Static IP address for Role in Windows Azure? - azure

Does anyone knows if obtaining a static IP address for a Web or Worker Role on Windows Azure is possible (possibly only in private beta)?

A few years later, Azure now lets you reserve IP addresses for VMs and cloud services (Web and Worker roles). However, it is only accessible from PowerShell for the time being (this will change in the future, apparently).
The first five static IP addresses are free. To create an IP you will need to make sure you have the latest version of the Azure PowerShell command-line interface and also have your Azure account linked to Azure PowerShell (outside the scope of this post but not hard).
To Create a new IP in PowerShell:
$ReservedIP = New-AzureReservedIP -ReservedIPName "FirewallIP" -Label "WebAppFirewallIP" -Location "Japan West"
To associate it with a VM:
New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $images[60].ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123 | New-AzureVM -ServiceName "WebApp" –ReservedIPName $ReservedIP -Location "Japan West"
To insert your new IP into a Web or Worker Role (if the worker role has an external endpoint), add the following to ServiceConfiguration.Cloud.cscfg:
<ServiceConfiguration>
<NetworkConfiguration>
<AddressAssignments>
<ReservedIPs>
<ReservedIP name="<reserved-ip-name>"/>
</ReservedIPs>
</AddressAssignments>
</NetworkConfiguration>
</ServiceConfiguration>
To view an IP at any time:
Get-AzureReservedIP -ReservedIPName "FirewallIP"
Source: Documentation

There's an update to this story. Back in October 2011, Microsoft announced improved in-place updates to existing deployed services (announcement here). You can now update your deployment in several ways without having the assigned IP address changed. For example:
Grow/shrink Role size
Increase local storage size
Change endpoints
Add / remove roles
Once you deploy: As long as you don't delete your deployment, your IP address will stay as-is.

Unfortunately, this is not possible for the time being... If you need to do IP-based access control, you could open a support call and request the current IP address range for a given datacenter, but there is no real guarantee it won't change over time.

Related

Static IP to Azure VMs

I have setup three virtual servers in Azure. They are three Windows 2008 R2 Servers.
They all have private and public IPs and I can access them from internet with no issue. I already setup private static IPs on them.
I would like to reserve public IPs on the VM machines so they do not change when server is shutdown or restart.
I am try to follow "How to add an ILPIP to an existing VM" by going to website https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/ but having problem following the shell command.
Get-AzureVM -ServiceName FTPService -Name FTPInstance
| Set-AzurePublicIP -PublicIPName ftpip2
| Update-AzureVM
They are standalone server. I will later install third party software. They are not running any ftp server and ftp instance. So the question is how can I assign public static IP to the VM machine
Thank you
You can't assign a static PIP only a static VIP and the VIP will be assigned to a cloud service or if you are using ARM your load balancer not the VM itself.
As far as I know you can only assign a static VIP when you create the cloud service.
#get a new static IP
New-AzureReservedIP –ReservedIPName "MyReservedIP" –Location "AzureRegionName"
#create a new vm and cloud service and assign the static IP
New-AzureVM -ServiceName "NewServiceName" -ReservedIPName "MyReservedIP" -Location "AzureRegionName"
It is too long to post in the answer but I have a detailed explanation of the different types of IPs in Azure over here.

Reserved IP for Azure Cloud Service doesn't persist

I'm struggling to get to grips with Reserved IP addresses in an Azure Cloud Service.
I have a Cloud Service with Staging and Productions deployments and I need at least the Production deployment to have a stable IP address. I set up 2 Reserved IP addresses as described here then assigned my reserved IPs to the Production and Staging deployments with Power Shell:
Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP1 -ServiceName mycloudservice -Slot “Production”
Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP2 -ServiceName mycloudservice -Slot “Staging”
All well and good the reserved IPs get assigned to the respective instances and swapping maintains the correct addresses. The problem is if I delete one of the deployments and redeploy the IP address is not maintained.
I also tried assigning a reserved IP address to the cloud service without specifying a "Slot" and it assigned fine but does not seem to get used in either Production or Staging deployments.
Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName mycloudservice
My usual workflow would be to deploy to Staging then swap with Production once I have tested all is working fine. With this scenario how can I ensure the Production deployment always gets a Reserved IP address when I swap from Staging, even if there is no current Production instance deployed?
The Azure documentation says "IP address for the cloud service will be the same even as resources are shutdown or deallocated" so shouldn't my previously assigned Production IP address be maintained even if I delete the Production instance and then swap from Staging?
This worked for me:
Create your reserved IPs
New-AzureReservedIP -ReservedIPName "ip1" -Location "East US 2"
New-AzureReservedIP -ReservedIPName "ip2" -Location "East US 2"
Deploy to the production slot with the following network configuration in your .cscfg file:
<NetworkConfiguration>
<AddressAssignments>
<ReservedIPs>
<ReservedIP name="ip1" />
</ReservedIPs>
</AddressAssignments>
</NetworkConfiguration>
Deploy to the staging slot with the following configuration:
<NetworkConfiguration>
<AddressAssignments>
<ReservedIPs>
<ReservedIP name="ip2" />
</ReservedIPs>
</AddressAssignments>
</NetworkConfiguration>
Continue using your normal workflow - deploy to staging, then swap to production. The IP addresses should stay associated with their slots (ip1 in production and ip2 in staging).

