Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Enabling VPN-based deployments with Azure

Note

The functionality referenced in this topic applies to version 4.6.03 and later.

A remote access VPN client connection does not connect your entire enterprise network to Microsoft Azure. Instead, it enables remote access to virtual machines that are contained within Azure Virtual Networks so that you can manage them from BMC Cloud Lifecycle Management.

Note

Currently, BMC supports this functionality for a Windows BMC Cloud Lifecycle Management stack with point-to-site VPN connectivity.

High-level process to enable VPN-based deployments

The overall process for enabling VPN-based deployments with Azure includes the following steps:

  1. (Optional) Set up IP Address Management (IPAM). For details, see Enabling-IP-address-management (and its subtopics).
  2. Configure TrueSight Orchestration (formerly called BMC Orchestration) for DNS registration by activating the DNS adapter on the grid and install Bind9 where your TrueSight Orchestration server is installed. For details, see Configuring TrueSight Orchestration for automatic DNS registration.
  3. Enable the integration between TrueSight Orchestration and TrueSight Network Automation (formerly called BMC Network Automation) by setting the System Parameters in TrueSight Network Automation. Also, set performDnsOperation to true in the global.properties file in .TrueSight Network Automation
  4. Enabling-the-Azure-provider.
  5. Onboard the logical data center (LDC) and then edit the LDC to enable DNS registration.
  6. Create a service blueprint for the Azure service with DNS enabled. To know more about the additional items to consider when creating a service blueprint for Azure Provider, see Building service blueprints for Azure service.
  7. Create the service offering for Azure.

  8. Configure DNS cache on the server.

    Click here to view the workflow that is triggered when the VM that has a dynamic IP address is restarted.

    If a VM is restarted from BMC Cloud Lifecycle Management, and the VM has a dynamic public IP address (and the same IP address is registered in the DNS), the following workflow occurs:

    1. When the VM is stopped, the VM is deregistered from the DNS server.
    2. When the VM is started again, the machine is registered in the DNS with the new dynamic public IP that Azure allocates.
    3. The UpdateServerProperties job, which is run automatically updates TrueSight Server Automation (formerly called BMC Server Automation) with the new dynamic public IP (from step 2).
    4. On Microsoft Windows Server 2012, complete one of the following steps to ensure that this job runs successfully. Note that the steps might differ based on your operating system.
      • If the VM is started after the DNS cache expiration time, no additional configuration is required.
      • If the VM is started before the DNS cache expiration time, disable the DNS cache on the TrueSight Server Automation server:
        1. Start the Registry Editor (regedit.exe). 
        2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters.
        3. Select Edit > New >DWORD (32-bit) Value, and add the following values:
          • Value: MaxCacheTTL
          • Data Type: DWORD
          • Data value: 0

Related topic

Administering-the-Azure-provider

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*