Tag Archives: Azure

Blogging or Taking Notes

Posted on by
Reply

myNotes

WordPress is awesome and I am used to blogging with it to share and taking it, in fact, as a system for taking notes. As an IT specialist, an even more simple and handy system to take quick notes for learning or memorandum purposes is in need.

Today, I am glad to release and share with you the application, http://MyNotes.TW. MyNotes is a very simple application especially for IT specialists to take notes. It is because Bruce is learning programming techniques and new Microsoft technologies, and tons of problems, references, notes and so forth need to be recorded and organized that he decided to develop an application for himself.

Get Started to Take Notes with myNotes.tw

MyNotes is hosted on Microsoft Windows Azure Cloud Services and implemented with ASP.NET 4.5, Web Forms, Entity Framework and Telerik RadControls.

With special thanks to Microsoft, we received Microsoft Bizspark benefits and MyNotes goes on Azure.

Connecting your site to Windows Azure virtual networks

Posted on by
Reply

To connect your enterprise local networks to the Windows Azure virtual networks that host virtual machines, you have to setup a site-to-site VPN connection. Windows Azure provides configuration scripts for some popular VPN device (gateway) models from Cisco and Juniper. However, if your VPN device is not enlisted, you have to setup the VPN from scratch.

It takes 10 minutes or so to implement the VPN connection. Before you get started, collect the following information:

  • IP address of the primary (local) gateway
  • IP address of the secondary (remote) gateway
  • The network id of the local network (in dotted decimal or CIDR format)
  • The network id of the remote network (in dotted decimal or CIDR format)
  • The pre-shared key (shared secret) between the primary and secondary gateway

The primary IPSec configurations are summarized as follows:

  • IKE (phase 1) proposal
    • Exchange Model: Main Mode
    • Key exchange: DH G2 (Diffie-Hellman Group 2)
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time: 28800 seconds
  • IPSec (Phase 2) Proposal
    • Protocol: ESP
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time: 3600 seconds
    • Perfect Forward Secrecy: disabled

If you intend to implement the VPN with the Windows Server 2008 R2 as a gateway, please refer to Simonsen’s How to connect your on-premise network to Windows Azure using Windows Server as a VPN gateway.

The following are some excerpts about IKE:

  • IKE phases and modes

IKE consists of two phases: phase 1 and phase 2.

IKE phase 1’s purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.

Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not.

During IKE phase 2, the IKE peers use the secure channel established in Phase 1 to negotiate Security Associations on behalf of other services like IPsec. The negotiation results in a minimum of two unidirectional security associations (one inbound and one outbound). Phase 2 operates only in Quick Mode.

Windows Azure Virtual Network Sonicwall TZ 170