One of the many advantages NetMotion Mobility offers is that it requires no proprietary hardware to deliver its advanced capabilities and performance. It is a software solution that can be installed on any physical or virtual Windows server. This provides great deployment flexibility by allowing administrators to deploy this remote access solution on their existing virtual infrastructure, which is much less costly than investing in dedicated hardware or virtual appliances.
Cloud Deployment
As customers begin moving their traditional on-premises infrastructure to the cloud, it’s good to know that NetMotion Mobility is fully supported in popular public cloud platforms such as Microsoft Azure. Installing and configuring Mobility on a server in Azure requires a few important changes to a standard Azure VM deployment however. Below is detailed guidance for installing and configuring NetMotion Mobility on a Windows Server 2016 virtual machine hosted in the Microsoft Azure public cloud.
Azure Networking Configuration
Before installing the NetMotion Mobility software, follow the steps below to configure the Azure VM with a static public IP address and enable IP forwarding on the internal network interface.
- In the Azure management portal, select the NetMotion Mobility virtual machine and click Networking.
- Click on the public-facing network interface.
- In the Settings section click IP configurations.
- In the IP configurations section click on the IP configuration for the network interface.
- In the Public IP address setting section click Enabled for the Public IP address.
- Click Configure required settings for the IP address.
- Click Create New.
- Enter a descriptive name and select Static as the assignment method.
- Click OK
- Click Save.
Note: The process of saving the network interface configuration takes a few minutes. Be patient! - Note the public IP address, as this will be used later during the Mobility configuration.
- Close the IP address configuration blade.
- In the IP forwarding settings section click Enabled for IP forwarding.
- Click Save.
NetMotion Mobility Installation
Proceed with the installation of NetMotion Mobility. When prompted for the external address, enter the public IP address created previously.
Next choose the option to Use pool of virtual IP addresses. Click Add and enter the starting and ending IP addresses, subnet prefix length, and default gateway and click OK.
Complete the remaining NetMotion Mobility configuration as required.
Azure Routing Table
A user defined routing table must be configured to ensure that NetMotion Mobility client traffic is routed correctly in Azure. Follow the steps below to complete the configuration.
- In the Azure management portal click New.
- In the Search the Marketplace field enter route table.
- In the results section click Route table.
- Click Create.
- Enter a descriptive name and select a subscription, resource group, and location.
- Click Create.
Once the deployment has completed successfully, click Go to resource in the notifications list.
Follow the steps below to add a route to the route table.
- In the Settings sections click Routes.
- Click Add.
- Enter a descriptive name.
- In the Address prefix field enter the subnet used by mobility clients defined earlier.
- Select Virtual appliance as the Next hop type.
- Enter the IP address of the NetMotion Mobility server’s internal network interface.
- Click OK.
- Click Subnets.
- Click Associate.
- Click Choose a virtual network and select the network where the NetMotion Mobility gateway resides.
- Click Choose a subnet and select the subnet where the NetMotion Mobility gateway’s internal network interface resides.
- Click OK.
Note: If clients connecting to the NetMotion Mobility server need to access resources on-premises via a site-to-site gateway, be sure to associate the route table with the Azure gateway subnet.
Azure Network Security Group
A network security group must be configured to allow inbound UDP port 5008 to allow external clients to reach the NetMotion Mobility gateway server. Follow the steps below to create and assign a network security group.
- In the Azure management portal click New.
- In the Search the Marketplace field enter network security group.
- In the results section click Network security group.
- Click Create.
- Enter a descriptive name and select a subscription, resource group, and location.
- Click Create.
Once the deployment has completed successfully, click Go to resource in the notifications list.
Follow the steps below to configure the network security group.
- In the Settings section click Inbound security rules.
- Click Add.
- Enter 5008 in the Destination port ranges field.
- Select UDP for the protocol.
- Select Allow for the action.
- Enter a descriptive name.
- Click OK.
- Click Network Interfaces.
- Click Associate.
- Select the external network interface of the NetMotion Mobility gateway server.
Summary
After completing the steps above, install the client software and configure it to use the static public IP address created previously. Alternatively, configure a DNS record to point to the public IP address and specify the Fully Qualified Domain Name (FQDN) instead of the IP address itself.
Additional Resources
Enabling Secure Remote Administration for the NetMotion Mobility Console
NetMotion Mobility Device Tunnel Configuration
NetMotion Mobility as an Alternative to Microsoft DirectAccess
NetMotion Mobility and Microsoft DirectAccess Comparison Whitepaper
DirectAccess has been around for many years, and with Microsoft now moving in the direction of Always On VPN, I’m often asked “What’s the difference between DirectAccess and Always On VPN?” Fundamentally they both provide seamless and transparent, always on remote access. However, Always On VPN has a number of advantages over DirectAccess in terms of security, authentication and management, performance, and supportability.
