AWS

AWS – Configure Point-To-Site in AWS envirnonment using OpenVPN

This document illustrates how we can create a VPN using the AMI – OpenVPN which is available in AWS MarketPlace.

Below shows the architecture that we would be able to achieve:

image1

We will set up an AWS VPC where we will launch our servers. One of the servers will be launched using the OpenVPN AMI. The other servers will be on public and private subnets within the VPC.

Steps to Achieve are as below:

Step 1: Login into AWS Console and choose VPC.

Step 2: Select Service – VPC

Step 3: Create a VPC. Provide the Name Tag and CIDR details. Also, create the subnet under this VPC.

image2

Step 4: Now, Let us go back to EC2 Service and then come back to VPC Later.

Step 5: In EC2 Service, Launch an EC2 Server and go to AWS Marketplace and choose the OpenVPN AMI. You can assign an elastic IP if necessary

image3

Step 6: Launch this instance with all the other necessary configuration. This AMI comes with default sec groups, keep them default and launch it. Note – This is not necessary to be launched in the VPC Created.

Step 7: Launch two more instance one with public IP and the other with private IP under the VPC created.

Step 8: Now let us go back to VPC. We will need to create Internet Gateway and RouteTable. Click on VPC in the console and go to Internet Gateway. Now click on Create Internet Gateway and provide a suitable Name tag. Attached this Gateway to the VPC we created earlier using the option “Attach to VPC”

image4

Step 9: Now, go to Route table and click on create route table. Update the Routes to have 0.0.0.0/0 (opens to the internet) and specify the IGW (internet gateway) which was created.

image5

Step 10: Update the Subnet Association to the

image6

Step 11: This completes the configuration on the AWS Services. Now we will need to configure the OpenVPN.

Step 12: SSH to the OpenVPN box using the username – openvpnas

Step 13: You will need to agree to the terms by typing “Yes”. Keep all the other setting default by just pushing the “Enter” button. By Default, the username will be “openvpn”. You will need to update the password using the command as per the below screenshot: sudo passwd openvpn.

image7_1

Step 14: Now go to the browser and type the IP address of the OpenVPN box. Ex: https://ipaddress

Step 15: Login in with the password updated earlier on the terminal.

image8

Step 16: Download the OpenVPN client as per the operating system. Install the client.

image9

Step 17: Click on the icon and select the OpenVPN server and click on connect. Once connected you will be able to connect to the servers within the vpc.

image10

Step 18: Now let us ping the Public IP and see the result.We were successful in pinging the Public Server under the VPC.

image11_1

Step 19: Now let us disconnect the OpenVPN and try to connect to the private server.

image12

Step 20: Now we see the ping requests are getting timed out. We are unable to reach the server using the private IP under the VPC.

image13_1

Step 21: Let us connect the VPN using the OpenVPN and try to ping the same Private Server.

image14_1

Looking for free PowerShell scripts? Check out my Powershell Contributions under Microsoft Technet Script Centre

Advertisement

AWS – Monitor AWS Windows EC2 instance using Microsoft OMS (Operations Management Suite)

Microsoft is investing a lot of money and effort into OMS (Operations Management Suite). OMS can be used to monitor Windows/Linux machines, not just in Azure, but also in AWS, or any cloud vendor platform for that matter. You can even monitor the servers hosted in your on-premise environment.

Configuring OMS for Azure instance is pretty straightforward. I will walk you through on how to configure OMS on Windows AWS instance.

I already have a OMS workspace (with an Azure subscription)

Step 1: Create and connect to your AWS Windows instance, by following the below link as guidance:

http://docs.aws.amazon.com/codedeploy/latest/userguide/tutorials-windows-launch-instance.html

Step 2: Download the OMS direct agent for Windows Machine.

Option1: If you are using an Azure subscription to manage OMS, then you can find the link to download the direct agent by clicking on:

Selecting your OMS workspace >> Select “Quick Start” >> Select “Computers” >> Select “Download Windows Agent (64 bit)”

2

 

1

 

Option 2: You can download the OMS direct agent, from the OMS portal as well.

Click on the “gear button” (third icon from left) located at the top right-hand corner of the portal >> select “Connected Sources” >> Select “Windows Servers” >> Click on “Download Windows Agent (64 bit)”

3.PNG

Once the “MMASetup-AMD64.exe” file is downloaded to your local desktop. Copy the file to the AWS Windows instance where you are configuring the OMS agent.

Now, double click on the “MMASetup-AMD64.exe” to start installing.

 

4

 

Click “Next”

5

Click on “I Agree” once you have read the legal terms.

6

Select the installation folder, if you are not happy with the default location. Then click “Next”

7

Select the checkbox “Connect the agent to Azure  Log Analytics (OMS)” and then click “Next”.

8

Enter your OMS workspace details. You can find this information from Azure portal or OMS portal. It is the same page from where we download the Direct Agent for Windows.

[Optional] Click on the “Advanced” button, if your server has to go through a proxy server. Make necessary changes and click “Next”. Since I do not use a proxy server to connect to the OMS, I am leaving the fields as blank.

9

Click “Next” on the above page takes you back to the page where you updated the OMS workspace ID and key. Now click “Next” to proceed.

10

Select accordingly, if you need Microsoft updates or not. Then click “Next”.

11

Review your settings/data. Click on “Install”.

12

Now click on “Finish”.

 

Step 3: Verify connectivity to OMS workspace

Open Control Panel >> Select “Microsoft Monitoring Agent”

13

Select “Azure Log Analytics (OMS)” tab.  You can see that your windows agent has successfully connected to the Microsoft Operations Managment Suite service.

14

 

Step 4: Verify log from AWS windows instance to OMS

From the OMS portal, we can see that our AWS windows instance is connected. [WIN-PQ69983CQ24 is my AWS windows instance name]

16

 

A simple Log Search will give us data fetched from the instance.

17

 

 

Powershell – Generate AWS Inventory

As with any managed services or infrastructure services projects, maintaining the server inventory is very crucial. The server-inventory-file provides a one-stop checklist, that you can refer while you are on priority 1 bridge calls.

With a traditional data center, it is easy to maintain server/infra inventory on an excel sheet. But it is not the same with the cloud because the infrastructure is so dynamic.

The only solution to this problem is Automation. I have written a PowerShell script just to do that.

Below is the link to the script:

https://gallery.technet.microsoft.com/scriptcenter/Powershell-Script-to-4e623057

 

Also, check out my blog for Azure Inventory:

https://manjunathrao.com/2016/12/30/powershell-generate-azure-inventory/

https://manjunathrao.com/2017/12/04/powershell-generte-azure-paas-inventory/

If this blog helps even one person on this planet. The purpose of this blog is served.