Windows Azure Cloud Service Access - azure

I have created Virtual Machine Windows 2012 Server on Azure and installed Neo4j on that VM. One of the clod service is created for that by Azure as DNS Name.cloudapp.net I want to know how to access that from my laptop so that I can access Neo4j database from my laptop which is in Azure.

So... you spun up a VM, and are just trying to access it remotely? You need to create public endpoints. For neo4j specifically, you'll want to open ports 7474 and 1337. Here's how I have one of my neo4j servers set up:
The endpoint names are arbitrary - just for your reference.
Now: You'll need to think about securing these endpoints, once you open them up. Notice the Manage ACL item on the bottom of the endpoint list. With that, you can specify allowed/denied IP address ranges. With this, you can filter to only allow traffic from your local office/home's public IP address.

Related

Connect to Azure Database for Postgresql through VPN

While configuring an Azure managed Postgres service, I am trying to configure connecting from local machines through VPN.
I can connect to the DB when white-listing IPs in Connection Security.
I have added the subnet the VPN-gateway is connected to to the VNET Rules – this doesn't seem to make a difference.
I can connect to VMs through the VPN from my local machine.
However to make that work, I added the VMs' (private IP, Azure URL)-pairs to my local machines hosts-file.
I can't find any IP for the DB-service (which seems to make sense for a managed service), so I can't make the same trick.
The error I'm getting, when trying to connect to the DB, is similar to the ones I got before adding hosts mappings.
This all leads me to believe I need some way of having Azure resolve the URL (which might also preempt the need for hosts-mappings in general).
From this article, I tried setting my DNS for 168.63.129.16, but that doesn't work at all (nothing at all is resolved).
Is there a way (and if so, how) to connect from a local machine to an Azure Database for Postgresql service through a VPN gateway?
I don't think there is a way to do this as your desired. You want to map an Azure database logical server private IP to your local hosts file, then access it via VPN gateway.
You only know the public IP for the Azure database server. The public IP addresses of Azure services change periodically. You could find an IP address list by filtering your region. It does not recommend to use such a dynamic IP address. Refer to this blog.
Since Azure database is a fully managed Platform as a Service (PaaS) Database Engine not IaaS like Azure virtual machines, It's public and does not expose the database server private IP address. We only could access the database via Azure database server name over the Internet.
Furthermore, if you want to restrict its access only from a private network with virtual Network service endpoints. However, this works to allow resources like Azure VM in the authorized subnet to access directly your Azure database in a private network, could not guarantee that if you could access the Azure database from your local machine via VPN. This seems no on-premise route to your Azure database.

How to connect 2 virtual machines in Windows Azure to have Two-Tier-Architecture?

How to create 2 connected virtual machines in Windows Azure to be able to deploy Two-Tier-Architecture solution ?
Let me clarify the scenario, Currently I am using 1 virtual machines in Windows Azure where I have the SQL Server 2008 DB installed AND the ASP.NET solution.
However, I want to create a very simple Two-Tier-Architecture where the SQL Server 2008 DB is installed on Server1, and the ASP.NET solution is deployed on Server2.
So, How to accomplish that? I mean, How to connected those two separate virtual machines? And how they can work together to run one single solution?
Could you please help me out in this scenario ?
Thanks !
Seems like a lot of attention being given to Virtual Networks. That's fine, but... if all you're trying to do is create a multi-tier app with a handful of VMs working in conjunction with each other, you can simply create multiple VMs within the same cloud service (that is, they all live in xyz.cloudapp.net).
They'll all sit behind a single public IP address, but consider your case where you have a web server and a database server:
Expose ports 80 and 443 specifically for the web server(s) (you can have multiple, and load-balance the ports across these VMs
Don't expose any public ports for the database server
Once deployed to the same cloud service, each VM in the cloud service can talk directly to any other VM in the cloud service, using the host name you assigned to it.
You can also deploy your web and database tiers to different cloud services, and still communicate between them without a Virtual Network. If you open, say, port 1433 on your database server, now your web tier can simply open a connection to yourdb.cloudapp.net:1433. Of course, this means the entire world can do the same, but... you can apply an endpoint ACL (access control list) on yourdb.cloudapp.net port 1433, and allow only the public VIP of your web tier's cloud service.
You'd need a Virtual Network if your web and database tiers are in separate cloud services and you don't want any exposed ports on your data tier, and you don't want to go through the built-in load balancer.
You should utilise Virtual Networking (http://www.windowsazure.com/en-us/services/virtual-network/). Additionally you can configure the two machines as part of a single Cloud Service to ensure they are encapsulated together and available publicly via a single cloudapp.net address. Note that to benefit from the Azure SLA you should run two instances of each tier (web / DB).
Note that you can't add an existing VM to a new Virtual Network.
You can create a virtual network and then add both servers in the same network if they are on different cloud services (which is the default when using quick create). But you can't do this to servers that have been created so you will need to detach your disks create 2 new servers in the new network and then reattach your disks to the new servers.
If you are planning on using a DC then create 2 subnets in your virtual network and put your DC in one and the servers in the other as you don't want your DC getting a different IP.

