MyCloudIT (Classic) Version 2
      Back to home
      1. Knowledge Base
      2. MyCloudIT (Classic) Version 2

      (Classic) Connect your on-premises deployment to the cloud with MyCloudIT

      This guide will show you how to go from an On-premises Windows Server AD deployment to full Hybrid deployment with MyCloudIT providing your RDS capabilities in Microsoft Azure.

      This article refers to the MyCloudIT Gen 2 platform, which was launched in 2015. Look for MyCloudIT Gen 3 to be launched in early 2021.

      Overview

      So you want to connect your on-premises deployment to the cloud with MyCloudIT? This guide will show you how to go from an On-premises Windows Server AD deployment to full Hybrid deployment with MyCloudIT providing your RDS capabilities in Microsoft Azure.

      To create a Domain-joined RDS (which connects to an existing Windows Server AD, we expect that the Windows Server AD Domain Controller is already running in a VM in Azure.

      If you are migrating from an on-premises installation and are trying to extend into Azure, our portal can help simplify this connection by automating the installation of the Resource Group, Virtual Network, and Virtual Machine within Azure.  Once the VM is deployed in Azure, you can then connect the Azure Virtual Network to the on-premises network.  Once the networks are connected, you can then promote the VM we created in Azure to a Domain Controller in the on-premises Active Directory.

      Please note that you do not have to promote this VM to a Domain Controller (DC), but there is considerable traffic during an RDS creation process and the logon processes that will require all authentication to traverse the Site-to-Site VPN.  This latency will probably create too many performance issues for your users.  Please promote the VM in Azure to a DC (and not a Read-only DC) to provide the best deployment and user experience for your users.

      Step-by-step Instruction

      Here are the steps from our portal to create a VM.  Again, once the VM is created, we will have also created the Resource Group and Virtual Network for you.

      1. Create a VM within our Portal. Go into our Marketplace and create a new Windows Server under Virtual Machines.create-vm-connect-on-premises-to-cloud-1

        create-vm-connect-on-premises-to-cloud-2

      2.  Go through the Deployment details of your new VM. Here’s a screenshot of our suggestions.
        create-vm-connect-on-premises-to-cloud-3
        We are creating a new standalone VM that we can then join to an existing on-premises Active Directory Domain.  Once the Azure Virtual Network is connected to the on-premises network, you can then promote the VM created above to a DC.
      3.  Once the VM is up and running in Azure (creation time will be about 15 minutes), the next step is to create a Site-to-Site VPN back to the on-premises network.  We do not automate the steps necessary to connect to an on-premises network, but here are the high-level steps required, as well as some Microsoft guidance on how to accomplish these steps.
        • Add a Virtual Network Gateway to your existing Virtual Network (created for the VM above).   The Virtual Network will typically be named VNET and will be in a Resource Group with the same name as your Server Name in the Server Name field above.  In my example, this will be MyfirstCloudDC.  

          Note:  We have already completed “1. Create a virtual network” for you.   In “2. Specify a DNS server”, you need to include the IP address of the Windows Server we created for you.  Typically that address is 10.0.0.4.
        • If your on-premises network uses the same IP address scheme as the Azure Virtual Network address scheme, you can change our default IP address scheme.
        • Continue following the article above to complete the Site-to-Site VPN configuration.  Once it is connected, you can confirm connectivity by pinging between the Azure-based VM and a Windows server on-premises.  Note:  The default Windows Firewall will require an exception to allow ping to respond from the Azure-based VM.
        • Once you’ve confirmed that the Azure-based VM can communicate with the on-premises network, you are now ready to promote the Azure-based VM to a DC in the existing Windows Server AD.
        • Once the VM is promoted to a DC, you can then come back to our portal and create a Domain Joined RDS (or RemoteApp) deployment and point to your new DC in Azure.

      Here is some additional reading around Azure Virtual Networks.  During the creation of the Virtual Gateway, please use a Route Based configuration if possible. Microsoft also maintains a list of Validated Gateway devices. Each validated device in the list includes configuration instructions. 

      If you have any questions about this configuration, please contact us at support@mycloudit.com.