In this article, we are going to learn how can we implement VNet Peering across different Azure Active Directory Tenants. VNet Peering allows you to connect two virtual networks created by using different deployment models.
Normally we are using a VPN gateway for connecting different subscriptions from Virtual Network to Virtual Network. At the same time, we can use VNet Peering to connect virtual networks in the same Azure subscription or different subscriptions, as long as they share the same Azure AD tenant.
Before configuring the VNet peering we need to add the Client AD Tenant user to our Azure AD, so invite them using the Azure AD.
Step 1
In the Azure Active Directory, select the Users under the management, in the Users page Click + New user, then select Invite user finally enter the user email address and click the Invite button.
Step 2
In the client email, we can find that the Azure AD initiation, so click Accept Invitation.
Step 3
After accepting the Invitation, Sign out of the Azure portal and Sign in Again, we can now find the new directory added to our Azure portal.
Step 4
Repeat the same process (Step 1 to Step 3) for another Azure AD Tenant.
Step 5
Now we have to assign permission to the Invited users. In the Azure Resource Group create the Role assignment using the Access Control (IAM), select the role like Contributor or Network Contributor, and then select the user and click Save.
Step 6
To collect the resource ID for adding the VNet peering, to finding the Virtual Network Resource ID, go to the Virtual Network and click Properties, in the properties page you can find the Resource ID.
Step 7
Open the Virtual Network “OfficeVNet” and Select the peering under the Settings, and then click + Add.
Step 8
In the Add, peering page, enter the peering link name, and enter the Remote virtual network name.
After that Select, I know my resource ID, and then enter the Resource ID, after entering the Resource ID (Step 6, we have copied the resource id) you can able to find the Directory, select the Remote Azure Directory, and click Add.
Step 9
In the peering section, we can be verified that the peering status is “Initiated” because we must repeat the same settings on the Client-side.
Step 10
Repeat the same steps (Steps 6 to Steps 8),
Step 11
Finally, our VNet peering has been connected to both sides.
No comments:
Post a Comment