Can't get Azure Virtual Machine to serve websites

I've just set up a windows azure VM and installed IIS on it.
When I remote desktop onto the box I can see the default IIS website fine but I can't get this to serve on the web from the IP address of the box.
I've opened up port 80 on windows firewall and also added an endpoint for port 80.
I've tried to access it with the firewall completely turned off also but to no avail...
I cant work out if there is anything else I need to do to get this working?
Add endpoints for port 80 (http) and port 443 (https) to the VM in the Azure portal (tip: this can be automated with powershell or the Azure cli).
Remote desktop to the machine. Open the Windows firewall control panel and allow traffic to port 80 (http) and port 443 (https) or just turn it off ... the firewall is ON by default (tip: can also be scripted through the VM agent / powershell).
Go to the Azure portal and find the cloudapp.net subdomain for your VM (actually the cloud service) your VM is running under. Try accessing the site with that domain. If that doesn't work, try browsing to http://localhost on the server (remote desktop) to make sure IIS works and troubleshoot from there.
Modify the DNS records of your custom domain to use a CNAME to the .cloudapp.net domain. If you need A records make sure to use the public IP of the cloud service (just ping the .cloudapp.net domain to find it or look in the Azure portal).
You might want to look into Azure Websites or Azure Cloud Services (web roles). Those are a lot easier to manage and a lot cheaper. They still offer most of the functionality.
What fixed the issue for me was to go into the Azure Portal, browse to 'Network Security Groups', select the VM and then create an inbound rule to allow traffic to port 80.
Note: Also ensure that the inbound rule to port 80 is added and enabled on the actual VM.
Well, I deleted the existing VM and Cloud service and started again - all worked fine out of the box this time.
How annoying! The only thing I did notice was that before my cloud service had the same name as my VM - this time they had different names so that might have been what was causing the issue.
Cheers
For the newer VMs and pre-configured setups (2015+), it's possible your setup is using an azure asset called "Public IP". If so, you can set a custom DNS name label in it, inside "Configuration". Note that this name will consider any type of region used when creating the VM (e.g. my-site.brazilsouth.cloudapp.azure.com).
It's good to remember that for testing purposes, it still suffices to use the value of the public IP that is randomly designated to you.
The VMs are actually accessed via a Cloud Service (well they are for me). Azure created a Cloud Service automatically to be the scaling engine/load balancer on the front of the VM. I have to connect to the web site via that cloud service, not the VM directly.
Its possible you were using the internal IP rather than the external IP.
The sites have to use the internal IP address in the bindings section of IIS. However, in your dns you will need to use the external IP. This is presumably since the 'internal IP' is just a virtual one that Azure uses to map traffic from the external network to the VM's inside azure.
You should find both the internal and external IP's are visible on the VM's desktop.
Switch off TLS 1.3 in the Registry Editor.
This is what worked for me as of writing this in Mar 2021.

