Limit access to an Azure site to only the VPN connected computers - azure

this might be a dumb question.
is it possible to restrict the access to my Azure website http://sitename.cloudapp.net so that only the computers connected to my VPN will be able to access the site?
I use cloud services, and i have a vpn on my local computer(for now). the idea is(if possible), to have a connection between my vpn (which is local network) AND my cloudservice. Then allow the site access to only the computers within the vpn

You can set up a VPN and disable the public endpoints, so only machines within the VPN have access, but I think this is only available for VM's and Cloud Services - and not Windows Azure Websites. You don't say which you use.
"Windows Azure Virtual Network provides you with the capability
to extend your network into Windows Azure..."
Channel 9 offers some useful guides
Windows Azure Virtual Machines and Virtual Networks

Related

Create a simple VPN in Azure

TLDR;
I got Azure credits, how do I make a simple VPN?
I recently got some Azure credits through a hackathon. How do I create a simple VPN on Azure. It need not be too feature rich, I just wanna use it to access blocked or region specific websites.
I saw on Azure portal that there is virtual machine and virtual network. I don't exactly need a VM, just want to redirect all network traffic through the virtual network.
How do I do this in Azure, Has anyone done anything similar in Azure?
Free VPN are slow and have bugs and paid VPN are expensive & I would like to use my azure credits to create my own VPN.
It sounds like you want to use Azure VPN similar to a consumer VPN like ExpressVPN or NordVPN which protects your client while you surf the Internet. Azure VPN is not designed to be used to surf the Internet. Azure VPN is a service that allows you to create a secure Site-to-Site or Point-to-Site VPN into an Azure Vnet. This allows you to communicate securely with resources in Azure without exposing them with a Public IP.
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network

How can I use hardware VPN devices with Azure?

We are evaluating moving from a standard host (using dedicated machines) to Azure (using virtual machines).
We have several b2b partners who require us to connect to their VPN via a hardware VPN device. In each case the VPN hardware is either specified by the partner, or further to that they actually send us the VPN device for us to host.
How can we support this scenario using Azure?
I understand Azure has a VPN solution, that relies on the Azure software VPN connecting to an on-site VPN. However in this case we do not option of using a software VPN, and we also do not , I assume, have the option of using our own hardware VPN device in an Azure data center.
Any ideas?
You cannot place your own customer hardware in the Microsoft Datacenters. The intent of the Windows Azure Virtual Network is to allow the cloud hosted software based side of the VN to connect to an onsite VPN (either hardware or software).
So for some of your partners, you could connect Azure to their existing hardware based VPN devices in their own datacenters, or that you are hosting for them in yours.
Note that currently, a Virtual Network is limited to connecting to a single VPN gateway. So "multi-tenant" solutions that require individual VPN gateways for each tenant are not readily supported without some type of intermediary/proxy.

How to protect my Azure web role from other people?

I have a Web role on Azure. I would like to allow only my people to access the web role.
I have found post to manual/code to restrict IPs to access the role. I would like to create firewall way(something like SQL Azure's firewall) to block/allow IPs.
I could not find any setting in Azure console. please help.
If you publish your endpoint on the Internet through the Windows Azure load balancer, there is no option in place to define firewall rules on Azure.
But you can secure access to VMs created using either Windows Azure’s Infrastructure as a Service (IaaS) technology or its Platform as a Service (PaaS) technology through the Windows Azure Virtual Network service.
Windows Azure Virtual Network lets you create a logical boundary around a group of VMs, called a virtual network or VNET, in a Windows Azure datacenter. It then lets you establish an IPsec connection between this VNET and your local network.
For more information see Networking, Windows Azure Networking, Windows Azure Virtual Network, Create a Virtual Network for Cross-Premises Connectivity, Create a Virtual Network in Windows Azure.
About the cost of this service: Windows Azure Virtual Network is currently (February 2013) available in preview at no charge. Once the service becomes generally available you will be charged if you create a hardware VPN connection between a Virtual Network (VNET) and your VPN gateway. The charge will be for each hour that the VPN connection is provisioned and available (called the “VPN connection hour”). All data transferred over the VPN connection is charged at Window Azure’s standard data transfer rates. You can use the pricing calculator for a simulation.

Connecting to an Azure Virtual Network from PC

We have a Virtual Network of VMs, storage accounts and websites hosted and working together in the Azure cloud.
Is it possible to connect my work/home PC to this Virtual Network using some VPN software?
Generally speaking two options exist, you can read about these here -
Windows Azure Connect let's you configure machine-to-machine VPN and is agent based
Configuring a private network let's you create a site-to-site VPN, but it typically requires a VPN appliance. I've seen posts on the internet about people managing to configure their router as the VPN gateway but, at least at this point, this is not easy nor supported.
Also worth reading is this overview of Windows Azure Networking features that covers both (and Traffic Manager) by David Chappel
have a look at using Azure Virtual Networks in conjunction with Azure Virtual Machines: http://www.windowsazure.com/en-us/manage/services/networking/add-a-vm-to-a-virtual-network/

Connecting Windows Azure to On-Premise Active Directory

I am trying to connect my Windows Azure Virtual machines to my On Premise network. I have established a site to site VPN tunnel, and have created the appropriate subnets and placed a virtual machine in one of the subnets that isn't the gateway subnet.
My on premise test network is 192.168.9.x/24 my Azure Network is 10.4.x.x/16 with a subnet for DMZ - 10.4.2.x/24 and ServerNetwork at 10.4.3.x/24.
I have confirmed that the tunnel is up and running both on the Windows Azure side, as well as on my Cisco ASA 5505.
I want my servers to be able to communicate across the tunnel, however currently they cannot see each other. I am missing something, I tried static routes between the two servers, and have not had any success. Has anyone gotten this to work? If so what did you do on the networking side of the config to make it work?
Thanks,
Steve
Windows Azure Virtual Network enables you to create secure site-to-site connectivity, as well as protected private virtual networks in the cloud.
You can specify the address space that will be used for both your virtual network and the virtual network gateway.
Additionally, new name resolution features allow you to connect directly to role instances and virtual machines by hostname.
These features allow you to use Windows Azure as you would a branch office, or as a protected private virtual network in the cloud.
You can read more about it here:
http://msdn.microsoft.com/en-us/library/windowsazure/jj156007.aspx
Here is a lab exercise to walk you through the process:
http://www.windowsazure.com/en-us/manage/services/networking/create-a-virtual-network/

Resources