Create a step by step guide on which order to create cloud server, VPN, and VMs
There must be an order you create site-to-site VPNs, cloud services and virtual machines. I have not found a clear step by step document on this. (I guess I could write it.... :) It is clear you must create the VPN first. How do I move resources around? Can I move resources between cloud services? etc....
The biggest issue I have with creating site-to-site VPNs (at least the first one) is Microsoft does not provide all of the needed parameters to successfully create a VPN if you do not use one of the 3 approved devices. I mean, come on. What world is Microsoft living in? There are just so many parameters needed to create a VPN, local and remote gateways, local and remote networks, pre-shared key and encryption and authentication for phase 1 and phase 2 negotiation. Why in the world don't you document the encryption and authentication parameters for phase 1 and phase 2 negotiations? If you don't have one of the three manufacturers hardware, why would anyone bother to download those scripts. After hours of searching this is eventually where I found the parameters needed to complete my VPN configuration. Your failure to include this makes users think Microsoft is intentionally obfuscating the process. IPSEC VPNs are not rocket science, but without all of the needed parameters you cannot build one, yet you fail to provide this information. Why is that? This cannot be an oversite as without those parameters you cannot build a VPN. The only conclusion one can reach is you intentional hide these needed parameters. If it is unintentional, then the only other conclusion is that you are unaware of how VPNs work. Can that be the case?
site-to-site VPN is very nice. works well. It could be helpful to have a guide on dependencies. I have found it difficult and slightly counter intuitive to add a VPN to a cloud server, or an existing VM. I am getting it figured out, and am very interested in Azure.
Also a little confused about sub netting; Not sure why there is only one gateway per VPN network. I would expect gateways for each subnet, and be able to allow routing or not. We do have a working site-to-site VPN; it is up and solid.
Thank you Azure, I really like the product and pushing hard for us to use it and provide it as a customer solution.