Azure VMs Virtual Network inter-communication

I'm new to Azure (strike 1) and totally suck at networking (strike 2).
Nevertheless, I've got two VMs up and running in the same virtual network; one will act as a web server and the other will act as a SQL database server.
While I can see that their internal IP addresses are both in the same network I'm unable to verify that the machines can communicate with each other and am sort of confused regarding the appropriate place to address this.
Microsoft's own documentation says
All virtual machines that you create in Windows Azure can
automatically communicate using a private network channel with other
virtual machines in the same cloud service or virtual network.
However, you need to add an endpoint to a machine for other resources
on the Internet or other virtual networks to communicate with it. You
can associate specific ports and a protocol to endpoints. Resources
can connect to an endpoint by using a protocol of TCP or UDP. The TCP
protocol includes HTTP and HTTPS communication.
So why can't the machines at least ping each other via internal IPs? Is it Windows Firewall getting in the way? I'm starting to wonder if I've chose the wrong approach for a simple web server/database server setup. Please forgive my ignorance. Any help would be greatly appreciated.
If both the machines are in the same Virtual Network, then just turn off Windows Firewall and they will be able to ping each other. Other way is to just allow all incoming ICMP traffic in Windows Firewall with Advanced Settings.
However there is a trick. Both the machines will see each other by IP Addresses, but there will be no name resolution in so defined Virtual Network. Meaning that you won't be able to ping by name, but only by direct IP address. So, if want your Website (on VM1) to connect to SQL Server (on VM2), you have to address it by full IP Address, not machine name.
The only way to make name resolution within a Virtual Network is to use a dedicated DNS server, which you maintain and configure on-premises.
This article describes in details name resolution scenarios in Windows Azure. Your particular case is this:
Name resolution between virtual machines and role instances located in
the same virtual network, but different cloud services
You could potentially achieve name resolution, if you put your VMs is same cloud service. Thus you will not even require dedicated virtual network.
If your VMs are inside a Virtual Network in Azure, then you have to make sure two things.
Required Port is enabled.
Firewall is disabled on the server.
I was trying to connect to one VM where SQL Server DB was installed, from another VM. I Had to enable 1433 port in the VM where SQL was installed. For this you need to add an MSSQL endpoint to the VM on the azure management portal. After that i disabled windows firewall. Then i was able to connect to the VM from another.

Database hosted in Azure virtual machine is the same as if hosted on normal remote hosts?

I would like to host a firebird database in an Azure virtual machine.
Normally, I would indicate in a program a connection like this:
hostname:databasename
....to connect to remote host. In azure, you cannot do that.
I would need to connect with something like:
?.cloudapp.net:someport:databasename
The client would be talking to ?.cloudapp.net thinking that someport is the port to communicate with the database server.
So it seems I would need a proxy to login-connect to windows azure cloud resources and the client would then use the proxy to talk with the database server. This looks like a hassle - are there any alternatives?
I'm not entirely sure of your Cloud architecture in Azure, but assuming you have one VM with your DB installed you should be able to open up a a public endpoint (via the portal manage.windowsazure.com for your Cloud Service) and connect to that via it's public IP address & the port).
Windows Azure does have more advanced features that allows you to connect to specific VM's within a Cloud Service via Port Forwarding.
Michael Washam has a great blog post on this 'Windows Azure Virtual Machines':
http://michaelwasham.com/2012/06/08/understanding-windows-azure-virtual-machines/
The architecture of cloud services makes endpoint configuration
interesting. Since each cloud service has a single public IP address
but multiple virtual machines can reside in it how do you address
individual servers directly in a non-load balanced fashion?
Port forwarding allows you to configure an endpoint on a specific VM
listening on any of the ephemeral ports that will then be forwarded to
the correct internal port.

Resources