreciate some clarification, thanks.
Thanks Ed! The local network gateway tells Azure your on prem public IP and IP address range. I was hiding my public IP address from the screen because I didn’t want to show everyone what my IP is so people don’t try to hack or other things against my network. 😏😳🙀.
@@AzureAcademy but the IP address in my on-premises device (my virtual hyper-v server) is generated by my own router at home, would it be safe to assume that I could use the network segment in which my internet provider is assigning to my router?
Another caveat following my previous comment.... my main DC is in the form of a Hyper-V VM guest on another machine so I actually have provided two NICs to this VM so I can a) connect to my internal lab (Private Network in Hyper-V) b) so I can connect to the internet (Default Switch on Host Hyper-V Virtual Switch Manager which is using the shared ethernet card on my host), I also have AD Connect set on this server which is replicating ADDS with my tenant AAD (and this is working fine), my sole purpose for this is to be capable to provide authentication for WVD without having to stand up a Azure AD Domain Services instance, I hope it makes sense... so, regarding to my question in the previous comment " the IP address you refer to that needs to be in this box, which one is it since the whole idea is to create a DC in the cloud that can become a secondary DC in the cloud that one can extend on-premises ADDS?" would it be safe to assume that it is the IP provided by my WIFI? this seems to be "nated" through many layers.....
Azure AD Domain Services is not required for WVD at all. And it is an ActiveDirectory best practice to have a DC is all AD Sites...which are the different subnet segments like Azure and On Prem...so I like your thinking ☺️ using a dc as a routing remote access service spanning 2 networks. The IP you need to give the local network gateway is your public IP address. Search internet for “what is my ip” Put that in there. The ip range is the local IP address range that you want to connect to the VPN
@@AzureAcademy I was aware of the two options and caveats, as I learned more about AADDS from one of your videos... about a years ago I used the classic version of WVD and setup everything via PowerShell... then I used AADDS for everything but now what I want to do now... I know AADDS is perhaps the second option (not what I want to do as I work with clients that require a demo on how this work from time to time) so I prefer to rely on my own domain to do this... So I did the "What is my IP search"... and got it..... now onto complete # 15 in your series.... Thanks much!
Hi! Thanks for the work. In this section the Microsoft VPN doesn't provide any configuration script - Instead, it says "supported". I'd guess it's a change that's occurred after you made the lesson! I have 2 questions as follows: 1 -) Does this mean that I do not need to configure the VPN here? 2-) As I followed the steps I realised that you were asked for a name for the connection? I don't understand that question well. You gave it a different name when you were setting it up and it wasn't AzureAcademy; you named it "AA-vNet-GWConnection", not "AzureAcademy". Did you enter the name of the resource group, the vNet? What am I missing here? Kind regards
The VPN is changed because there is a new VPN client and a new method of security...Azure AD authentication including MFA So I suggest you watch our upcoming video on Azure AD VPN coming out on Monday This will talk about better scale and HA of the VPN as well. If you do want to continue with this way of doing it you will need to use PowerShell to download the VPN configuration package
@@AzureAcademy I thought it must have changed. I look foward to Monday then. I thought the sound was a little quite in most of the videos on this series. Is this done on purpose?
could be...the Public IP that goes in the local network gateway is the public facing IP Address from your location. So if your on prem office has a public IP address of 100.50.112.16 you would put that into the local network gateway.
@@AzureAcademy.I'm following your video and trying to set up from my homelab w/my Azure subcription. Is that the IP address when I do a whatismyip? Again, thank you very much for answering my question.
Hello. Thank you for your video. i have plans to deploy vwd for my users. i created s2s (using Fortinet) from my FW to azure. (on premise network 172.30.X.X/16 azure 172.20.X.X/16 ) AZ gateway shows that everything is connected, same as my fw However, when I try to ping my host pool or connect to one of the VMs from on premise network, I cannot. Ping - shows me request time out. i was able to join my wvd host pool to onpremis domain. What I mess ?
The windows firewall. By default windows does not allow ping through the firewall ☺️ you can easily enable it by going to firewall and the inbound rules. Find the first file and folder rule and allow it...ping will work 😀
We have a client who has site to site VPN already. Can we piggyback on this VPN and use it as well? I do not think we can but it suggested in an email from some that we can? Can anyone confirm?>
Dean, first thanks for all these fantastic videos.... I have learned (in the last 48 hours) more than I have had watching some other videos online in the last two years.... I appreciate your level of consistency explaining end to end with details, having said that... the only part where I got a bit lost was when configuring the Local Network Gateway IP address which you said "I do not need to show you where I am" and created it anyway with a "blank" IP address (was that possible because you do not have validation on you resource creation process? (mind you I am watching these videos two years later after you created them and certain things have changed in Azure) also, the IP address you refer to that needs to be in this box, which one is it since the whole idea is to create a DC in the cloud that can become a secondary DC in the cloud that one can extend on-premises ADDS? I would appreciate some clarification, thanks.
