This guide walks you through a practical demonstration of joining a client machine behind a customer edge router to an AD domain controller via NetFoundry service. The config steps are included. in this guide.
For this demonstration, we have considered setting up a network between an ER running on a VMWARE VM on-premise (Assuming it is the headquarters) (egress ER) and Azure South India that hosts the Windows 11 client VM and Customer ER (ingress ER). The NetFoundry-hosted edge routers are provisioned at Azure & AWS in India. We expect to join the Azure VM to AD domain controller hosted at HQ.
Step 1. Build the Network using our Getting Started Guide.
Step 2. Provision of NetFoundry-hosted Edge routers
At least one publicly accessible Edge Router is required for endpoints and edge routers to create a fabric. Having a min of two hosted ERs is a best practice for redundancy and smart routing.
Step 3. Provision of Customer-hosted Edge Routers ( On-prem and Azure) :
Customer self-hosted Edge Routers (CERs) act as egress routers for endpoints / other CERs to reach the services terminated on the CER endpoint.
Create and Register CERs in a private cloud
Use the below deployment guides to provision a customer-hosted Edge Router into a branch office or a private cloud.
Create and Register CERs on AWS / Azure / OCI / any Public Cloud
Use the below deployment guides to provision a customer-hosted Edge Router into your AWS / Azure/ GCP/ OCI.
Step 4. Create a Service
The service definition provides the details of what device or devices will be utilized to provide access to services, either on the device (Zero Trust Client SDK Application) or the network connected to the device (via its LAN, for example). The service also defines how the endpoints acting as clients will access the service. Also, the service hosting details are provided.
Step 5. Creating the AppWAN
The AppWAN defines the services that one or more client endpoints can access.
Note: The endpoint/service/edge router attribute will select all endpoints/services/edge routers with that specific attribute. The @ symbol is used to tag Individual endpoints/services/edge routers and the # symbol is used to tag a group of endpoints/services/edge routers.\
Step 6. Add routes where needed
Add a Route entry in the Azure route table
Add a route in Azure for subnet 192.168.158.0/24 of the headquarters pointing to the egress ER interface-10.90.1.5
- Go to the Azure portal
- In the search bar, search for Route Tables
- Create a routing table if you don’t have one already
- Go to routes in the route table, add a route by adding the IP address 192.168.158.0/24 in destination IP addresses/CIDR Ranges, select the next hop type as a virtual appliance, and add the egress router IP address 10.90.1.5
- Go to subnets in the route table, and associate a subnet to the route that was added earlier. Click on associate and assign the appropriate Vnet and subnet for the route.
Go to the manage route table to know more about the Azure Routes.
Step 7. Join the Client in Domain Controller
To know more about joining the client machine in the domain controller click here
On the Desktop, click the start button, type Settings, and then press ENTER.
Navigate to System then go to about.
Under computer name, domain, and workgroup settings, click change settings.
Under the Computer Name tab, click Change.
Under Member of, click domain, type the name of the domain that you wish this computer to join, and then click OK.
Click OK in the Computer Name/Domain Changes dialog box and restart the computer.