This topic describes the steps to enable applications that are running on Windows Azure nodes to use a license server on an enterprise network. The Windows Azure nodes in this scenario are deployed as part of a Windows HPC Server 2008 R2 cluster, Service Pack 2 or later.
Note: These procedures are intended for proof of concept or evaluation purposes only. The connectivity enabled with these steps is not very stable. Additionally, connectivity is established by using a Beta version of Azure Connect.
A large percentage of HPC applications, MPI and otherwise, in use today are licensed, commercial applications which use a licensing server to enable users to share licenses within an Enterprise. This document describes a method of safely extending a license server's reach into a set of Azure compute nodes (Windows Azure compute instances that are joined to a Windows HPC cluster).
Most license servers work over IPv4. Azure Connect can be used to establish an encrypted IPv6 connection from an on-premises machine to the Azure Nodes. In the approach described in this topic, we create an unencrypted IPv4 tunnel inside the IPv6 tunnel for communication between the Azure Nodes and the license server (by way of a “junction box”). We set up a junction box on a standalone physical machine or on a virtual machine. Ideally, the junction box is not domain joined (to increase security by restricting Enterprise network access to boundary servers). We install the Azure Connector endpoint software on the junction box to establish the IPv6 connection to the Windows Azure nodes. We then create an IPv4 VPN server on the junction box. Each Azure Node will have the Azure Connect client (automatically with deployment from HPC) and the IPv4 client connection to the VPN server on the junction box (manual configuration step). Communications between the junction box and the license server occur over an IPv4 connection.
The following diagram illustrates the basic architecture of this solution:
The procedures in this topic assume that you have the following prerequisites:
This section includes the following procedures:
PPP adapter Windows Azure Connect Relay1 1:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2a01:111:3f00:xxxx:xxxx:xxxx:xxxx:xxxx
Default Gateway . . . . . . . . . :
Note: This adapter will NOT be visible in Windows Network Connection dialog.
Note: Select only Routing if the junction box is not installed with the same OS instance as the license server.
This procedure enables the local DHCP server on the junction box to provision IPv6 addresses to the Azure end of the VPN tunnel (to avoid setting static IP addresses). The procedure also enables the junction box to route IPv4 message to and from the licensing server on the Enterprise network.
The following procedure describes how to create a user account that will be used by the Windows Azure compute nodes to authenticate into the VPN connection. This user account requires dial-in permissions.
The following steps must be taken on EACH Azure compute node to install and initiate an IPv4 VPN connection to the junction box. These steps must be repeated in the following cases:
CONGRATULATIONS, your Azure nodes can now access your Enterprise license server.