Azure VNet-to-VNet VPN configuration – Part 2

In this blog post series, I will cover what you need to configure to create a VNet-to-VNet VPN between to Azure regions on the same subscription. Although is about the same configuration if you want to configure two different VNets on different subscriptions. You can see the previous post here.

On Part 1, I create one side of the network using Azure Portal. Although, that is not my usual method of configured Network and VPN. I prefer using PowerShell. One of the reasons is related to the fact that I spin a lot of environments, for testing, for Proof-of-Concepts, and for production.

As a result of that, I always look a way to automate and be more productive. But the main reason is not only those, it’s more related to the fact that I found through PowerShell I’m reducing the human mistake factor! Yes, as everyone, I also do mistakes!

How to configure using PowerShell

Now that we have on side of the net configured (see previous post), I need to configure the network on a different region. For this I will show my script that I use to configure. I’m sure there way other ways (probably better than mine), to script that. I like to keep it simple.

Here is the script:

#Setting all the variables

$Sub = “Your_Subcription_Name”


$Region = “East US 2”

$VNetName = “SW-EUS2-VM-VNET”

$SubName = “SW-EUS2-VM-SUBNET”

$GWSubName = “GatewaySubnet”

$VNetPrefix11 = “”

$SubPrefix = “”

$GWSubPrefix = “”

$GWName = “SW-EUS2-WUS2-VPN”


$GWIPconfName = “SW-EUS2-WUS2-VPN-CON”


#1 – Login to Azure


#2 – Select the appropriated subscription


Select-AzureRmSubscription -SubscriptionName $Sub

#3 – Create the Resource Group

New-AzureRmResourceGroup -Name $RG -Location $Region

#4 – Create the VNets and Subnets

$subnet = New-AzureRmVirtualNetworkSubnetConfig -Name $SubName -AddressPrefix $SubPrefix

$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix

New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Region -AddressPrefix $VNetPrefix11 -Subnet $subnet,$gwsub1

#5 – Request the Public IP

$gwpip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Region -AllocationMethod Dynamic

#6 – Create the gateway

$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG

$gwsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name “GatewaySubnet” -VirtualNetwork $vnet

$gwipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $gwsubnet -PublicIpAddress $gwpip

New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Region -IpConfigurations $gwipconf -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1


So, after you run you should have both VNets configured. Although they are not connected yet. That is the next step.



Marcos Nogueira
Azure MVP
Twitter: @mdnoga

Instant Recovery Point and Large Disk Azure Backup support

With everything that happens on Azure, and following what has been announced of the increase of the size of the disk in Azure, from 1TB to 4TB, the only missing part of this was the support of Azure Backup to be able to backup and recovery those volumes.

But what changed? Today the Azure Backup job consist of the Two phases:

  1. Taking a VM snapshot
  2. Transferring the VM snapshot to Azure Backup Vault

So, depending how many recovery points you configure on your policy, it will only be available a recovery point when both phases are complete. With the introduction of Instant Recovery Points feature on Azure Backup, a recovery point is created as soon as the snapshot is finished. That means that you RPO and RTO can be reduced significantly.

You can use the same restore flow on Azure Backup, to restore from this instant recovery point. For this you can identify the recovery point from a snapshot in the Azure Portal, using the Snapshot as a recovery point type. Once the snapshot is on the Azure Backup Vault, the recovery point type will change to Snapshot and Vault.

By default, the snapshots are retained for 7 days. This will allow you to complete restore way faster, from these snapshots and at the same time, reducing the time required to copy the backup from the vault to the storage account where you want to restore.

Instant Recovery Point Features

Please note that all the features are not yet available, this is still on preview

  1. Ability to see snapshot taken as part of backup job to be available for recovery without waiting for data transfer to complete.Note: that this will reduce the wait on snapshot to be copied to vault before triggering restore. Also, this will eliminate the additional storage requirement we have for backing up premium VMs.
  2. As part of above feature, we will also enable some data integrity checks. This will take some additional time as part of backup. We will be relaxing these checks as we move and so it will reduce backup times.
  3. Support for 4TB unmanaged disks
  4. Ability to use original storage accounts (even when VM has disks are distributed across storage accounts). This will make restores faster for a wide variety of VM configurations.Note: this is not same as overriding the original VM.
  5. Ability to do above things for managed disks.


Is important to know that when you enable this feature you will notice the following:

Since the snapshot are store on the Azure Backup vault, to reduce the recovery point and reduce the restore time, you will see some increase on the storage cost, corresponding to the snapshots that are store for 7 days (if you go with the defaults).

When you are doing a restore from a snapshot recovery point for a Premium VM, you will might see a temporary storage location being used while the VM is created, as part of the restore.

Once you enable the preview feature, you can’t revert, that means you can go back and all the future backups will use this feature.

If you have the VMs with Managed Disks, this feature is not support yet. Although if you have VMs that are using Managed Disks, is supported, but they will be using the normal backup (the Instant Recovery Point will not be used, in this case). Virtual Machines migrations from unmanaged and managed are not supported.

If you want to try this feature, run the following commands:

  1. Open PowerShell with elevated privilege
  2. Login to your Azure Account
  3. Select the subscription you want to enable the Instant Recovey Point feature
    Get-AzureRmSubscription –SubscriptionName “<SUBSCRIPTION_NAME>” | Select-AzureRmSubscription
  4. Register for the preview
    Register-AzureRmProviderFeature -FeatureName “InstantBackupandRecovery” –ProviderNamespace Microsoft.RecoveryServices



Marcos Nogueira
Azure MVP
Twitter: @mdnoga

Azure Cloud Shell vs Azure CLI

At a local community event, after my presentation I was answering some questions and one of the attendee ask me if Azure Cloud Shell is the same tool as Azure CLI.

