I have the following issue.
I have created the following cloudservice setup.
Azureproject
Roles
AruzeWebRole
AzureWorkerRole
The webrole has two small instances, the workerrole one extrasmall.
When i deploy this to our azure environment, i see correctly three instances:
Name Status Role Size
---------------------------------------------------------------------
AzureWorkerRole_IN_0 Running AzureWorkerRole Extra Small
AruzeWebRole_IN_0 Running AruzeWebRole Small
AruzeWebRole_IN_1 Running AruzeWebRole Small
Everything works fine.
But when i open a RDP connection to my two web-instances, and a third rdp connection to the workerrole-instance, i get kicked out of one of the web-instance.
When i get a closer look, when opening the RDP session to the workerrole its just creating an RDP to a Webrole instance.
After a redeploy it is possible that i gt oin the other web-instance.
If i change the size of the workerrole from XS to M, it still opens the RDP to one of my webroles.
I'm not sure what I'm doing wrong.
Is my workerrole realy deployed on one of my webrole instances, or is Azure just fooling arround with me.
If anyone had a similar situation, or some good advice to check this out. That would be nice.
Thanks!
I can say it's kind strange behaviour. I've got approximately the same configuration and it works just fine.
Just a hint to think about.
The way RDP works in Azure is:
there is one public ip or yourapplication.cloudapp.net endpoint. All your instances are behind the load balancer. So that to be able to RDP any of your instances, there should be such rows in the serviceDefinition file.
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
In your case those rows are under your webrole instance. That means, when you try to connect to yourapplication.cloudapp.net endpoint and RemoreForwarder forwards you to a specific instance based on the information which is stored in the RDP connection file. So that to check this. Go to the azure portal and download rdp connection file for your webrole instance and for your workerrole instance. Open those with notepad and see yourself: the same endpoint and a section which says to the remoteforwader to which instance to connect.
And one thing I forgot to tell you. If you want to connect to your instances manually(not using the RDP connection file from azure portal), means that you omit the instance cookie, most likely you will be connected to the one of your webrole instances, probably to instance 0.
Why would you RDP to the web role and then RDP to the worker role from within the web role? Just RDP directly to the worker role from your local machine. From the portal you can pick the worker role instance from the Instances list and select Connect.
Related
We have an application running in Azure that consists of the following:
A Web App front end, which talks to…
A WebApi running as a Web App as well, which can (as well as a couple other services) talk to…
A Cloud Service load balanced set of VMs which Are hosting an Elasticsearch cluster.
Additionally we have the scenario were dev’s whitelist their IPs so that their localhost version of the API can hit the VMs as well.
We have locked down our Elasticsearch VM’s by adding ACLs to the exposed end point. I whitelisted the outbound IPs that were listed on my App Services. I was under the mistaken impression that these were unique to my Api. It turns out that these are shared across the scale unit in Azure. Other services running in the same scale unit, could, if they knew the endpoint, access the data exposed on the endpoint in my cluster. I need to lock this down, and I am trying to find the easiest way. These are the things I am looking at, and I would appreciate advice and/or redirection.
Elastic Shield: Not being considered. This is a product by Elastic
that is designed to secure ES. This is ideal, but at the moment it
is out of scope (due to the cost and overhead)
List item
Elastic plugins: Not being considered. The main plugins (such as
Jetty) appear to be abandoned.
Azure VPN. I originally tried to set this up, but ran into too many
difficulties. The ACLs seemed to give me what I need without much
difficulty. I am not sure if I can set this up now. The things I
don’t know are:
I don’t think I can move existing VMs into a new VPN.
I think you have to recreate the VMs in that VPN from the get go
Could I move my Web App into the VPN? How does that work?
This would prob break my developer scenario as the localhost API
would not be able to access the VPN, right?
Add a certificate to requests: It would be ideal if I could have
requests require a cert or a header token. I assume to do this I
would need to create a proxy that would run on the VMs and do the
validation before forwarding the request on to my Elasticsearch.
Anything else? Is there another option I have not thought of?
Thanks!
