Overview
This document provides the procedure and links to enable setup and configuration of a Site 2 Site VPN connection from your network to the Azure cloud-hosted Kodak workflow servers. Upon successful completion, all Azure-hosted Kodak workflow servers will interact with your network resources as though they are located within your local network.
Much of the body of the instructions is located on Microsoft Azure web portal documentation pages. This document will direct you to those pages. Kodak products use a standard Azure VPN Gateway. Because those pages are frequently updated by Microsoft, this means the links provided below will ensure that you are always using the latest, correct documentation.
The customer is responsible to administer all Microsoft Azure network resources that are required to connect to the customer’s Local Area Network to the Kodak Managed Services Virtual Network. A Site-to-Site VPN gateway connection is used to connect the customer's on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. The customer's IT network specialist may find the information below helpful to create the site to site connection.
Prerequisites
- Read this document and the following link all the way through before beginning. There are a lot of steps, and it is easy to miss a detail.
- Make sure you have a compatible VPN device and someone who can configure it. For more information about compatible VPN devices and device configuration, see About VPN Devices: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
If you do not have a supported firewall as per the above link, configuration cannot proceed until you do. NOTE: This is a Microsoft requirement and is not optional. - Verify that you have an externally facing public IPv4 address for your VPN device.
- If you are unfamiliar with the IP address ranges located in your on-premises network configuration, you need to coordinate with someone who can provide those details for you. When you create this configuration, you must specify the IP address range prefixes that Azure will route to your on-premises location. NOTE: None of the subnets of your on-premises network can overlap with the virtual network subnets that you want to connect to.
Parameters you will need
The following parameters are examples and are not necessarily a complete list. You will need to check with your IT group / System Administration team for any additional information that may be specific to your network configuration.
Virtual Network (VNet) Name | This will be created automatically by the deployment scripts. |
Address Space | x.x.x.x/xx Usually the Kodak allocated address space on Azure |
Subscription | The subscription you want to use (usually UWS Managed Services) |
Resource Group | Name of Resource Group that your Kodak cloud-hosted servers are located in |
Location | The Azure data store location where your Azure Resource Group is located |
Subnet | FrontEnd: x.x.x.x/27 (block of 32 addresses) |
Gateway Subnet name | GatewaySubnet This will auto-fill in the portal. DO NOT CHANGE IT |
Gateway Subnet address range | x.x.x.x/27 Must be adjacent to the subnets above |
DNS Server | 8.8.8.8 Optional. The IP address of your DNS server. The one shown above is Google’s public DNS, as an example. |
Virtual Network Gateway Name | CustomerVPNGateway Replace “Customer” with your organization name. |
Public IP | CustomerPublicIP Replace “Customer” with your organization name. |
VPN Type | Route-based |
Connection Type | Site-to-site (IPsec) |
Gateway Type | VPN |
Local Network Gateway Name | CustomerLocalNetworkGateway Replace “Customer” with your organization name. |
Connection Name | CustomerVNetToCustomerSite Replace “Customer” with your organization name. |
Shared key | For the examples in the Microsoft documentation, abc123 is used. But, you can use whatever is compatible with your VPN hardware. The important thing is that the values match on both sides of the connection. |
Creating the Site to Site Gateway
The above information is all you need to create the Site2Site VPN Gateway. Please follow the instructions on the Microsoft documentation portal to create the connection. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Depending on the VPN device, you may need to configure Border Gateway Protocol to automate routing between the networks. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-resource-manager-ps