So here is, Azure Cloud Shell is a containerized based shell running in the Azure Portal (or in the browser), using either a Linux (Bash) or Windows (PowerShell) base containers. Both containers are supported by Azure CLI, as well as the Windows based containers supporting Azure PowerShell. For more information How to use Azure Cloud Shell, visit the previous post (here).

As far as I know, Microsoft updates the CLI and the PowerShell version on a regular basis to whatever is the most stable and updated version. The update is applied to the respective container (Bash to the Linux container, and PowerShell to the Windows container (Windows Server 2016)), so everyone is always running the latest version on Azure Cloud Shell.

Is that mean that when we enable the Azure Cloud Shell, we are creating 2 containers? Yes. If you see the previous post, about how to use Azure Cloud Shell (see link above), you will see that on creation of the resources needed, beside the Resource Groups, Storage Accounts and File Shares, you are also creating the containers. Although, those are on the fly. That means every time you open the Azure Cloud Shell, you are connecting to the respective container.

Bash and PowerShell with possibility to run CLI?

You have the choice to run a Windows based cloud shell or a Linux based one. On the Windows one, comes with Azure PowerShell and also Azure CLI (on Bash on Windows). On the Linux one, comes with Bash and Azure CLI. In future, it will also support Azure PowerShell on Linux.

The Azure Cloud Shell comes with preinstalled open source PowerShell in both, Windows- and Linux-based Cloud Shell. I want to clarify that on Windows based cloud shell, Azure CLI runs directly in cmd.exe (Bash on Windows is not enabled in cloud shell yet).


Marcos Nogueira
Azure MVP
Twitter: @mdnoga

How to use Azure Cloud Shell

Since when they announce the Azure Cloud Shell (see post here), I’ve been waiting to use the PowerShell on the Azure Cloud Shell. I’m still growing my learning how to use the Azure CLI, but PowerShell I’ve been using for years, and I feel way more comfortable with it.

So, how I can use Azure Cloud Shell? Just open the Azure Portal, and on the top bar, between the Notifications and the Settings you will find the Azure Cloud Shell icon   .

When you click on the icon, it will ask you to configure the Azure Cloud Shell. The process will provision machines, where you can run the shells (Azure CLI and Azure PowerShell). It’s a fairly simple process. Just follow the steps below.

  1. Choose what is your Shell of choice. It doesn’t matter if you choose Bash or PowerShell. You can always switch back and forward after the initial setup.
  2. Choose what is the subscriptions that you want to use. Then you have the simple option of creating the storage or click in Show advanced setting. In this case I opt for the advanced settings.
  3. On the Advanced setting, you can specify the Resource Group, Storage Account and File Share names that you want to use.

    NOTE: Just remember that you have to follow the requirements how to create storage account and file shares (small caps and alphanumeric characters).
  4. In this case I select the Bash. After I click create, starting to provision the machines. First create all the resources from the previous step.
  5. After the creation of the resources, it’s connecting to the Bash terminal.
  6. And that is the end! Now you can start to use the Azure CLI on the Azure Portal.

Changing to PowerShell (or Shell)

After you create the Azure Cloud Shell, you can switch from Bash to PowerShell and vice versa. To do that, just follow the steps:

  1. Click on the Shell that you are using. In this case I was using Bash. When you click the drop box, you will see the other Shell.
  2. Select the Shell that you want. In this case PowerShell, then click Restart.

  3. After that, the Azure Cloud Shell is shutdown the previous Shell and it will restart on the new Shell (even if you never use it before).
  4. Now it’s creating all the resources required for the first use.
  5. After the creating of all the resources, it will connect to the terminal.
  6. Finished! Now you can you use the PowerShell on Azure portal.

Because you are login at the Azure Portal, you don’t need to run the PowerShell command Login-AzureRm. You can start from there.


Marcos Nogueira
Azure MVP
Twitter: @mdnoga

Azure Resource Manager PowerShell Module

If you are like me that like to have all the tools on your desktop/laptop, special the Azure PowerShell module, now your live is way easier. Not long time ago, you had to download the Azure PowerShell module through the Web Platform. But now, there a simpler way.

I found this when I need to replace my Surface Pro. Through PowerShellGet module, all the modules related to Azure are on GitHub, so it is way simpler to get always the most update version of the cmdlets to manage Azure. The PowerShellGet comes on Windows 10. To verify if you are running the most updated version, run the following cmdlet:

Get-Module PowerShellGet -list | Select-Object Name,Version,Path

You should get an output like this:

To install all the Azure Resource Manager modules, just follow the steps and you will all the magic happens.

  1. Open an PowerShell session with elevated privileges (Administrator mode)
  2. Run the following command
    Install-Module AzureRM -AllowClobber

    Note: by default, PowerShell Gallery is configured as untrusted repository, so you have trust in this repository to be able to install the Azure RM module.
  3. Answer Yes or Yes to All on the output of the command to be able to continue the installation
  4. Just watch the progress bar finishes
  5. Import the Azure RM module, by running the command
    Import-Module AzureRM

To verify if the install was successful, you can use the following command:

Get-Module AzureRM -list | Select-Object Name,Version,Path


Marcos Nogueira
Azure MVP
Twitter: @mdnoga