Enabling VPN-based deployments with Azure

A remote access VPN client connection does not connect your entire enterprise network to Microsoft Azure. Instead, it enables remote access to virtual machines that are contained within Azure Virtual Networks so that you can manage them from BMC Cloud Lifecycle Management.

High-level process to enable VPN-based deployments

The overall process for enabling VPN-based deployments with Azure includes the following steps:

1. (Optional) Set up IP Address Management (IPAM). For details, see Enabling IP address management (and its subtopics).

2. Configure BMC Atrium Orchestrator for DNS registration by activating the DNS adapter on the grid and install Bind9 where your BMC Atrium Orchestrator server is installed. For details, see Configuring BMC Atrium Orchestrator for automatic DNS registration.

3. Enable the integration between BMC Atrium Orchestrator and BMC Network Automation by setting the System Parameters in BMC Network Automation. Also, set performDnsOperation to true in the global.properties file in BMC Network Automation.

4. Enabling the Azure provider.

5. Onboard the logical data center (LDC) and then edit the LDC to enable DNS registration.
6. Create a service blueprint for the Azure service with DNS enabled. To know more about the additional items to consider when creating a service blueprint for Azure Provider, see Building service blueprints for Azure service.
7. Create the service offering for Azure.

8. Configure DNS cache on the BMC Server Automation server.

    Click here to view the workflow that is triggered when the VM that has a dynamic IP address is restarted.

   If a VM is restarted from BMC Cloud Lifecycle Management, and the VM has a dynamic public IP address (and the same IP address is registered in the DNS), the following workflow occurs:

   1. When the VM is stopped, the VM is deregistered from the DNS server.
   2. When the VM is started again, the machine is registered in the DNS with the new dynamic public IP that Azure allocates.
   3. The UpdateServerProperties job, which is run automatically updates BMC Server Automation with the new dynamic public IP (from step 2).
   4. On Microsoft Windows Server 2012, complete one of the following steps to ensure that this job runs successfully. Note that the steps might differ based on your operating system.
      • If the VM is started after the DNS cache expiration time, no additional configuration is required.
      • If the VM is started before the DNS cache expiration time, disable the DNS cache on the BMC Server Automation server:
        1. Start the Registry Editor (regedit.exe). 
        2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters.
        3. Select Edit > New >DWORD (32-bit) Value, and add the following values:

           • Value: MaxCacheTTL

           • Data Type: DWORD

           • Data value: 0

Related topic

Administering the Azure provider