ReservedIPs for Azure VMs in a single VNet/subnet

I've 8 VMs (linux based) running a single VNet on Azure. If I've two VMs running a service on the same port which shows me machine status or shows some common details which is specific to the VM. Say for example
VM-1 runs a service on 8080 port and same same service has been deployed on VM-2 which runs on the same port 8080. To access to a service running on port 8080 I am opening a port on VM-1 through end points. I am able to access 8080 from web browser through VM-1 using servicename.webapp.net:8080. But If I want to check the status of VM-2, I am not able to open the port 8080 on the VM-2. Probably because the port is opened at the service level and not the VM level. Is there a way I can open the port at the VM level and use VM-x:port?
Another approach I thought which could be useful is : Assign the staticIP/ReservedIP to each of the VM and open the port on individual machines should be possible, instead of open the port at the VNet/service level. Is it possible to assign static/reserved IP to all 8 of the machines once they have been started and operational? And we also need to make sure that, after restart all the eight machines retain the same IPs.
I tried following blog https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-reserved-public-ip/ and tried following command :
$image = Get-AzureVMImage|?{$_.ImageName -like "*AMI-20150919-849187*"}
New-AzureVMConfig -Name StaticIPVMCOnfig -InstanceSize Small -ImageName $image.ImageName
-CurrentStorageAccountName "myStorageACName"
| Add-AzureProvisioningConfig -Linux -LinuxUser root -Password MyP#ssword!
| New-AzureVM -ServiceName myCloudServiceName -ReservedIPName MyReservedIP
-Location "West Europe"
I still see the new VM is getting launched with same same VIP as the other VMs in the VNet. I am not sure if I am missing something.
Attaching the screenshots one is created without static/reservedIP CMDlets. Another is created from PowerShell. Both share the same VIP.
Could someone please help with this?
PS: Intentionally I am keeping the public VIPs to show that they are same. (I've closed and not using this service anymore).
Thanks,
JE
Yes you can assign static IP to to the VMs using powershell command-
get-azurevm -servicename "testservice" -name "testvm" | Set-AzureStaticVNetIP -IPAddress "10.87.96.41" | Update-AzureVM
Next thing is you want to make sure you don't lose the IP when instance goes to stopped state. For this what you can do is define explicit parameter StayProvisioned with the stop azure vm command in powershell-
stop-azurevm -ServiceName "testservice" -Name "testvm" -StayProvisioned
StayProvisioned doesn't allow IP to be freed even if VM is stopped.
If you are looking for public IP of VM-
"Every Virtual Machine is automatically assigned a free public Virtual IP (VIP) address"
In order to find out the public ip goto- Azure portal and then your VM dashboard. Here at the right side you see a quick glance tab under which you will be able to see the public IP. Snapshot for your reference-
You can use this public ip to directly connect to vm using RDP. Using powershell you can use below command for the same.
Get-AzureVM -ServiceName "testservice" -Name "testvm" | select PublicIPAddress
NOTE - Public IP will be null if instance is in stopped state. To know more on public IP you can read this-
https://azure.microsoft.com/en-in/documentation/articles/virtual-networks-instance-level-public-ip/
[Edited]

Azure VM public static outbound IP

I have written a small service to grab files from one ftp server, edit them, and then send them to another ftp server. The catch being the ftp server being sent to requires a white-list of IP's. Now I chose to host this service on a Azure VM set up with a virtual public reserved IP address, thinking it would create a static IP that I could use for the white-list.
Unfortunately even though the VM states the virtual public reserved IP is connected to the VM, when opening up a browser and going to whatismyip.com I get a completely different IP and of course Azure shuts all VMs down once every 2-3 months for maintenance (which I assume flushes the IP).
Now I understand that the IP received from whatismyip.com is probably connected to the Azure load balancer but I can't figure out for the life of me why that would be the one that shows up for outbound connections.
My questions are:
Is it possible to obtain a static public IP for outbound connections for that whitelist?
Is there some obvious workaround I'm missing?
Will Azure scheduled maintenance shutdowns save IP information?
Is Azure just not a good platform for this kind of work? If so what is?
Now it is indeed possible. Please see https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-reserved-public-ip/ for details.
The powershell code is as follows:
New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US"
$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}
New-AzureVMConfig -Name TestVM -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP#ssw0rd!! `
| New-AzureVM -ServiceName TestService -ReservedIPName MyReservedIP -Location "Central US"
Besides, now outbound connections only use a handful IPs by default. You can see them in new portal: https://portal.azure.com in site's Settings → Properties