Thanks Ed! The local network gateway tells Azure your on prem public IP and IP address range. I was hiding my public IP address from the screen because I didn’t want to show everyone what my IP is so people don’t try to hack or other things against my network. 😏😳🙀.
@@AzureAcademy but the IP address in my on-premises device (my virtual hyper-v server) is generated by my own router at home, would it be safe to assume that I could use the network segment in which my internet provider is assigning to my router?
The PUBLIC ip on your home router is what the local network gateway needs to be able to identify you over the internet.
Another caveat following my previous comment.... my main DC is in the form of a Hyper-V VM guest on another machine so I actually have provided two NICs to this VM so I can a) connect to my internal lab (Private Network in Hyper-V) b) so I can connect to the internet (Default Switch on Host Hyper-V Virtual Switch Manager which is using the shared ethernet card on my host), I also have AD Connect set on this server which is replicating ADDS with my tenant AAD (and this is working fine), my sole purpose for this is to be capable to provide authentication for WVD without having to stand up a Azure AD Domain Services instance, I hope it makes sense... so, regarding to my question in the previous comment " the IP address you refer to that needs to be in this box, which one is it since the whole idea is to create a DC in the cloud that can become a secondary DC in the cloud that one can extend on-premises ADDS?" would it be safe to assume that it is the IP provided by my WIFI? this seems to be "nated" through many layers.....
Azure AD Domain Services is not required for WVD at all. And it is an ActiveDirectory best practice to have a DC is all AD Sites...which are the different subnet segments like Azure and On Prem...so I like your thinking ☺️ using a dc as a routing remote access service spanning 2 networks. The IP you need to give the local network gateway is your public IP address.
Search internet for “what is my ip”
Put that in there. The ip range is the local IP address range that you want to connect to the VPN
@@AzureAcademy I was aware of the two options and caveats, as I learned more about AADDS from one of your videos... about a years ago I used the classic version of WVD and setup everything via PowerShell... then I used AADDS for everything but now what I want to do now... I know AADDS is perhaps the second option (not what I want to do as I work with clients that require a demo on how this work from time to time) so I prefer to rely on my own domain to do this... So I did the "What is my IP search"... and got it..... now onto complete # 15 in your series.... Thanks much!
Awesome 👍👍
Hi! Thanks for the work. In this section the Microsoft VPN doesn't provide any configuration script - Instead, it says "supported". I'd guess it's a change that's occurred after you made the lesson! I have 2 questions as follows:
1 -) Does this mean that I do not need to configure the VPN here?
2-) As I followed the steps I realised that you were asked for a name for the connection? I don't understand that question well. You gave it a different name when you were setting it up and it wasn't AzureAcademy; you named it "AA-vNet-GWConnection", not "AzureAcademy". Did you enter the name of the resource group, the vNet? What am I missing here?
Kind regards
The VPN is changed because there is a new VPN client and a new method of security...Azure AD authentication including MFA
So I suggest you watch our upcoming video on Azure AD VPN coming out on Monday
This will talk about better scale and HA of the VPN as well.
If you do want to continue with this way of doing it you will need to use PowerShell to download the VPN configuration package
@@AzureAcademy I thought it must have changed. I look foward to Monday then. I thought the sound was a little quite in most of the videos on this series. Is this done on purpose?
yes it is part of a series
Hi- I have a question about the PIP of the Local GW. Is that the PIP of my ISP? Thank you sir.
could be...the Public IP that goes in the local network gateway is the public facing IP Address from your location. So if your on prem office has a public IP address of 100.50.112.16 you would put that into the local network gateway.
@@AzureAcademy.I'm following your video and trying to set up from my homelab w/my Azure subcription. Is that the IP address when I do a whatismyip? Again, thank you very much for answering my question.
yes...you are looking for you internet IP address
Hello.
Thank you for your video.
i have plans to deploy vwd for my users.
i created s2s (using Fortinet) from my FW to azure. (on premise network 172.30.X.X/16 azure 172.20.X.X/16 )
AZ gateway shows that everything is connected, same as my fw However, when I try to ping my host pool or connect to one of the VMs from on premise network, I cannot.
Ping - shows me request time out.
i was able to join my wvd host pool to onpremis domain.
What I mess ?
The windows firewall. By default windows does not allow ping through the firewall ☺️ you can easily enable it by going to firewall and the inbound rules. Find the first file and folder rule and allow it...ping will work 😀
We have a client who has site to site VPN already. Can we piggyback on this VPN and use it as well? I do not think we can but it suggested in an email from some that we can? Can anyone confirm?>
I am not sure what your circumstances are. I would need more information to know for sure...but if they allow you to, then in general I would say YES.