Chat now with support
Chat with Support

Active Roles 7.5.2 - Active Roles on Azure and AWS User Guide

Hybrid on-premises setup

In the Hybrid on-premises setup, some of the resources for Active Roles can be on cloud and on-premises.

NOTE:

  • Currently, Active Roles support AWS or Azure with on-premises platforms.

  • One Identity recommends to use Active Roles and SQL Server to be in the same region.

  • One Identity recommends to setup a Site-to-Site VPN between the cloud (Azure or AWS) and on-premises. A Site-to-Site VPN gateway connection is used to connect your on-premises network to a cloud virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

Site-to-Site VPN connection on Azure

Before you begin to create a Site-to-Site VPN connection on Azure, ensure the following aspects:

  • A compatible VPN device is available and the administrator can configure it.

  • An externally facing public IPv4 address is available for the VPN device.

  • Familiarity with the IP address ranges located on the on-premises network configuration.

  • Choose the same location or region for all Azure resources.

Configuring a Site-to-Site VPN

  1. Create a resource group in desired region

  2. Create a virtual network with required address space

  3. Create a Gateway subnet in the above virtual network

  4. Create a Public IP address

  5. Create the VPN gateway using the above Public IP address

  6. Create the local network gateway using the Public IP Address of on-premises and mention the IP address space of on-premises network

  7. Configure your VPN device

  8. Create the VPN connection under Local network Gateway created above

  9. Ensure Shared Key provided in Connection matches with on-premises

  10. Verify the VPN connection status shows Connected

For more information on creating a Site-to-Site VPN gateway connection from the on-premises network to the Azure VNet, see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal.

Configuring Active Roles with on-premises domain controller

After the Site-to-Site VPN connection is set and running, configure Active Roles with on-premises domain controller.

Site-to-Site VPN connection on AWS

Before you begin to create a Site-to-Site VPN connection on AWS, ensure the following aspects:

  • A compatible VPN device is available and the administrator can configure it.

  • An externally facing public IPv4 address is available for the VPN device.

  • Familiarity with the IP address ranges located on the on-premises network configuration.

  • Choose the same location or region for all AWS resources.

Configuring a Site-to-Site VPN

  1. Create a Customer Gateway using the Public IP address of on-premises network

  2. Create a Virtual Private Gateway and attach it to the VPC.

  3. Enable Route Propagation in the route table.

  4. Update the Security Group.

  5. Create a Site-to-Site VPN connection by choosing Customer Gateway and Virtual Private Gateway created above.

  6. After the VPN connection is available, click Download Configuration to download the configuration. Download the file with the following options:

    • Vendor- Generic

    • Platform- Generic

    • Software- Vendor Agnostic

  7. Configure the Customer Gateway/VPN Device.

  8. Ensure the AWS Site-to-Site VPN connection Tunnel status displays UP.

For more information on creating a Site-to-Site VPN gateway connection from the on-premises network to AWS, see https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html.

After the Site-to-Site VPN is created and running configure Active Roles with the on–premise domain controller.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating