Chat now with support
Chat with Support

Active Roles 7.5.2 - Active Roles on Azure and AWS User Guide

Cloud-only setup on Azure

CAUTION: Ensure that the virtual network is setup and virtual machines on Azure with the required resources, such as Active Directory, Exchange, and SQL are installed and configured. The Azure environment setup must be in same region for better performance.

Configuring Azure VM with Active Roles

  1. Log on to the Azure portal with appropriate credentials.

  2. Search for Active Roles Marketplace offer and create a virtual machine by providing required details.

  3. Join the Active Roles installed virtual machine into the already created domain.

  4. Configure Active Roles using the Active Roles Configuration Center.

For more information on configuring, see Active Role Quick Start Guide to proceed further with the configuration steps are similar to the on-premises configuration process.

Cloud-only setup on AWS

CAUTION: Ensure that VPC (virtual private cloud), subnets, and route tables are already setup. EC2 Instances with Active Directory, Exchange and SQL are already installed and configured.

Cconfiguring AWS EC2 instance with Active Roles

  1. Log into AWS Management Console.

  2. Create an instance using Active Roles Marketplace AMI.

  3. Join the Active Roles installed virtual machine into the already created domain.

  4. Configure Active Roles using the Active Roles Configuration Center.

For more information on configuring, see Active Role Quick Start Guide to proceed further with the configuration steps are similar to the on-premises configuration process.

Cross-cloud setup

In Cross-cloud setup, some of the resources for Active Roles can be on another cloud platform. Example, AWS with Azure.

NOTE:

  • Currently, Active Roles support AWS with Azure or Azure with AWS cloud platforms.

  • One Identity recommends to use Active Roles and SQL Server on the same region.

  • One Identity recommends to setup a Site-to-Site VPN between Azure and AWS.

Cross-cloud setup between Azure and AWS

This topic briefs about creating a Site to Site VPN connection between Azure and AWS cloud platforms. However, you can also create a VPN connection between Azure and AWS cloud platforms through any other alternative methods.

IMPORTANT: The IP Addresses mentioned in the steps below are used as an example. You can choose the IP addresses based on specific requirements.

Primary settings to be performed on Azure

  1. Create a virtual network. For example:

    • Address space: For example 10.0.0.0/16.

    • Subnet Address range: For example 10.0.0.0/24.

  2. Create gateway subnet. For example 10.0.254.0/24.

  3. Create a Public IP Address.

  4. Create a virtual network gateway:

    1. In the Gateway Type field, select VPN.

    2. In the VPN Type field, select Route-based.

    3. In the Public IP Address field, use the IP address created earlier.

    NOTE: The deployment of the Azure Virtual Network Gateway may take several minutes to complete.

Primary settings to be performed on AWS side

  1. Create a VPC.

  2. Create a subnet. For example, 192.168.0.0/24.

  3. Create an Internet gateway.

  4. Attach the Internet gateway to the VPC.

  5. Specify the Internet gateway at 0.0.0.0/0 in the route table.

  6. Create a customer gateway. Check and enter the Public IP Address from Azure’s virtual network gateway.

  7. Create a Virtual Private Gateway and attach it to the VPC that is already created.

  8. Create a Site-to-Site VPN connection by choosing Customer Gateway and Virtual Private Gateway created above and select Static from the Routing options and provide a static IP Prefix, for example, 10.0.0.0/24.

  9. After the VPN connection is available, click Download Configuration to download the configuration. Download the file with the following options:

    • Vendor- Generic

    • Platform- Generic

    • Software- Vendor Agnostic

    NOTE: The file is downloaded as a .txt file with the network details.

Final steps to create tunnel between two sites

  1. On Azure, create a local network gateway. Provide the IP Address available in the downloaded configuration file from AWS. You can find it in Outside IP Address | Virtual Private Gateway.

  2. Provide the Address space. For example, 192.168.0.0/24 (AWS IPv4 subnet CIDR details).

  3. Navigate to Local network gateway | Connections.

  4. Click Add Connections.

    • Select Site-to-Site (IPsec) as the Connection type.

    • Validate if the Virtual network gateway and Local network gateway details are populated.

    • Copy the Pre-Shared Key value from the IPSec Tunnel #1 available in the downloaded configuration file to the Shared key (PSK) field.

  5. On AWS, add a virtual private gateway to the routing table. For example, 10.0.0.0/24 in Subnet Routing table.

    • Optionally on Azure, create another local network gateway and have IPSec Tunnel #2. If a connection expires due to time signature or other factors, the connection still continues with the other gateway.

  6. Ensure that Azure Connection and Connection Status is updated and the status Connected is displayed. AWS Site-to-Site VPN connection Tunnel status displays UP.

  7. Ping the systems from both AWS and Azure to ensure successful communication.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating