Network orchestration: VPN, Federation, Integration

Part of the power of CloudShare Environments is that once setup, it’s not much different than having the machine right in-front of you. The primary difference is that you access your machine via a browser or RDP connection. And it’s more efficient and convenient then a physical box. This also means that much of what you are used to doing with your local machines; you can do with your CloudShare VMs.

Some cloud vendors like to talk about network orchestration as a feature of their product, but really this is a feature of virtualization period. What is orchestration exactly? Orchestration is tying multiple disparate environments together. It could be one Cloud to another Cloud, a Cloud to a private Cloud, or a Cloud to On-Premise networks. Orchestration cloud is as easy as connecting via a URL, or as complex as specific network configurations. Either way, the possibility exists in all virtualized solutions.

Because there are so many options, it can sometimes be confusing. So I would like to guide you a little when considering various methods of orchestration. First, orchestration takes two. What that means is.

1.) Both environments must have network configurations ready for orchestration
2.) Both environments must have software required for orchestration
3.) Both environments must have a security model that supports orchestration

Once you have validated this, you can start considering various methods of orchestration. In CloudShare we encounter several common uses cases.
The first most common use case is VPN connectivity. Creating a VPN connection between your CloudShare environment and your local environment allows you to securely access information on your local network from your CloudShare VMs. It is also often required by organizations in order to do the other methods of orchestration. What CloudShare does to support the use of VPN is:

1.) Open Port 443
2.) Allow you to install your VPN client

In order to configure VPN on your VMs simple install your VPN client of choice. Make sure that your local network has the proper access granted. Create a connection from your CloudShare VM to your local network utilizing the credentials you have established, and the VPN client you have installed.

Next, because of the nature of SharePoint, we have several users wanting to do Active Directory Federation to their CloudShare SharePoint Farm to their production Active Directory. Federation allows you to pull in Active Directory accounts from your local active directory to your CloudShare Active Directory, allowing you to test SharePoint with those production user accounts. To facilitate Active Directory Federation CloudShare has pre-installed Active Directory Federation Services on most of the SharePoint VM Templates. If it is not already installed you can install it from here: http://technet.microsoft.com/en-us/evalcenter/ee476597

In order to configure Active Directory Federation the high level steps are:

1.) On your production AD make sure you have proper security and configuration to allow ADFS incoming connections. This may require VPN.
2.) Choose and plan for your authentication model ( ie Claims Based Authentication )
3.) Add a trusted source from your CloudShare VM to your Local AD Forest
4.) Install security certificates
5.) Configure Claims in SharePoint
6.) For complete instructions start here: http://technet.microsoft.com/en-us/library/cc772309%28WS.10%29.aspx

 

An alternative to AD FS for your CloudShare farm may be Forms-Based authentication. To see an example of a CloudShare customer demonstrating both Forms-Based authentication and Claims-Based authentication explore this environment: http://use.cloudshare.com/Pro/ShareEnv/TQJ3HDS66KGX (Environment is Courtesy of CloudShare Pro Danny Jessee)

Finally the other common method of Orchestration or integration we see is achieved by utilizing the External IP address CloudShare provides to VMs. Published in VMs “more details” section you will find “External IP”. You can conveniently grab this External IP and utilize it in scripts, and other applications. Although the IP address will change ever resume, we make it easily accessible to replace in your code or configuration. For example if you would like to use a local install of SharePoint Designer or SharePoint workspace, use the External IP address to connect your client to your CloudShare farm.

Always remember that orchestration takes two. CloudShare pre-installs software, and opens the proper connections in order to facilitate orchestration. Proper configuration needs to be done on the other environment as well. Knowledge of network configuration and network security is recommended.

Happy Cloud Sharing