1
00:00:02,040 --> 00:00:04,850
Welcome again to Implementing Microsoft Always On VPN.

2
00:00:04,850 --> 00:00:10,140
In this module, we're going to talk about deploying Always On VPN in Azure.

3
00:00:10,140 --> 00:00:13,840
Now, when we consider deploying Always On VPN infrastructure in Azure,

4
00:00:13,840 --> 00:00:17,920
there are a number of options available to administrators to support this.

5
00:00:17,920 --> 00:00:19,920
The first is the Azure VPN Gateway.

6
00:00:19,920 --> 00:00:21,780
You'll find this in the Marketplace,

7
00:00:21,780 --> 00:00:24,790
and it's labeled as the virtual network gateway.

8
00:00:24,790 --> 00:00:29,540
And the Azure VPN Gateway can be deployed to support Always On VPN,

9
00:00:29,540 --> 00:00:32,720
but it does so in a somewhat limited way.

10
00:00:32,720 --> 00:00:36,970
What you'll find is that while on the surface it sounds like a great idea,

11
00:00:36,970 --> 00:00:40,820
you might find that it's limited in some aspects to

12
00:00:40,820 --> 00:00:44,240
supporting Always On VPN for most deployments.

13
00:00:44,240 --> 00:00:45,950
So we'll take a look at that in detail.

14
00:00:45,950 --> 00:00:49,620
You might find that it works for you, but it may be somewhat limiting.

15
00:00:49,620 --> 00:00:52,690
The Azure Virtual WAN is another solution that's available.

16
00:00:52,690 --> 00:00:56,940
This is an extremely powerful networking platform available in Azure,

17
00:00:56,940 --> 00:00:59,530
and the capabilities and features of this,

18
00:00:59,530 --> 00:01:02,010
especially the scalability for Virtual WAN,

19
00:01:02,010 --> 00:01:03,060
are pretty phenomenal.

20
00:01:03,060 --> 00:01:06,030
Unfortunately, for Always On VPN administrators,

21
00:01:06,030 --> 00:01:08,770
the story on Always On VPN support here is even more

22
00:01:08,770 --> 00:01:10,730
limited than the Azure VPN Gateway,

23
00:01:10,730 --> 00:01:13,770
so you may be disappointed to find out that it's not

24
00:01:13,770 --> 00:01:15,640
going to be a real good solution for you.

25
00:01:15,640 --> 00:01:18,980
Windows Server is another viable alternative.

26
00:01:18,980 --> 00:01:22,780
You can certainly deploy Windows virtual machines in Azure,

27
00:01:22,780 --> 00:01:25,280
configure them with the Routing and Remote Access role,

28
00:01:25,280 --> 00:01:29,130
or RRAS role, just like we did on‑premises earlier in this course,

29
00:01:29,130 --> 00:01:33,080
and you'll find that that works quite capably in most scenarios.

30
00:01:33,080 --> 00:01:37,400
There is a rather serious limitation or drawback to using Windows Server,

31
00:01:37,400 --> 00:01:39,240
and we'll talk about that here shortly.

32
00:01:39,240 --> 00:01:42,050
Finally, administrators can use virtual appliances.

33
00:01:42,050 --> 00:01:45,140
So these are NVAs, or network virtual appliances,

34
00:01:45,140 --> 00:01:45,650
and again,

35
00:01:45,650 --> 00:01:49,890
these are software‑based platforms that are available

36
00:01:49,890 --> 00:01:52,630
from a wide variety of security vendors.

37
00:01:52,630 --> 00:01:55,800
The solution of choice for you is probably available.

38
00:01:55,800 --> 00:01:59,770
There's solutions from Cisco, Check Point, Palo Alto, SonicWall.

39
00:01:59,770 --> 00:02:03,670
A whole host of third‑party security vendors have

40
00:02:03,670 --> 00:02:05,640
virtual appliances in the Marketplace,

41
00:02:05,640 --> 00:02:10,270
and if they meet the requirements for supporting Always On VPN,

42
00:02:10,270 --> 00:02:14,240
those are certainly viable options as well.

43
00:02:14,240 --> 00:02:16,520
One important point I want to make here before we get

44
00:02:16,520 --> 00:02:21,710
started is that in this module, we're going to be focusing on point‑to‑site VPN,

45
00:02:21,710 --> 00:02:23,690
or client‑based VPN.

46
00:02:23,690 --> 00:02:28,560
You may very well already have an Azure virtual network gateway

47
00:02:28,560 --> 00:02:31,920
deployed in your environment to support site‑to‑site VPN,

48
00:02:31,920 --> 00:02:35,350
and in this module, I'm going to assume that it's already deployed.

49
00:02:35,350 --> 00:02:40,250
It's just outside of the scope of this particular course to cover all the

50
00:02:40,250 --> 00:02:43,190
intricacies of deploying site‑to‑site VPN gateways,

51
00:02:43,190 --> 00:02:49,010
but fundamentally, there's plenty of documentation on the internet for that.

52
00:02:49,010 --> 00:02:52,640
Microsoft provides great documentation for setting up VPN gateways.

53
00:02:52,640 --> 00:02:54,990
I'm sure there are fantastic courses here on

54
00:02:54,990 --> 00:02:56,810
Pluralsight that would cover that as well,

55
00:02:56,810 --> 00:02:59,230
so I would encourage you to look at those.

56
00:02:59,230 --> 00:03:03,200
The assumption here is that you've already deployed an Azure VPN Gateway,

57
00:03:03,200 --> 00:03:12,000
and then I'm going to help you set point‑to‑site VPN up and configure that to support Always On VPN.