Schedule VPN Gateway deploy

Davide Ghisalberti 21 Reputation points
2020-12-15T16:00:26.023+00:00

Hi all! I'm configuring a Point-to-Site VPN access for my VMs on Azure. So far so good, everything works. My concern it's about the pricing of the SKU 'VpnGw1'

On the online calculator I can see the prices for GBs and tunnels, and a configurable pricing for "Gateway hour". I thought (wrongly) that this pricing was related to effective gateway usage, but it's instead related to the 'existance' of the gateway object in my subscription (e.g. I create the gateway at 3.00 pm and delete it at 6.00 pm, I pay for three hours regardless I've used it or not).

It seems odd because I can't understand how to schedule the gateway object to be created when I want to use it (for example, only for business hours/days).
There is a way to configure a schedule for creating and destroying this object, and to configure it in a way that my VPN clients are not aware of that? For example I don't want to distribute every day a configuration package or certificate or information to be configured by my clients, I just want my gateway to be active from 9 to 5/Monday to Friday

Thanks in advice for the help!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,557 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,257 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andreas Baumgarten 111.1K Reputation points MVP
    2020-12-17T18:53:18.393+00:00

    The way it would work is:

    1. Create the required certificates and store this somewhere for automated deployment
    2. Create a script to deploy the VPN Gateway using the existing certificate
    3. Deploy the VPN Gateway via script on a schedule (for example every day at 8:00 AM)
    4. Delete the VPN Gateway via script on a schedule (for example at 6:00 PM)

    Repeat steps 3 - 4

    As long as you are using the same certificate and public IP of the VPN Gateway it should work without modifications on the client.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andreas Baumgarten 111.1K Reputation points MVP
    2020-12-15T19:59:51.913+00:00

    If you delete and redeploy the VPN Gateway everyday the public IP will maybe change as well.

    Anyway ... With PowerShell it's possible to deploy a VPN Gateway:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps

    And this can be scheduled on premises with the task scheduler in Windows.
    Or a runbook in Azure Automation can be used with a schedule.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.