DELL SonicWALL Site-to-Site VPN Options With Azure Networking

The DELL SonicWALL product range supports both policy based and route based VPN configurations. Specifically for Azure they have a configuration guide out there that will help you configure either.

Technically, networking people prefer to use route based configuration. It’s more flexible to maintain in the long run. As life is not perfect and we do not control the universe, policy based is also used a lot. SonicWALL used to be on the supported list for both a Static and Dynamically route Azure VPN connections. According to this thread it was taken off because some people had reliability issues with performance. I hope this gets fixed soon in a firmware release. Having that support is good for DELL as a lot of people watch that list to consider what they buy and there are not to many vendors on it in the more budget friendly range as it is. The reference in that thread to DELL stating that Route-Based VPN using Tunnel Interface is not supported for third party devices, is true but a bit silly as that’s a blanket statement in the VPN industry where there is a non written rule that you use route based when the devices are of the same brand and you control both points. But when that isn’t the case, you go a policy based VPN, even if that’s less flexible.

My advise is that you should test what works for you, make your choice and accept the consequences. In the end it determines only who’s going to have to fix the problem when it goes wrong. I’m also calling on DELL to sort this out fast & good.

A lot of people get confused when starting out with VPNs. Add Azure into the equation, where we also get confused whilst climbing the learning curve, and things get mixed up. So here a small recap of the state of Azure VPN options:

  • There are two to create a Site-to-Site VPN VPN between an Azure virtual network (and all the subnets it contains) and your on premises network (and the subnets it contains).
    1. Static Routing: this is the one that will work with just about any device that supports policy based VPNs in any reasonable way, which includes a VPN with Windows RRAS.
    2. Dynamic Routing: This one is supported with a lot less vendors, but that doesn’t mean it won’t work. Do your due diligence. This also works with Windows RRAS

Note: Microsoft now has added a a 3rd option to it’s Azure VPN Gateway offerings, the High Performance VPN gateway, for all practical purposes it’s dynamic routing, but a more scalable version. Note that this does NOT support static routing.

The confusion is partially due to Microsoft Azure, network industry and vendor terminology differing from each other. So here’s the translation table for DELL SonicWALL & Azure

Dynamic Routing in Azure Speak is a Route-Based VPN in SonicWALL terminology and is called and is called Tunnel Interface in the policy type settings for a VPN.

image

Static Routing in Azure Speak is a Policy-Based VPN in SonicWALL terminology and is called Site-To-Site in the “Policy Type” settings for a VPN.

image

  • You can only use one. So you need to make sure you won’t mix the two on both sites as that won’t work for sure.
  • Only a Pre-Shared Key (PSK) is currently supported for authentication. There is no support yet for certificate based authentication at the time of writing).

Also note that you can have 10 tunnels in a standard Azure site-to-site VPN which should give you enough wiggling room for some interesting scenarios. If not scale up to the high performance Azure site-to site VPN or move to Express Route. In the screenshot below you can see I have 3 tunnels to Azure from my home lab.

image
I hope this clears out any confusion around that subject!

Handy DELL Storage Tool: Dell Virtual rack

If you need to see and find information on DELL storage fast they have a nice page on line with a virtual rack where you can look at the components of their various storage offerings.

image

They update it regularly and it’s a fast and easy way to get started. Naturally you’ll need to dive in a bit deeper or get some help to work out the last details. I’m like the Compellent as I have found it to be the best possible traditional storage solution for a Windows Server 2012 R2 Hyper-V environment and great value for money. I hope they can find a way to keep delivering that same value in the coming years in an ever changing storage landscape.

Looking Back at the DELL CIO Executive Summit 2014

Yesterday I attended the DELL CIO Executive Summit 2014 in Brussels. Basically it was home match for me (yes that happens) and I consider it a compliment that I have been given the opportunity to be invited to a day of C level discussions.

image

Apart from a great networking opportunity with our peers we had direct access to many of DELL’s executives. I found it interesting to see what some existing customers had to say and share about their experiences with DELL Services. Especially in the security side of things where they provide a level of expertise and assistance I did not yet realize they did.

The format was small scale and encouraged interactive discussions. That succeeded quite well and made for good interaction between the attending CIOs an DELL executives. We were not being sold to or killed by PowerPoint. Instead we engaged in very open discussions on our challenges and opportunities while providing feedback. It reminded me of the great interaction promoting format at the DELL Enterprise Forum 2014 in Frankfurt this year. You learn a lot from each other and how others deal with the opportunities that arise.

To give you an idea about the amount of access we got consider the following. Where can you walk up to the CEO of a +/- 24 Billion $ company and provide him some feedback on what you like and don’t like about the company he founded? Even better you get a direct, no nonsense answer which explains why and where.  Does he need to do this? My guess is not, but he does and I appreciate that as an IT Professional, Microsoft MVP and customer.

Before the CIO Executive Summit started I joined the Solutions Summit, to go talk shop with sponsors/partners like Intel and Microsoft, DELL employees & peers and lay my eyes on some generation 13 hardware for the 1st time in real life.

It was a long but very good day. As the question gets asked every now and then as to why I attend such summits and events, I can only say that it’s highly interesting to talk to your peers, vendors, engineers and executives. It prevents tunnel vision & acting in your village without knowledge of the world around you. Keeping your situational awareness in IT and business requires you to put in the effort and is highly advisable. It’s as important as a map, reconnaissance and intelligence to the military, without it you’re acting on a playing field you don’t even see let alone understand.

DELL CIO Executive Summit

I’ve been invited and I’m attending the CIO Executive Summit with DELL’s Executive Leadership Team on Wednesday September 17, 2014 in Brussels. It’s an opportunity to meet and network with my peers and IT leaders.  It also provide the opportunities to discuss challenges with Dell executives and where they see DELL help us with those.

It runs parallel with DELL Solutions Tour 2014 Brussels (see http://www.dellsolutionstour2014.com/ for events near you) where I’m sure many will be looking at the recently released generation 13 servers & new Intel CPU offerings.

image

I’ll be attending 2 “Strategic Deep Dive Sessions” that address some of critical challenges facing IT C-Level professionals. I’m doing the one on security. This is important as alone eternal vigilance, preparedness & situational awareness can help mitigate disaster. The technology is just a force multiplier.

The other track is on future ready IT solutions. That means a lot different thins to many of us. The new capabilities and ever faster evolving IT places a financial and operational burden on everyone. I’m very interested to discuss how DELL will deal with this beyond the traditional answers. The need for fast, effective & cost effective solutions that deliver great ROI & TCO is definitely there but the move to OPEX versus CAPEX and the potential loss of ownership also introduces risk that can cost us dearly if not managed right. IT, is still more than a financial model of service billing, even if sometimes it looks like that. It’s important to keep the mix in balance & do it smart.

So on Wednesday I’ll be focusing on strategy and not action or tools. Something that get’s missed way too much by way too many way too often. Michael Dell will be there and if I get the opportunity I’ll be happy to give some feedback.