Azure virtual machine scale set agents public IP - azure

I was following this article - Azure virtual machine scale set agents. Everything is good and I am able to run my custom images to perform builds and deployments.
One thing that is missing there - what if agent needs to access some IP restricted resource? Previously (with a simple VM running as agent) it was easy to whitelist public IP of a given agent. With those scale sets (and --load-balancer "") I am not sure how to get them to use a static IP (preferably only 1 outgoing public IP for all VMs in a set)
Any suggestions?

When you use a Load Balancer in front of the VMSS with only one static public IP address, then all the VMSS instances only can access outside through that one static public IP address. It's easy to achieve it, you just need to configure the public IP address as static. Then you put that public IP address in the whitelist for the restricted resource.
In this way, all the instances access the restricted resource via the static public IP address and it's in the whitelist.

Related

Azure: Multiple VMs behind same public IP?

What is the correct process for getting multiple VMs to report their public IP as the same address in Microsoft Azure? I have them in the same subnet on the same VNet already, and there is a gateway on that VNet with a dedicated public IP however all machines are reporting unique public IPs.
In general each Azure VM have their own IP (Public or Private or both).
However you can keep one IP at front and VM behind by -
Option 1 : Place a azure public loadbalancer and keep the VMs behind this and route the traffic by creating rules.
Option 2 : Easy Option if the VMs are identical (same OS, Size etc) you can use the Azure Dev test Lab with shared IP option for multiple VM. This option is there in the advance setting part of create VM dialog, here you can define the instance count as well.
Link for DevTestLab - https://learn.microsoft.com/en-us/azure/devtest-labs/tutorial-create-custom-lab

Azure - create multiple Virtual Machines with static addresses - conflicts

I'm working on a project in which we create labs (for students) in which users can create virtual machines and specify that they ought to have static ip addresses. The problem is that when a virtual machine is created on Azure, it alwayas has a dynamic ip address and only then can be assigned a static one.
Is there a way to make it possible to allocate multiple simultaneously created virtual machines with static ips that were chosen by users? We do store these ip addresses in the database so before the conflict happens in Azure, we can detect it on the database level but it's not enough.
Why?
Because if we create 10 virtual machines at the same time, all of them with specific static ips, some may be created with conflicting dynamic addresses:
vm1: dynamic ip - 10.0.0.2, requested static ip 10.0.0.9
vm2: dynamic ip - 10.0.0.3, requested static ip 10.0.0.15
vm3: dynamic ip - 10.0.0.4, requested static ip 10.0.0.16
vm4: dynamic ip - 10.0.0.5, requested static ip 10.0.0.17
vm5: dynamic ip - 10.0.0.6, requested static ip ---------
vm6: dynamic ip - 10.0.0.7, requested static ip 10.0.0.19
vm7: dynamic ip - 10.0.0.8, requested static ip 10.0.0.20
vm8: dynamic ip - 10.0.0.9, requested static ip 10.0.0.21
vm9: dynamic ip - 10.0.0.10, requested static ip 10.0.0.8
vm10: dynamic ip - 10.0.0.11, requested static ip 10.0.0.6
After creation of these vms, when trying to assign 10.0.0.9 to vm1, there will be an error because vm8 has this ip address (although it doesn't want it either, it wants to change to 10.0.0.8 which is taken as well).
I guess a centralized point for creation would be perfect but unless there is something like that on Azure, I don't think it can be done on our end.
Any thoughts?
In the Azure portal, if you use the UI to create VMs directly, a lot of steps will be done by Azure in the backend so that you cannot control the creation. I suggest that you can use the Azure Template or Azure CLI and Azure PowerShell script to achieve it. You can select one of the above three methods. Then you can create the NIC with the Static allocate method.

Changing Azure VM ip address without downtime

I have an Azure VM with SQL Server on. There are a number of applications using this database via it's public ip address. The ip address is currently set to Dynamic and the VM requires maintenance which could change it. Is there a way of assigning a static ip address to the VM while keeping the current one active while I update the applications to use the new static one?
Is there a way of assigning a static ip address to the VM while
keeping the current one active while I update the applications to use
the new static one?
If I understand it correctly, you just want to change the public IP address to static.
We can change the public IP address to static via Azure portal, that IP address will not change.

Azure Virtual Network / VM's Setup to Share One Public IP

I've recently setup a point to site VPN on Azure. In doing so I have created:
Azure Virtual Network
Azure Virtual Network Gateway
Azure Virtual Network Gateway IP (static)
Azure VM
I was under the impression that any VM set to use the above said Virtual Network would all share the same public IP? However it appears that the Azure VM i setup is instead using its own dynamic public IP.
Is there a way to route any VM on the Custom Virtual Network I created through one public IP? IF so - how can I do this?
According to your description, you have create a point-to-side VPN. in this scenario, we can remove the public IP addresses from VMs, then you can access your VMs with private IP addresses via VPN.
You are correct - I have the VPN working correctly. My only concern is this, it'd be great that if any of those VM's in that private network shared the same static IP - that way I could grant access to that IP in my firewall to other systems i have in other hosting platforms (as they are all typically locked down by ip).
It sounds like your reference to availablity sets may be the phrase i was looking for to further google.. i will check it out and let me know
please let me know if anything I added above changes your answer/recommendations :)
I was under the impression that any VM set to use the above said
Virtual Network would all share the same public IP?
You are talking about Azure ASM module (classic). In ASM module, VMs can use the same public IP address(NAT).
However it appears that the Azure VM i setup is instead using its own
dynamic public IP.
In Azure resource module, we can create Azure VMs with different Public IP addresses.
Is there a way to route any VM on the Custom Virtual Network I created
through one public IP?
According to your description, you have create a point-to-side VPN. in this scenario, we can remove the public IP addresses from VMs, then you can access your VMs with private IP addresses via VPN.
If you want to access those VMs from Internet and use one public IP address, we can create VMs in the same availability set, and deploy a Internet facing load balancer, then add NAT rules to them, in this way, we can access those VMs use the same public IP address and different ports.

2 vms in one cloud service only one IP?

I created 2 vms, one for centos and another one for azure, I used the same cloud service, but both have the same public IP Address, why>? can I change it?
Or they have to be in different separate cloud services?
By default, they are behind a single IP address which load balances the private IP addresses. Until recently, there was no way to get a public IP for a virtual machine.
Now, it's possible to assign a public IP to a virtual machine:
With Instance-level Public IPs for VMs, you can now assign public IP addresses to your virtual machines, so they become directly addressable without having to map an endpoint through a VIP. This feature will enable scenarios like easily running FTP servers in Azure and monitoring virtual machines directly using their IPs.
We are making this new capability available in preview form today. This feature is available only with new deployments and new virtual networks and can be enabled via PowerShell.
Typically, the load balancer is fine, but there are options if you absolutely need access to individual machines.
Since they're in the same cloud service, they're probably behind the same load balancer, and a load balancer would only have one public IP.
So, yes, I would use different cloud services as you mentioned.

Resources