Build cross-subscription Windows lab by using Azure Point to Site VPN

We have several Azure subscriptions each of them has fixed budget, and we would like to build an united development lab base on those subscriptions. Unfortunately the Virtual Machine or Virtual Network in different subscription can’t communicate with each other under Azure policy.

To resolve the barrier, I explored and developed the following methodology which leverage Azure Point to Site VPN to connect Virtual Machines under multiple Azure subscriptions into a single Virtual Network. The diagram below show the idea by an Exchange lab.

P2S across subscription

The first step is setup Virtual Network and Point to Site VPN, you may follow the instruction from Azure:

Next you can setup DNS server and Domain Controller in virtual network, those servers need static IP which it is hard to guarantee if you use P2S VPN to join virtual network.

After you create new VMs in other subscription and install VPN to connect to virtual network, you will need a method to connect P2S VPN automatically during start up before user log on. Here you may use the following script run when start up to make that happen.

The major idea of the script is monitor whether the DNS server can be contacted and then try to resume VPN connection if failed. Also it will refresh route table and register DNS record via VPN connection.

Enjoy it and leverage multiple subscriptions to create an united lab.

The following link help me during the scripting.


