none
Best method to have simultaneous connections to multiple client sites to access and monitor their servers

    Question

  • Hi,

    I have a simple sounding requirement, I need to monitor several SQL Servers from my Azure VM for different client sites hence I need a network connection to each site. I am told its a bad idea to do this over the tcp/ip (basic internet) for security reasons, my original idea was to have a static IP and use that to create a connection to the clients server. 

    Before I start coding and testing solutions found on Microsoft Docs, Point 2 Site architecture, I would appreciate any guidance on this. https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

    Is this the best way to have my Azure VM, hosting SQL Server, to be able to connect to client sites as to connect to their SQL Servers. 

    I just need the ability to have simultaneous open connections to client sites, I.e have a network path/access from my Azure VM to their on premise servers. 

    Im a SQL Server MCP but know little about networking, vnets and vpns. Before I start coding P2S and creating vnets, vpn's etc, any guidance would be greatly appreciated. 

    Many thanks

    Joe


    -- Please mark my post as an answer if I helped you to resolve the issue or vote up if it helped, thank you--


    • Edited by Joscion Saturday, May 25, 2019 12:23 AM added further info
    Friday, May 24, 2019 11:59 PM

All replies

  • Hi, 

    Point to Site is to allow access to the VNET for the uses who are in remote. For example uses who wants to connect to the servers in Azure when they are not in office. 

    One machine can connect to one VPN gateway at a time. Since your requirement is to monitor multiple SQL servers deployed in different regions and VNETs, you may need to think of using a separate VM for each VNET. 

    Let me know your thoughts. 

    Regards, 

    Msrini 

    Saturday, May 25, 2019 6:07 AM
    Moderator
  • HI Msrini,

    Thank you for reply. Im afraid the suggested solution would be more expensive than what I had planned. I was looking at this article, which is a multiSite connection using S2S; https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-multi-site#about-connecting but this requires the client to have VPN hardware. Hence I wanted to avoid this option and thought a P2S would suit as it doesnt have that requirement.

    From my understanding, a P2S can have multiple tunnels setup to the Azure VPN gateway but this is where I struggle to understand the technology, Im thinking would this be an over kill to what my requirements are? This site talks about the multiple tunnels that can be created; https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about#what-are-the-client-configuration-requirements

    It seems I can have multiple clients connect through multiple tunnels but unsure how effective it is for my needs, perhaps I need to test it. 

    Thanks again


    -- Please mark my post as an answer if I helped you to resolve the issue or vote up if it helped, thank you--

    Saturday, May 25, 2019 7:41 AM
  • Hi, 

    From a VPN gateway standpoint, you can connect multiple P2S tunnel to it. But from a machine you cannot have 2 tunnels to two different gateway at the same time. 

    And that's where this solution will not work. 

    The best way to achieve your ask is to use Azure Network Watcher and do connection monitoring to respective SQL servers. 

    Reference: https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor

    Regards, 

    Msrini

    Saturday, May 25, 2019 10:02 AM
    Moderator
  • HI Msrini,

    Thank you for your reply.

    So would your suggested solution allow multiple connections from my Azure VM to other client servers? How would this work with VPN or any type of encryption? 

    Many thanks

    Joseph


    -- Please mark my post as an answer if I helped you to resolve the issue or vote up if it helped, thank you--

    Sunday, May 26, 2019 11:10 PM
  • Hi, 

    Network Watcher is a global profile which gets created when you enable. You will use one VM to test the connectivity across the regions with Connection Monitoring. The test will not use VPN, the communication is public. 

    Please go through the reference below. 

    Reference: https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor

    Regards, 

    Msrini

    Monday, May 27, 2019 10:41 AM
    Moderator
  • Hi, 

    Do you have any update on this issue?

    Regards, 

    Msrini

    Tuesday, May 28, 2019 6:18 AM
    Moderator
  • No updates other than using third party software, everything we discussed doesnt address the initial requirement 

    -- Please mark my post as an answer if I helped you to resolve the issue or vote up if it helped, thank you--

    Tuesday, May 28, 2019 6:53 AM