How to Guide: StorageCraft Cloud Services VPN
CONTENTS Executive Summary...3 Setting up the VPN...4 Connecting to the VPN from a single computer...5 Providing a LAN site with access to the VPN...6 Conclusion...12
Executive Summary In a disaster situation where you need to start your servers up in StorageCraft Cloud Services, you are likely going to want a Virtual Private network (VPN) for your users to access the virtual machines (VMs). You need to be aware of this process and plan for the event of a disaster recovery situation. When you setup your StorageCraft Cloud Services account we recommend you setup the VPN configuration to reserve your network address. StorageCraft Cloud Services currently only allows one customer at a time to use a specific network range. This document covers how to setup the VPN, how to connect to the VPN from a single computer and also how you can configure a Local Area Network to access the VPN. StorageCraft Cloud Services VPN provides Windows, Mac and Linux options for the VPN connection. The examples in this document are based on a Microsoft Windows environment. The section on providing a local site with access to the VPN will require some advanced knowledge and understanding of TCP/IP, NAT and Routing. Recommended reading: Understanding StorageCraft Cloud IP/VPN: http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-failover-andrecovery/storagecraft
Setting up the VPN Firstly you must create a virtual machine (VM) for each server from the recovery point. Once you have created the VM s and before you start them you need to setup the VPN The outline: 1. Create new VPN under the VPN Config page 2. Add all the StorageCraft Cloud VMs to want to access 3. Add a remote device (you can add more later without having to stop it) i. Add a remote device for each computer that needs to connect to the VPN; it creates a specific VPN file to run on each computer. ii. If you want to provide a specific site/network with access, create one remote device for one of the computers onsite. 4. Start the VPN A more detailed process on configuring a StorageCraft Cloud VPN is available here: http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-getting-started/ storagecraft-cloud
Connecting to the VPN from a single computer 1. Download and run the VPN file. 2. If you haven t used OpenVPN before it will direct you to a website to install the software (it is under 2 MB). 3. Once OpenVPN is installed, run the VPN file again which you downloaded from StorageCraft Cloud Services. It will open a black console screen and connect to the VPN. You must leave this running for the VPN to remain connected. 4. Once connected you will be able to communicate with the VMs over the VPN. To disconnect just simply close the window. A more detailed process on Windows Open VPN is available here: http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-failover-andrecovery/storagecraft-cl
Providing a local site with access to the VPN StorageCraft Cloud Services currently only allows one customer at a time to use a specific network range. If you are able to use the same range as your existing network you can use a Bridge configuration, otherwise you can setup Routing. 1. Bridge - if you have the same network range for the VPN as your local network 2. Routing - if you have a different network range for the VPN and your local network 1. Bridge This is only useful if your VPN is on the same network range as your local network. Choose a PC on the network to run the VPN, download and install the VPN file It creates a TAP-Windows Adaptor in your Network Connections a. Bridge the VPN adaptor (TAP-Windows Adaptor) with the local NIC. To do this, select both adaptors right click and select Bridge Connections b. This will create another adaptor. Configure the Network Bridge adaptor with an IP address on the network c. Start the VPN from the configuration file you downloaded Once the VPN is connected, all devices on your local network will be able to communicate with the VMs over the VPN. You must leave this running for the VPN to remain connected.
2. Routing In this scenario you will need a computer with two network cards running Windows Server with Routing and Remote Access setup (and DHCP if required). This server will sit between the network and the gateway. Workstation 1 Switch Public Internet ISP Connection RRAS Server Workstation 2 Workstation 3 In this example we start with a base build of Windows Server 2012, install the Remote Access > Routing role and configure Routing and Remote Access for NAT and LAN routing. This will provide the network internet access through the existing gateway as well as routing to the VPN network. Firstly, when you create the VPN and select an IP range, you will need to re configure the StorageCraft Cloud servers you have recovered in the same network range. 1. Connect your network cards a. Plug one into your router and label it something like Gateway Make sure the adaptor has a valid IP address and the computer can get online. b. Plug the other into your LAN and label it something like Internal LAN Configure this adaptor with an IP address that the LAN will use as a gateway. Do not specify a default gateway for this adaptor. 2. Download and install the VPN file 3. Locate the VPN adaptor (TAP-Windows Adaptor) in the Network Connections control panel. Configure the IP address and subnet with the gateway IP address settings you have configured in the VPN setup on the StorageCraft Cloud. Do not specify a default gateway for this adaptor.
4. Install RRAS a. Open the Add Roles and Features Wizard b. Select the Remote Access role (you might also Install DHCP server if required) c. Ensure Routing is selected in Role services d. Install and reboot the server 5. Configure RRAS a. Open Routing and Remote Access b. Right click on the server and select Configure
c. Click through and select Custom configuration d. Select NAT and LAN routing e. Once the setup is complete, expand out IPv4 and select NAT
f. Right-click and select New Interface g. Select the NIC that is connected to your router
h. Select Public interface connected to the Internet i. Enable NAT on this interface j. If you need to forward any ports to servers on the LAN or on the VPN you can do this under Services and Ports tab. You will also need to modify your firewall or router settings to point at the RRAS server IP. k. You are now finished configuring RRAS 6. Start the VPN from the configuration file you downloaded Once the VPN is connected, all devices on your local network will be able to communicate with the VMs over the VPN. You must leave this running for the VPN to remain connected. Important: If your DNS server was running on one of the servers that are in the VPN, you can configure your onsite DHCP server to point to the new IP address of the DNS VM on the VPN. You may need to update your DNS Server if you have multiple servers running in the StorageCraft Cloud VPN if their IP addresses have changed.
Conclusion Business continuity planning can help your business prepare for, and continue to operate after, an incident or crisis. In the event of disaster recovery situation; access to critical servers it vital part of the process. After going through this document you should have an understanding of some options to get users quickly up and running on the StorageCraft Cloud Services VPN. You need to think about how your gateway, DNS and DHCP are going to be configured in the event of disaster recovery situation. Additionally ensuring existing services such as mail flow for your Exchange server continues to work is important and requires advanced planning so that you are ready. 2. Configuring a StorageCraft Cloud VPN http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-getting-started/ storagecraft-cloud Further reading: 1. Understanding StorageCraft Cloud IP/VPN http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-failover-andrecovery/storagecraft 3. Mac Open VPN http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-failover-andrecovery/storagecraft--0 4. Windows Open VPN http://www.storagecraft.com/support/book/storagecraft-cloud-services-user-guide/storagecraft-cloud-failover-andrecovery/storagecraft-cl StorageCraft Asia Pacific Level 11, 53 Walker Street North Sydney NSW 2060 Australia: +61 2 8061 4444 New Zealand: 0800 891 234 Singapore +65 6 248 4663 Thailand +66 2 610 3949 Malaysia +60 3 2147 4656 sales@storagecraft.com.au support@storagecraft.com.au www.storagecraft.com.au Copyright 2014 StorageCraft Technology Corporation. All rights reserved. This brochure is for informational purposes only. STORAGECRAFT MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS SUMMARY. StorageCraft and ShadowProtect are registered trademarks of StorageCraft Technology Corporation. Cloud Services and hardware Independent Restore are trademarks of StorageCraft Technology Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners. AU: +61 2 8061 4444 NZ: 0800 891 234 sales@storagecraft.com.au www.storagecraft.com.au Level 11, 53 Walker Street, North Sydney NSW 2060