Posts tagged ‘Azure’

Start Azure Automation runbook from powershell

With the new Azure Automation cmdlets I wrote about in the previous post we are now able to start runbooks from outside of Azure.
Here is an example how to start a runbook and also get the output from the runbook:

$AzureAccount = "Name of Azure Automation Account"
$RBname = "Name of runbook to start"
$Params = @{"Param1" = "Value1";"Param2" = "Value2"}

$RBjob = Start-AzureAutomationRunbook -AutomationAccountName $AzureAccount -name $RBname -Parameters $Params

DO {
    $RBjobId = Get-AzureAutomationJob -AutomationAccountName $AzureAccount -id $RBjob.Id
    $RBjobstatus = $RBjobId.Status
    } Until ($RBjobstatus -eq "Completed")

Get-AzureAutomationJobOutput -AutomationAccountName $AzureAccount -Id $RBjob.Id -stream Any

Azure Automation Powershell cmdlets

With the Azure Tool kit being updated last week we got a couple of cmdlets for Azure Automation, so now we are able to start, stop get jobs and so on from our runbooks in Azure Automation from on-premises.

Here are the new cmdlets:

To download the updated powershell module go here: http://azure.microsoft.com/en-us/downloads/

For reference on the new cmdlets, go here: http://msdn.microsoft.com/en-us/library/dn690262.aspx

Azure VPN with Vyatta

Setting up a router for Hyper-V

Worth mentioning is that this only works with a Static Gateway in Azure!

With the help from this post Using a virtual router for your lab and test environment from Johan Arwidmark, and this post Vyatta Virtual Router on Hyper-V from Stefan Stranger I managed to set up a virtual machine with Vyatta to act as a router for my lab enviroment.

Connect lab enviroment to Azure VPN
I created virtual networks and a Gateway in my Azure subscription with the help of this guide Step-By-Step: Create a Site-to-Site VPN between your network and Azure
And with a couple of blog posts on Vyatta, ipsec, Azure VPN and some “trial and error” I came up with the following Vyatta config:

# Configure IKE group
set vpn ipsec ike-group IKE-POLICY lifetime '28800'
set vpn ipsec ike-group IKE-POLICY proposal 1 encryption 'aes128'
set vpn ipsec ike-group IKE-POLICY proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-POLICY proposal 1 dh-group '2'

# Configure ESP group
set vpn ipsec esp-group ESP-POLICY lifetime '3600'
set vpn ipsec esp-group ESP-POLICY pfs disable
set vpn ipsec esp-group ESP-POLICY proposal 1 encryption 'aes128'
set vpn ipsec esp-group ESP-POLICY proposal 1 hash 'sha1'

# Enable VPN on the nic
set vpn ipsec ipsec-interfaces interface 'eth0'

# Set up the connction to the Azure gateway
set vpn ipsec site-to-site peer [IP of the Gateway] authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer [IP of the Gateway] authentication pre-shared-secret '[your pre-shared-secret]'
set vpn ipsec site-to-site peer [IP of the Gateway] connection-type respond
set vpn ipsec site-to-site peer [IP of the Gateway] default-esp-group 'ESP-POLICY'
set vpn ipsec site-to-site peer [IP of the Gateway] ike-group 'IKE-POLICY'
set vpn ipsec site-to-site peer [IP of the Gateway] local-address '192.168.0.254' # Vyatta external ip
set vpn ipsec site-to-site peer [IP of the Gateway] tunnel 1 local prefix '192.168.78.0/24' # Lab enviroment subnet
set vpn ipsec site-to-site peer [IP of the Gateway] tunnel 1 remote prefix '10.10.0.0/22' # Azure subnet

commit

save

# Exclude the site-to-site VPN from NAT
set nat source rule 5 destination address '10.10.0.0/22'
set nat source rule 5 source address '192.168.78.0/24'
set nat source rule 5 outbound-interface 'eth0'
set nat source rule 5 'exclude'

set nat source rule 20 source address '10.10.0.0/22'
set nat source rule 20 destination address '192.168.78.0/24'
set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 'exclude'

commit

save

Used blog posts:
Windows Azure mit VPN (Vyatta) verbinden
Configure a Site-to-site VPN using the Vyatta Network Appliance
Troubleshooting a Vyatta Site-to-site VPN connection