Multi-Region Point-to-Site in Microsoft Azure (Windows Fix)

In a previous post, I showcased how to: Create a Single Gateway, Multi-Region, VPN Architecture in Microsoft Azure. If testing with Windows didn’t work, it may be because Windows has to have its route tables updated to know how to tunnel past the gateway into the different regions. MAC and Linux can use IKEv2 without additional route adding.

A. For Windows, by default, it chooses IKEv2, we need to add a route to your spoke VNET

ip tables

Suppose the VNET spoke address space is 10.2.0.0 255.255.0.0,  and Client VPN interface IP is 172.16.100.130

route add

B. We also need to test the CMAK or manually create a SSTP VPN profile to Azure on Windows client.

New Pluralsight Course Released!

My new Pluralsight course Microsoft Azure Cognitive Services: Speech to Text SDK was just released! Here is the synopsis:

Abstract

This course will teach you how to create applications using Cognitive Services: Speech to Text. With it, your applications are more accessible and easier to use with a natural user interface.

Description

Creating and integrating advanced artificial intelligence into any application is a monumental task for most developers. In this course, Microsoft Azure Cognitive Services: Speech to Text SDK, you will gain the ability to create applications with Cognitive Services: Speech to Text. First, you will learn how to use the C# SDK. Next, you will discover the extensibility and customization options. Finally, you will explore how to integrate with Azure Functions and batch processing. When you are finished with this course, you will have the skills and knowledge of Cognitive Services: Speech to Text needed to integrate advanced artificial intelligence into any application.

Creating a Single Gateway, Multi-Region, VPN Architecture in Microsoft Azure

The goal of this post is to showcase how to create a gateway for a multi-region VPN architecture in Microsoft Azure. We can start from a very basic use case, three regions:

  • One containing the VPN gateway all clients will connect through
  • Two other regions containing resources connected to the vNet gateway

There are two terms that will be used throughout this post:

  •  Hub – this refers to the central VPN Gateway that all other VPN Gateways will connect to.
  •  Spoke – this refers to an individual VPN Gateway that connects to the Hub

Planning

Since there will be a vNet for each region peered with the hub, address spacing should be taken into consideration before creating each Virtual Network in a region. From previous experience, it was considered best practice to:

Address – {shared}.{region_specific}.{subnet}.{instance}

  •  Shared – A common root address was picked for the first octet. This is the best place to avoid conflicts with networks outside of Azure that will connect to the Hub.
  •  Region Specific – Each region would get its own address for the second octet
  •  Subnet – Each subnet in the region would get an address for the third octet
  •  Instance – Finally each assigned IP address would fill the fourth octet

This does not account for third party integration and Site-to-Site integrations. Those require future planning and, as always in business, there is no way to properly plan for every variation.

Create the vNets

Once the planning phase is complete we will create three Virtual Networks in three separate regions. Which Virtual Network is the Hub and which is the Spokes does not matter yet.

  1. Sign in to the Azure portal and select Create a resource. The New page opens.
  2. In the Search the marketplace field, enter virtual network and select Virtual network from the returned list. The Virtual network page opens.

    Locate Virtual Network resource page

  3. From the Select a deployment model list near the bottom of the page, select Resource Manager, and then select Create. The Create virtual network page opens.

    Create virtual network page

  4. On the Create virtual network page, configure the VNet settings. When you fill in the fields, the red exclamation mark becomes a green check mark when the characters you enter in the field are validated. Some values are autofilled, which you can replace with your own values:
    • Name: Enter the name for your virtual network.
    • Address space: Enter the address space. If you have multiple address spaces to add, enter your first address space here. You can add additional address spaces later, after you create the VNet.
    • Subscription: Verify that the subscription listed is the correct one. You can change subscriptions by using the drop-down.
    • Resource group: Select an existing resource group, or create a new one by entering a name for your new resource group. If you’re creating a new group, name the resource group according to your planned configuration values. For more information about resource groups, see Azure Resource Manager overview.
    • Location: Select the location for your VNet. The location determines where the resources that you deploy to this VNet will live.
    • Subnet: Add the subnet Name and subnet Address range. You can add additional subnets later, after you create the VNet.
  5. Select Create.

