One of the many advantages NetMotion Mobility offers is that it requires no proprietary hardware to deliver its advanced capabilities and performance. It is a software solution that can be installed on any physical or virtual Windows server. This provides great deployment flexibility by allowing administrators to deploy this remote access solution on their existing virtual infrastructure, which is much less costly than investing in dedicated hardware or virtual appliances.
Cloud Deployment
As customers begin moving their traditional on-premises infrastructure to the cloud, it’s good to know that NetMotion Mobility is fully supported in popular public cloud platforms such as Microsoft Azure. Installing and configuring Mobility on a server in Azure requires a few important changes to a standard Azure VM deployment however. Below is detailed guidance for installing and configuring NetMotion Mobility on a Windows Server 2016 virtual machine hosted in the Microsoft Azure public cloud.
Azure Networking Configuration
Before installing the NetMotion Mobility software, follow the steps below to configure the Azure VM with a static public IP address and enable IP forwarding on the internal network interface.
- In the Azure management portal, select the NetMotion Mobility virtual machine and click Networking.
- Click on the public-facing network interface.
- In the Settings section click IP configurations.
- In the IP configurations section click on the IP configuration for the network interface.
- In the Public IP address setting section click Enabled for the Public IP address.
- Click Configure required settings for the IP address.
- Click Create New.
- Enter a descriptive name and select Static as the assignment method.
- Click OK
- Click Save.
Note: The process of saving the network interface configuration takes a few minutes. Be patient! - Note the public IP address, as this will be used later during the Mobility configuration.
- Close the IP address configuration blade.
- In the IP forwarding settings section click Enabled for IP forwarding.
- Click Save.
NetMotion Mobility Installation
Proceed with the installation of NetMotion Mobility. When prompted for the external address, enter the public IP address created previously.
Next choose the option to Use pool of virtual IP addresses. Click Add and enter the starting and ending IP addresses, subnet prefix length, and default gateway and click OK.
Complete the remaining NetMotion Mobility configuration as required.
Azure Routing Table
A user defined routing table must be configured to ensure that NetMotion Mobility client traffic is routed correctly in Azure. Follow the steps below to complete the configuration.
- In the Azure management portal click New.
- In the Search the Marketplace field enter route table.
- In the results section click Route table.
- Click Create.
- Enter a descriptive name and select a subscription, resource group, and location.
- Click Create.
Once the deployment has completed successfully, click Go to resource in the notifications list.
Follow the steps below to add a route to the route table.
- In the Settings sections click Routes.
- Click Add.
- Enter a descriptive name.
- In the Address prefix field enter the subnet used by mobility clients defined earlier.
- Select Virtual appliance as the Next hop type.
- Enter the IP address of the NetMotion Mobility server’s internal network interface.
- Click OK.
- Click Subnets.
- Click Associate.
- Click Choose a virtual network and select the network where the NetMotion Mobility gateway resides.
- Click Choose a subnet and select the subnet where the NetMotion Mobility gateway’s internal network interface resides.
- Click OK.
Note: If clients connecting to the NetMotion Mobility server need to access resources on-premises via a site-to-site gateway, be sure to associate the route table with the Azure gateway subnet.
Azure Network Security Group
A network security group must be configured to allow inbound UDP port 5008 to allow external clients to reach the NetMotion Mobility gateway server. Follow the steps below to create and assign a network security group.
- In the Azure management portal click New.
- In the Search the Marketplace field enter network security group.
- In the results section click Network security group.
- Click Create.
- Enter a descriptive name and select a subscription, resource group, and location.
- Click Create.
Once the deployment has completed successfully, click Go to resource in the notifications list.
Follow the steps below to configure the network security group.
- In the Settings section click Inbound security rules.
- Click Add.
- Enter 5008 in the Destination port ranges field.
- Select UDP for the protocol.
- Select Allow for the action.
- Enter a descriptive name.
- Click OK.
- Click Network Interfaces.
- Click Associate.
- Select the external network interface of the NetMotion Mobility gateway server.
Summary
After completing the steps above, install the client software and configure it to use the static public IP address created previously. Alternatively, configure a DNS record to point to the public IP address and specify the Fully Qualified Domain Name (FQDN) instead of the IP address itself.
Additional Resources
Enabling Secure Remote Administration for the NetMotion Mobility Console
NetMotion Mobility Device Tunnel Configuration
NetMotion Mobility as an Alternative to Microsoft DirectAccess
NetMotion Mobility and Microsoft DirectAccess Comparison Whitepaper
Felix
/ September 18, 2019Awesome How-To Thanks!
I tried that and can connect via Mobility APP – Fine
Get an IP – 10.21.12.1 – Fine
But I cant get Data thru the VPN – Do I have to configure the VM to be the gateway (10.21.12.254) or something ? Routes / Firewall and IP-Forwarding is set as described
Richard M. Hicks
/ September 18, 2019No, the only thing that is required is that routing and forwarding be configured as described in the article. In my example, the 10.21.12.254 address is non-existent. It is not assigned anywhere in my network. It might be used as a virtual address on the NetMotion server though, but I’m not certain.
Chris
/ April 22, 2021Same issue. Route table is setup but I cannot pass any traffic over the VPN.
ash
/ February 21, 2022Very useful article. thanks
I have setup the mobility host in Azure and can connect to the host using the mobility client and I am able to connect to all the services in the same subnet as mobility host, but unable to connect to the services outside the mobility host subnet. I have added the relevant routes in Azure as described in the article. Please can you advice.
Also any ideas in how we cam use DHCP for mobility host in Azure as DHCP is not supported by MS in Azure.
Richard M. Hicks
/ February 22, 2022It sounds like routes for the Mobiltiy client subnet haven’t been defined on those other subnets. You can either assign the same routing table to those subnets or update any existing route tables accordingly. Also, there’s no option to use DHCP in Azure for Netmotion Mobility. You must use static address pool.
ash
/ March 29, 2022Thanks, managed to get it working. It was the return routes and FW config.
Richard M. Hicks
/ March 29, 2022👍