~john
You can create a VPN point-to-site connecting your Web App with your IaaS VMs. This is the best solution because you will be able to use just internal IPs on your IaaS.
The easiest way to do that using Azure Portal is create a Web App and, create a new VPN and VNet using "setup" option at "Your Web App" -> Settings -> Networking -> VNET Integration -> Setup -> Create New Virtual Network.
After that, create your IaaS inside this new VNet.
You also can create a ARM template to create Web App, IaaS, VPN and everything that you need. Take a look at my ARM template to create PHP+MySQL using Web App and MariaDB Cluster connected by VPN: https://github.com/juliosene/azure-webapp-php-mariadb
I am using a Cloud services running a single worker role with two instances. For almost a year I have been able to connect using RDP.
This week I wanted to connect, but couldn't. The remote desktop connection display the wrong credentials displaying: "Use the following credentials to connect: Password for Admin"
When an deployment is uploaded to the staging environment, I am able to connect. After swapping to the production environment, I cann't connect.
But the old deployment can be connected in the staging environment.
When I set up the connection from another PC, I am able to connect.
I think there is something going on with my PC, but no idea where to look.
Can somebody help me?
It turned out I have checked "Save my credentials" by accident. There was an entry in the Windows Credential Manager.
Deleted the entry, I can connect again.
After creating the RDP account, I had to reimage the webrole (Roles And Instances -> WebRole -> Reimage). After the reimage I was able to connect.
Using the new interface for Windows Azure, how do I enable RDP? I am using a cloud service and my site is mysite.cloudapp.net. In my publish settings, I enabled RDP. Where do I find my RDP credentials? How do I enable FTP, if possible? Here are the instructions that I followed:
https://www.windowsazure.com/en-us/develop/net/common-tasks/remote-desktop/
I see no hosted services tab in the new layout.
When I try to RDP, I receive an instant failure message that I cannot connect. I am using Windows 8 and I tried Windows 7.
For RDP, assuming you've followed all the steps and the configuration is right, you need to use the management portal, click on cloud services on the left and select the service whose instance you want to RDP into, select instances in the menu at the top and then pick the instance you want to RDP into.
The bottom toolbar should include a connect option, clicking on it should download an RDP file you can open to RDP into the machine, this will prompt you for the credentials you need to provide (as provided in your project configuration).
You can actually save this RDP file and re-use it for the deployment, but it may become invalid if you re-deploy as port numbers change.
As for FTP, much has been written about it, for example this, but you really need to consider the note in this article, for example - files you upload to the role instance will disappear if the role needs to be recycled for whatever reason.
Recentely, I deploy a worker role that it will connect to internet and attemp to access some websites (For example: http://somewebsite.redmond.corp.microsoft.com/en-us/library/).
It successfully access the websites on my development machine running on emulator. But on the Azure virual machine that I deploy my worker role to, it is not able to access the websites. I try to open the websites on VM browering in IE, it is also not able to.
Have u emcounter similar issues? How do u deal with it?
This has nothing to do with accessing the Internet. The URL you provided isn't publicly visible (at least I can't access it from my machine). This means you're attempting to visit a URL behind a firewall, possibly requiring a VPN to access.
Windows Azure VM's, whether worker roles, web roles, or Virtual Machines, are in a public cloud and not behind any firewall. If you wanted to access it from a Windows Azure VM, you'd need to set up a Virtual Network, introduced in the Spring 2012 update. More information here.
Try using Elevated premissions for this. Once,I tried to access internet through RDP of a Role, It was working at that time hence it should be possible for you to access internet. But if are trying to download exes and execute, I Think that isn't possible.Please post you Results here.
Regards,
Vijay.
I have deployed one web application on window Azure portal and after connecting to RDP of that instance I have also installed on service and created on certificate in IIS.
Now when this webrole will reboot , all data (certificate & window service) will lost.
so to handle this situation which options can be possible?
Thanks.
What you could do is handle these activities as startup tasks which will get executed every time your role starts. Check out this link for more information on startup tasks: http://msdn.microsoft.com/en-us/library/gg456327.aspx.