Before creating a virtual network gateway for your virtual network, you first need to create the gateway subnet. The gateway subnet contains the IP addresses that are used by the virtual network gateway. If possible, it’s best to create a gateway subnet by using a CIDR block of /28 or /27 to provide enough IP addresses to accommodate future additional configuration requirements.

  1. In the Azure portal, select the Resource Manager virtual network for which you want to create a virtual network gateway.
  2. In the Settings section of your virtual network page, select Subnets to expand the Subnets page.
  3. On the Subnets page, select Gateway subnet to open the Add subnet page.

    Add the gateway subnet

  4. The Name for your subnet is automatically autofilled with the value GatewaySubnet. This value is required for Azure to recognize the subnet as the gateway subnet. Adjust the autofilled Address range values to match your configuration requirements, then select OK to create the subnet.

    Adding the subnet

Create Virtual Network Gateways

Once the Virtual Networks are created, we will create a Virtual Network Gateway for each of the Virtual Networks. Which Virtual Network Gateway is the Hub and which is the Spokes does not matter yet.

  1. Sign in to the Azure portal and select Create a resource. The New page opens.
  2. In the Search the marketplace field, enter virtual network gateway, and select Virtual network gateway from the search list.
  3. On the Virtual network gateway page, select Create to open the Create virtual network gateway page.

    Create virtual network gateway page fields

  4. On the Create virtual network gateway page, fill in the values for your virtual network gateway:
    • Name: Enter a name for the gateway object you’re creating. This name is different than the gateway subnet name.
    • Gateway type: Select VPN for VPN gateways.
    • VPN type: Select the VPN type that is specified for your configuration. Most configurations require a Route-based VPN type.
    • SKU: Select the gateway SKU from the dropdown. The SKUs listed in the dropdown depend on the VPN type you select. For more information about gateway SKUs, see Gateway SKUs.

      Only select Enable active-active mode if you’re creating an active-active gateway configuration. Otherwise, leave this setting unselected.

    • Location: You may need to scroll to see Location. Set Location to the location where your virtual network is located. For example, West US. If you don’t set the location to the region where your virtual network is located, it won’t appear in the drop-down list when you select a virtual network.
    • Virtual network: Choose the virtual network to which you want to add this gateway. Select Virtual network to open the Choose virtual network page and select the VNet. If you don’t see your VNet, make sure the Location field is set to the region in which your virtual network is located.
    • Gateway subnet address range: You’ll only see this setting if you didn’t previously create a gateway subnet for your virtual network. If you previously created a valid gateway subnet, this setting won’t appear.
    • Public IP address: This setting specifies the public IP address object that’s associated with the VPN gateway. The public IP address is dynamically assigned to this object when the VPN gateway is created. The VPN gateway currently supports only Dynamic public IP address allocation. However, dynamic allocation doesn’t mean that the IP address changes after it has been assigned to your VPN gateway. The only time the public IP address changes is when the gateway is deleted and re-created. It doesn’t change across resizing, resetting, or other internal maintenance/upgrades of your VPN gateway.
      • Leave Create new selected.
      • In the text box, enter a name for your public IP address.
    • Configure BGP ASN: Leave this setting unselected, unless your configuration specifically requires it. If you do require this setting, the default ASN is 65515, which you can change.
  5. Verify the settings and select Create to begin creating the VPN gateway. The settings are validated and you’ll see the Deploying Virtual network gateway tile on the dashboard. Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.
  6. After you create the gateway, verify the IP address that’s been assigned to it by viewing the virtual network in the portal. The gateway appears as a connected device. You can select the connected device (your virtual network gateway) to view more information.

Connecting the Gateways

With the Virtual Network Gateways created, it is time to connect the gateways. Starting with the Hub, connect the Hub to a Spoke. Then, connect that Spoke back to the Hub. Do this for each Spoke that is going to connect to the Hub.

  1. In the Azure portal, select All resources, enter virtual network gateway in the search box, and then navigate to the virtual network gateway for your VNet. For example, TestVNet1GW. Select it to open the Virtual network gateway page.

