SmarterASP.net - Connecting to Azure Database - azure

We are hosting our website at SmarterASP.net but because of their database limitation, we are moving the database to Azure. To connect to external ports (on different servers), SmarterASP requests us to add their IP address to the list of Outgoing Ports. Microsoft's DB address is:
[ourcompany].database.windows.net
Two questions:
1 - I shouldn't trust that the IP I got when pinging Microsoft's database dns is static and never changes, should I?
2 - Why SmarterASP tells me it's not possible to add the DNS in their firewall? According to them, it has to be the IP address. Is that common?

Related

Allowing IP Address through SQL Server Firewall

I have a Website (App Service), 1 Sql Server with 2 databases on it.
Each month I randomly get an error:
Cannot open server 'myServer' requested by the login. Client with IP address 'xx.xxx.87.3' is not allowed to access the server.
To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range.
It may take up to five minutes for this change to take effect.
My question is, how do I know what application/service this IP address is?
It's not the IP address of my website and if I ping the CNAME of my database, it doesnt match this IP. But if I don't add it, my whole site doesn't work.
I must add this manually once per month, when something changes. How do I find out what this IP address is connected to?
Basically, there are 2 ways to solve your issue:
Specify Allow Azure services and resources to access this server as Yes on your SQL server firewall-config so that your SQL server will allow all Azure resources to access.
Adding all of the outbound IPs of your Azure app service into your SQL server firewall whitelist. It has a higher security level than the first way. You can find all the outbound IPs on Azure Portal here:

How to connect to Azure pass DB from a secure network

I would like to connect to Azure SQL server from a Window server via SSMS. In the “set server firewall” from Azure, I have given my server IP ( from the system I would like to connect). I need to know the destination IP adders of the Azure DB Server. From Azure portal the location is showing central US . To allow firewall I need to know the destination IP address.
My questions are:
1. As Central US could have multiple IP addresses, do I need to provide all IPs to my Firewall team?
2. How can I know the destination IP address ( i.e. Azure) so that I can provide that to my firewall team?
Note: From SQL server management studio, the tcp default port for SQL is enabled and services are running fine.
Hope I have explained it correctly.Thanks
No. You cannot get a static IP address assignment for your Azure SQL Database. Moreover, what you refer (mysqlserverdatabase.mysql.database.azure.com designates your Azure SQL Database Server, not a single Database. This is a logical server, in which you can put up to 149 Databases (150 with the Master DB).
You have to workaround your requirement for static IP address assingment to work with the DNS Name (mysqlserverdatabase.mysql.database.azure.com).
Otherwise if your company firewall can't work with the DNS Name ,you need to set the server connection policy to Proxy as documented in Azure SQL Connectivity Architecture. This allows the database gateway to proxy all traffic between the client and the DB server. The gateways all have static IP addresses, which are listed in the above document.
If you have setup a VNet in Azure, checkout VNet Service Endpoints to connect Azure SQL.
https://azure.microsoft.com/en-in/blog/vnet-service-endpoints-for-azure-sql-database-now-generally-available/

Which IP should be whitelisted when using Azure?

I am hosting an web app at azure.
My problem is, that my MySQL Database, that is not hosted at Microsoft Azure, requires an IP to be whitelisted. Otherwise I am not able to connect from the server to the DB.
Do you know which IPs should be whitelisted?
I have come across the IPs that are under Properties -> Outbound IP Adresses, fe.
Are the IPs that are inside that Block the adresses that try to access my database, should they be whitelisted? Can they change?
So, I have found out that these IP Adresses are the outbound adresses- YES, they can change. You can find out the IPs under https://www.microsoft.com/en-us/download/details.aspx?id=41653
Microsoft gives an IP range to every server farm (depending on your server location, eg. Europe, America...) - Your server IP can change within that IP range- when you want to whitelist your Server, you have to whitelist that range.

Access azure app service with ip address not the hostname

I've got a app plan (BASIC SMALL) with a private (hopefully) ip adress that can be found under Settings > Custom Domains.
When I try to access the content of the app using just the ip, it doesn't work. The site says "Error 404 - Web app not found." The hostname works just fine. When I ping the hostname it gives me the same ip adress. What do I have to do in order to be able to access it just using the ip?
That's not how Web Apps work, since you don't get a unique IP address assigned. You'll need to access it via yourname.azurewebsites.net or yourcustomdomainname.com - and then your requests are routed appropriately based on the name you provide.
If you absolutely needed a dedicated IP address, you'd need to deploy to a virtual machine.
When you host your web site on Azure web app it is bound to a virtual IP address that is shared with other web sites in the same app service plan. If you want to get a dedicated IP with your web site, please try to use Azure virtual machine with reserved IP. You could also choose App Service Environment
If you buy your custom domain, you can freely set DNS A records for that IP (it remains static). It sets binding of your domain to your web app. You can't access it directly by IP. Because on a given IP address and standard HTTP port 80, only one web can be running.
Imagine your web app could be open by entering that IP. You would "block" port 80 for zillions of other stuff running there.
If you check Properties blade there you will see a number of outbound IP addresses. If you consume some requests from web app / job / ... and have IP restriction set on the other side - you need to allow all these IPs.
As David suggested. If you really need a static IP - you need to run VM and set IP address as static or set VNet for web app.

Azure VM fails to register in the DNS server external to Azure

We are trying to register the Azure VM to our own DNS Server but not able to do so.
We have already setup the VPC, Virtual Network and Gateway to connect to our DNS server.
we have also specified our DNS server within the Virtual network.
From what I understand, you're looking to register your VMs internal IPs in your DNS server. Is that correct?
If so, Windows clients do this automatically when domain joined and will send an unsecured Dynamic DNS update when not domain joined but you need to create a DNS zone for the records and allow unsecured updates, which is not the default. Linux clients need a script added to the DHCP client to send the dynamic DNS updates. I'm in the process of creating a page on Azure.com for this and can share the commands in the meantime if you're using that setup.
Gareth
(Azure DNS)

Resources