Launching the TrueStack Server

  1. Launch the TrueStack Server instance from the Azure Marketplace using the recommended configuration.
  2. Access the server using a browser after launch:
    • Navigate to http://<Public IP> of the TrueStack Server instance.
    • Follow the on-screen instructions to complete the setup.
    • The server will redirect to https://<Public IP> after obtaining a Let’s Encrypt certificate.

Launch Considerations

Region and Resource Group

  • Ensure the TrueStack Server is launched in the same Resource Group, Region, and Availability Zone as your Windows Domain Controller.
  • If you haven’t already set up your Windows Domain Controller, create a new Resource Group for your deployment.

Instance Size

  • TrueStack operates efficiently on low-resource instances. Most A, B, or D series workload types are supported:
    • A and B-series (Basic): Least expensive but require a Public IP allocation post-launch.
    • D-series (Standard): Includes a Public IP and provides better performance.

Authentication Type

  • Choose SSH public key or password for server access. Save credentials securely for future use.

Networking

  • Attach the TrueStack Server to the appropriate vNet and Subnet matching your deployment needs.

Network Security Group

  • Configure the NSG to allow essential traffic:
    • TCP Ports: 80 and 443 for the web interface.
    • UDP Port: 7473 for VPN connections.

Next Step: see Using TrueStack

Configuring Azure Networking for Use with Windows Domain Controllers

If you are using the TrueStack Server to enable Windows Domain Controller communication with VPN-connected computers, follow these additional steps. These steps are not necessary if the TrueStack Server is used solely as a VPN server for encrypted internet traffic.

Step 1: Ensure the TrueStack Server VM Has a Public (Static) IP

  1. Confirm that your TrueStack Server is assigned a Public (Static) IP address:
    • Standard SKU VMs include a Public IP by default.
    • Basic SKU VMs do not include a Public IP. To allocate one:
      • Stop the TrueStack Server VM.
      • Navigate to the Public IPs section in Azure, allocate a new Public IP, and associate it with the VM.
      • Restart the VM to apply the changes.

Step 2: Create a Route Table for Communication

To enable Windows servers to communicate with VPN-connected computers, create a route to the TrueStack Server subnet (5.6.0.0/16).

  1. Search for Route Tables in the Azure portal.
  2. Create a New Route Table:
    • Place the Route Table in the same Resource Group and Region as the TrueStack Server and Windows servers.
    • Set Propagate gateway routes to Yes.
  3. Configure Routes:
    • Open the newly created Route Table and go to Settings > Routes.
    • Add a new route with the following details:
      • Destination Type: IP Address.
      • Address Prefix: 5.6.0.0/16.
      • Next Hop Type: Virtual Appliance.
      • Next Hop Address: The private IP address of the TrueStack Server (e.g., 10.0.0.5).
  4. Associate the Route Table with a Subnet:
    • Go to Settings > Subnets within the Route Table.
    • Click Associate and select the Virtual Network and the desired Subnet.

Recommended Security Group Configuration for Azure

We recommend assigning the TrueStack server to its own Network Security Group (NSG) since it functions as a front-facing web server. Refer to the #NetworkSecurity guidelines for more information. If you need to isolate Windows servers from each other, assign each server to its own NSG. For communication between the TrueStack server and Windows servers, follow these steps:

Create a Network Security Group (NSG) for the TrueStack Server

Note: If you deployed the TrueStack server via Azure Marketplace, a default NSG might already be pre-configured with rules for ports 80, 443, and 7473.

  1. Navigate to the Azure Portal and search for Network Security Groups.
  2. Create a new NSG specifically for the TrueStack Server.
  3. Add the following Inbound Security Rules:
    • Rule 1:
      • Source: Any.
      • Destination Port Ranges: 80 (TCP).
      • Protocol: TCP.
      • Action: Allow.
    • Rule 2:
      • Source: Any.
      • Destination Port Ranges: 443 (TCP).
      • Protocol: TCP.
      • Action: Allow.
    • Rule 3:
      • Source: Any.
      • Destination Port Ranges: 7473 (UDP).
      • Protocol: UDP.
      • Action: Allow.
  4. Add an additional Inbound Security Rule to allow traffic from the Windows server(s):
    • Source: IP Addresses (specify the Windows server IPs, e.g., <Windows_Server_IP>).
    • Destination: Any.
    • Protocol: Any.
    • Action: Allow.
  5. Associate the TrueStack server’s Network Interface Card (NIC) with this new NSG.

Configure Network Security Groups for Windows Servers

  1. Navigate to the NSG for each Windows server.
  2. Add an Inbound Security Rule with the following parameters:
    • Source: IP Addresses (specify the TrueStack server’s private IP, e.g., <TrueStack_Server_IP>).
    • Destination: Any.
    • Protocol: Any.
    • Action: Allow.

Move Windows Servers to the Correct NSG

  1. Navigate to the Virtual Machine settings for the Windows server in the Azure portal.
  2. Under Settings, click on Networking.
  3. Locate the Network Interface linked to the VM and click on it.
  4. Under Settings for the Network Interface, select Network Security Group.
  5. Change the association to the correct NSG created for the Windows server.

If isolating Windows servers:

  • Create separate NSGs for each Windows server.