    Connections page

  2. Under Settings, select Connections, and then select Add to open the Add connection page.

    Add connection

  3. On the Add connection page, fill in the values for your connection:
    • Name: Enter a name for your connection. For example, TestVNet1toTestVNet4.
    • Connection type: Select VNet-to-VNet from the drop-down.
    • First virtual network gateway: This field value is automatically filled in because you’re creating this connection from the specified virtual network gateway.
    • Second virtual network gateway: This field is the virtual network gateway of the VNet that you want to create a connection to. Select Choose another virtual network gateway to open the Choose virtual network gateway page.
      • View the virtual network gateways that are listed on this page. Notice that only virtual network gateways that are in your subscription are listed. If you want to connect to a virtual network gateway that isn’t in your subscription, use the PowerShell.
      • Select the virtual network gateway to which you want to connect.
      • Shared key (PSK): In this field, enter a shared key for your connection. You can generate or create this key yourself. In a site-to-site connection, the key you use is the same for your on-premises device and your virtual network gateway connection. The concept is similar here, except that rather than connecting to a VPN device, you’re connecting to another virtual network gateway.
  4. Select OK to save your changes.

Verify your connections

Locate the virtual network gateway in the Azure portal. On the Virtual network gateway page, select Connections to view the Connections page for the virtual network gateway. After the connection is established, you’ll see the Status values change to Succeeded and Connected. Select a connection to open the Essentials page and view more information.

Succeeded

After verifying the connection was successful, the connection can be tested with a Point-to-Site connection or a Site-to-Site connection.

Speaking at DotNetSouth.Tech

I look forward to speaking on AI on the Edge at DotNetSouth.Tech. This year is the conference’s first year so check it out.

AI on the Edge

The next evolution in cloud computing is a smarter application not in the cloud. As the cloud has continued to evolve, the applications that utilize it have had more and more capabilities of the cloud. This presentation will show how to push logic and machine learning from the cloud to an edge application. Afterward, creating edge applications which utilize the intelligence of the cloud should become effortless.

 

Authoring for Pluralsight – Microsoft Azure Cognitive Services: Speech to Text SDK

I am creating a new course or Pluralsight titled – Microsoft Azure Cognitive Services: Speech to Text SDK. If you would like to check out my other courses, they can be found in my author’s profile. Here is the breakdown for the course:

Audience Profile

This course targets software developers who are looking to get started with Microsoft Azure Cognitive Services: Speech to Text API to build modern AI solutions and want to get started building an AI solution with a simple REST interface and a robust set of device SDKs.

Abstract

With AI becoming more and more ubiquitous, it is important to quickly and easily integrate with AI services. This course will show how to create modern applications using Microsoft Azure Cognitive Services: Speech to Text API and SDKs.

Prerequisites

This course assumes viewers are familiar with C# and understands REST APIs and JSON.

Microsoft Azure Cognitive Services: Text to Speech API – Published!

My new Pluralsight course, Microsoft Azure Cognitive Services: Text to Speech API, has just been published. You can find it here. If you would like to check out my other courses, you can find them on my author’s profile. Here is the course synopsis:

Short description:
In this course, you will gain a foundational knowledge of the Text to Speech API that will help you move forward with your overall understanding of the Microsoft Cognitive Services Suite.
 
Long description:
With AI becoming more and more ubiquitous in application development, it is important to quickly and easily integrate intelligence into your application. In this course, Microsoft Azure Cognitive Services: Text to Speech API, you will learn how to understand, configure, and utilize the Text to Speech API. First, you will discover how to use out of the box voices. Next, you will explore how to use machine learning-based voices in your app. Finally, you will learn how to create and use custom voices for your application and brand. When you are finished with this course, you will have a foundational knowledge of the Text to Speech API that will help you move forward with your overall understanding of the Microsoft Cognitive Services Suite.
 
Tags for this course:
Audience/Roles: software-development
Topics/Subjects: cloud-platforms
Tools: azure-cognitive-services

Speaking at Orlando Code Camp

I am happy to announce I will speaking at the Orlando Code Camp again this year. I will be presenting AI on the Edge, a look into Microsoft’s Azure IoT Edge.

