Adding Gateway to VM Network As Tenant Administrator

Article, Hyper-V, Microsoft, Network, Network Virtualization, PowerShell, Software, System Center, System Center Virtual Machine Manager, Windows, Windows Servers 2012 R2 1 Minute

I’ve been exploring VMM PowerShell cmdlets recently especially related to Network Virtualization. I was thinking of blogging about adding Gateway, NAT Connection and VPN connection to VM Network but I was too occupied with work. Today on the TechNet VMM Forum I’ve saw a question on how to add Gateway to a VM Network as Tenant Administrator. Apparently if you go as Tenant Administrator to the properties of the VM Network you will not see an UI for adding Gateway:

image

My guess the reason behind this is that the usual UI for this option was built for the Administrator role. The Administrator can see all Network Services of type Gateway and has full access to them. On the other hand Tenant Administrator does not have access to those objects. Tenant Administrator has access only to objects in its own scope which what that Tenant Administrator has created. To this problem there are a couple of solutions:

  • Give your tenants the Azure Pack experience. They will be able to access Azure Pack Tenant Portal and add Gateways (NAT Connection and VPN Connections) on their own.
  • Contact administrator and ask him/her to add a Gateway to your VM Network.
  • Add Gateway on your own trough PowerShell

The third option is easy also. You fire up PowerShell. Get the VM Network you want to add Gateway to a variable like this:

$VMnetwork=Get-SCVMNetwork -Name  VMNetwork66

And than you add Gateway to your VM Network like this:

$GatewayName = $VMnetwork.Name + “_Gateway”

Add-SCVMNetworkGateway -VMNetwork $VMnetwork –Name $GatewayName

image

image

After this you have your Gateway added to VM Network. As a Tenant Administrator VMM does not allow you to see available Gateways so it will choose automatically the first that has enough resources.

After that you can easily add NAT Connection for example:

$NATConnectionName=$VMnetwork.Name + “_NATConnection”

$Gateway=Get-SCVMNetworkGateway -VMNetwork $VMnetwork –Name $NATConnectionName

image

After adding the Gateway you can also use Add-SCVPNConnection to add S2S VPN.

Also with Administrator role you have the option to add Gateway, NAT Connection and VPN Connection on behalf of the Tenant Administrator by using –OnBehalfOfUser and  -OnBehalfOfUserRole paramaters. I’ve covered in the past how to execute those.

Published by Stanislav Zhelyazkov

Stanislav Zhelyazkov has been working in IT since 2007. Stanislav has started his IT career as a Help Desk Specialist in 2007 while studying Informatics in the University of Ruse. He also worked in HP Enterprise Services (now known as DXC), maintaining large corporate IT infrastructures for clients in Holland, Switzerland and Germany and was involved in a Private Cloud project based on MS Hyper-V and System Center. He was also in the role of Principal Consultant in Lumagate developing and consulting companies on Azure, OMS, management and Private clouds. Currently he is Cloud Infrastructure Engineer at Sentia Denmark. Stanislav is active community member at MSDN forums providing answers on Azure. His blogposts can be found at www.cloudadministrator.net or www.systemcentercentral.com.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.