I am looking for a cloud enviroment for teaching some network and IT Pro training courses. Before i try the Azure Lab Services, can you tell me if the VMs can have Internet Access or the VMs will just connect with another VMs in the same lab?
Your lab VMs should have internet access. If you need to control traffic more tightly, or you need the Lab VMs to connect to network attached resources in another VNET, you can connect the Labs account to an existing VNET with VNET peering.
See here for more info:
https://learn.microsoft.com/en-us/azure/lab-services/classroom-labs/how-to-connect-peer-virtual-network
Related
i have an architecture with virtual wan in azure.
i would like to have a vnet with share services (app gw, az bastion, ect...) connected with a hub. arround the virtual hub i have many vnet (projects) connected like the vnet share services. I observed that it's impossible to join the vm's of the projects with azure bastion. do you know if there is a way to shre my az bastion with all the vnets connected with the virtual hub into my vwan?
in the past I used az bastion in ahub and spoke architecture with vnet peering and it worked very well.
thanks for your returns!
Currently vWAN vnets doesn’t support Bastion deployments. You can only deploy Firewall as it is a Managed VNET.
If you wish you may leave your feedback here All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
Is there any way to use Azure Bastion to connect to on-prem systems as well as Azure virtual machines?
I have a hybrid cloud environment where some key machines are on-prem and some are Azure VMs. The Azure VNet is extended with a VPN tunnel so the azure VMs can talk to the on-prem machines.
In Googling my question, I was not able to find much...
The official page for Azure Bastion describes it as '''Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet)'''
This page talks about hybrid envrionments https://blog.ahasayen.com/introducing-azure-bastion/ , saying:
'''You might also have some sort of hybrid connectivity with your on-premises network and when you are outside the office, you use point to site VPN to securely access your VNET, which is the ideal situation.'"
I am aware of Azure Arc which is currently in preview. Would something like that be appropriate to make this work?
My overall questions are:
Am I totally barking up the wrong tree here? Is my understanding off?
Is it possible to use Azure Bastion to access an on-prem server on an extended VNet?
Thanks in advance!
As far as I know, currently, it's not possible to use Azure Bastion to access an on-prem server on an extended VNet. You only could use Azure Bastion to access all the VMs in the VNet which has AzureBastionSubnet. Refer to this blog
Azure Bastion resides on the same virtual network (VNet) as the
servers accessed and only connects to one VNet.
Actually, you can have a private and securely RDP/SSH connection between your on-premise server and Azure VM via a VPN gateway, you just can not RDP/SSH on-premise server via Azure portal. If you need this feature with Azure Bastion, it's welcome to give feedback or upvote these similar feedback1 and feedback2.
Hope this could help you.
This is now possible via the new capabilities introduced in Azure Bastion Standard Tier.
https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address
I have two virtual networks (classic) in Azure, and I need to be able to ssh between vms on these networks. I have followed the instructions here (https://azure.microsoft.com/en-us/blog/vnet-to-vnet-connecting-virtual-networks-in-azure-across-different-regions/), and successfully connected the networks. However, when I try and ping vm1 on vnet1 and vm2 on vnet2 the request times out, so it looks like vm1 cannot see vm2. Are there any further steps I need to take to allow communication? Shouldn't they be able to see each other's private IP addresses?
That's a pretty loaded question, but I think there is a better walk through for you to have a look at:
Configure a VNet-to-VNet connection in the Azure Classic Portal
or
Configure a VNet-to-VNet connection for virtual networks in the same subscription by using Azure Resource Manager and PowerShell
Pick your poison... I've verified both of these work as intended if you follow the steps carefully.
I have a Web role on Azure. I would like to allow only my people to access the web role.
I have found post to manual/code to restrict IPs to access the role. I would like to create firewall way(something like SQL Azure's firewall) to block/allow IPs.
I could not find any setting in Azure console. please help.
If you publish your endpoint on the Internet through the Windows Azure load balancer, there is no option in place to define firewall rules on Azure.
But you can secure access to VMs created using either Windows Azure’s Infrastructure as a Service (IaaS) technology or its Platform as a Service (PaaS) technology through the Windows Azure Virtual Network service.
Windows Azure Virtual Network lets you create a logical boundary around a group of VMs, called a virtual network or VNET, in a Windows Azure datacenter. It then lets you establish an IPsec connection between this VNET and your local network.
For more information see Networking, Windows Azure Networking, Windows Azure Virtual Network, Create a Virtual Network for Cross-Premises Connectivity, Create a Virtual Network in Windows Azure.
About the cost of this service: Windows Azure Virtual Network is currently (February 2013) available in preview at no charge. Once the service becomes generally available you will be charged if you create a hardware VPN connection between a Virtual Network (VNET) and your VPN gateway. The charge will be for each hour that the VPN connection is provisioned and available (called the “VPN connection hour”). All data transferred over the VPN connection is charged at Window Azure’s standard data transfer rates. You can use the pricing calculator for a simulation.
We want to run MongoDB and some custom services on Azure Iaas VMs and connect to them with our roles but we do not want to have public IP exposure on the VMs.
If possible what is the best way of doing this?
If not possible is this on the roadmap?
We can add the VM's under the same cloud service and they can communicate happily, the roles are in same deployment so they communicate, but issue between the vm's and roles. We appreciate that the Iaas stuff is still in preview.
Thanks
If you have your Windows Azure Web/Worker Role and Windows Azure Virtual Machine in the same DC you can access them directly using internal IP address using Virtual Networking (Vnet) using internal Endpoints. To achieve it first you would need to create a Virtual Network and then add your Virtual Machine to this VNet. VNet will give your internal IP address and your Web/Worker Role can communicate to this internal IP address.
You can not do mix mode deployment directly from Windows Azure Preview Portal (it is not supported in preview yet) however you can use PowerShell VNet cmdlets to get it configured and working. To need further assistance with VNet team you can contact them directly here.