Title

AI on the Edge

Description

The next evolution in cloud computing is a smarter application not in the cloud. As the cloud has continued to evolve, the applications that utilize it have had more and more capabilities of the cloud. This presentation will show how to push logic and machine learning from the cloud to an edge application. Afterward, creating edge applications which utilize the intelligence of the cloud should become effortless.

Authoring for Pluralsight – Microsoft Azure Cognitive Services: Text to Speech API

I’m excited to announce that I am authoring another course for Pluralsight. This course targets software developers who are looking to get started with Microsoft Azure Cognitive Services: Text to Speech API to build modern AI solutions and want to get started building an AI solution with a simple REST interface. This course continues from the other Cognitive Services courses created and being created for the Cognitive Services track.

Abstract

With AI becoming more and more ubiquitous, it is important to quickly and easily integrate with AI services. This course will show how to create modern applications using Microsoft Azure Cognitive Services: Text to Speech API with JavaScript, C#, Java, C++, and Python.

Prerequisites

This course assumes viewers are familiar with C# or Java or JavaScript or Python or C++ and understands REST APIs and JSON.

Description

Contoso is an insurance company that has decided to integrate text to speech for multiple consumer facing applications. This course will take a look at utilizing the following features of Cognitive Services – Text to Speech API:

  • Default API interface through multiple SDKs: JavaScript, C#, Java, C++, and Python
  • Creating custom voice fonts
  • Popular scenarios and use case for Text to Speech

 

 

Hacking Izon Cameras and using Azure IoT Edge

After Izon announced that they were closing down their services (leaving the cameras I already owned useless), I decided to turn them into something useful using Azure. First let me list some resources:

Use the Will it hack link to get access to the mobileye website and verify that the Izon device is still streaming and still working. If it is working, you are already done with edits to the device unless you would like to change the passwords (which you should).

Our goals are as follows:

  • Process the video feed from the Izon camera (we will cheat this early on and only use the image feed)
    • Check for motion
    • Check for faces
    • Check if faces are white listed
    • Check for my dog
  • Process the audio feed
    • Check for any noise
    • Check for non human noises
    • Check for dog barks
    • Check for my and my wife’s voice

These are all stretch goals that will be referred back to as the project moves forward.

Create the Azure IoT Edge module

For the first module, we will use the C Module base image. We are looking for two things from this module:

  • Download the picture feed and pass it to the Edge Hub
  • Download the audio feed and pass it to the Edge Hub

If you don’t know where to get started with the C module of the Azure IoT Edge platform, there is helpful information on the Azure Documentation page. Once the C module is created and ready for editing, we are going to connect to the image feed from the devices. To make this simple, both feeds will be retrieved using HTTP. For the video feed, its simple enough to grab images from the Izon camera existing camera feed.

Now one thing we need, is to be able to connect to each camera within the local network shared with the Edge. Since we would like to be able to add and remove cameras, we will use the device twin to update and manage the list of IP address. The code for updating the list is as follows:

With that code in place, the list of IP addresses can be updated from the Azure UI and the Azure Service SDKs.

Downloading from the Image feed

The Izon cameras make downloading the image feed trivial. There is an existing endpoint where you can grab the latest image directly from the camera’s web server. The latest image is always at /cgi-bin/img-d1.cgi. (NOTE: if you are checking this image from a browser, be sure to have some cache busting!). To download this image into our module, we will use the Curl library for it’s easy HTTP implementation. To add Curl to our Edge module, we will add the following lines to the Dockerfile.amd64.debug:

With curl now added to the image, it can be utilized in code by adding it to the method invoked in our main loop. The code will download the file for each entry in the IP address list. Once the image is downloaded, it will send it as a message to the Edge Hub and add the IP address of the camera to the message header. Here is that code:

Downloading from the Audio feed

Now that the image feed is being published to the Edge Hub, its time to connect the audio feed. The audio feed is trickier since the Izon camera doesn’t have an easy to use endpoint (that I know of) for downloading the audio samples like we can with the image feed. In the next entry in this series, an Audio feed will be derived from an RSTP stream.