Azure VM: Adding a Reserved IP address to an existing VM

What I have read so far on the web is that there is no way to add a reserved IP to an existing VM (unless I recreate the VM which I am trying to avoid). However, I have noticed that external IP of my VM and the cloud service is same.
Reserved IP Addresses page explains how to "To use a Reserved IP with Cloud Services". I have looked everywhere in the Azure Management Portal but couldn't find a configuration setting for Service Configuration Schema.
I am using the Azure scheduler to turn-off the VMs at night and on the weekends. From the following I understand is that there is something that I need to write in the scheduler script to re-assign the Reserved IP when the VM starts in the morning. Did I get it right?
Shutdown VM - Previously, when all the Virtual Machine instances in a
cloud service were moved to the Shutdown state (stop/deallocated), the
public IP would be released and a new public IP would be assigned when
one of the Virtual Machines instances was started. However, with this
release, if the VM uses a Reserved IP, then the Reserved IP can be
used when re-deploying the VMs.
P.S. Is Stack Overflow the best place to ask this sort of questions relating to Azure or shall I use Server Fault in the future? I have seen Azure questions in both websites.
At Build 2015 they announced this is now possible and VERY easy.
Simply open Azure powershell and run this:
New-AzureReservedIP -ReservedIPName "ipname" -Location "West US" -ServiceName "somevm"
If you run this it will reserve an IP named "ipname" and associate it with the already deployed instance "somevm.cloudapp.net"
In order to assign existing reserved IP to an existing VM, you can use the following command:
Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService
Step by step to create Reserved IP and using it on Azure VM. Here you can go
Reserved IP Creation
I have done the Elastic IP Automatic scheduling on AWS.Here is the reference link Elastic IP Automation on AWS script.
Between needs to check about How can I write a script for automating the reserved IP for Azure.If you had done it earlier, Kindly share the script this will be very useful. Thanks.
At this point, we don't support the capability to associate a Reserved IP to an already existing VM.
We are currently working on the capability to reserve the IP of an existing VM.
Ref: http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/
http://www.petri.com/how-to-reserve-public-virtual-ip-addresses-in-microsoft-azure.htm
Girish Prajwal
For new VMs (with resource manager) you should do the following:
Create new static IP address:
$ip = New-AzureRmPublicIpAddress -Name "<ip-name>" -ResourceGroupName <group-name> -Location eastus -AllocationMethod Static
Get information about VM Network Interface:
Get-AzureRmVM -ResourceGroupName <group-name> -Name <vm-name> | Select -ExpandProperty NetworkProfile
Get corresponding network interface and set new ip and update NIC:
$netInt = Get-AzureRmNetworkInterface -ResourceGroupName "group-name" -Name <nic-name>
$netInt.IpConfigurations[0].PublicIpAddress = $ip
Set-AzureRmNetworkInterface -NetworkInterface $netInt
I read all of the previous entries and did not come away with a clear picture of how to proceed with assigning a reserved IP address to my existing Azure classic VM, so I opened a support ticket. I got excellent clear guidance from "Sruthi Saranya K", a support engineer in Azure Networking. Sruthi stated "in classic deployment model it is not possible to have a static public IP assigned to a VM", which I had read elsewhere, but she clarified that you simply assign the IP address to the cloud service and not the VM directly, then the VM will automatically pick up on the change. I outline all of the commands here for your convenience, starting from an Azure PowerShell prompt. The critical command was specified in the top response here, but not all of the steps. Also, that example also includes specifying the service, but it does not appear to be a supported parameter for that command, instead there is a second command to associate the IP with the service.
add-azureaccount (to log in to Azure from PowerShell)
New-AzureReservedIP -ReservedIPName "ipname" -Location "East US"
get-azurereservedip (just to see what the reserved IP address is)
Set-AzureReservedIPAssociation -ReservedIPName "ipname" -ServiceName "your cloud service name"
Also, depending on the use, you may want to look up the IP address on mxtoolbox.com to make sure it is not already blacklisted. My reserved IP was for a web site, but the default # DNS entry for the domain meant our domain was generally going to be associated with that IP address, and previously our mail has been blacklisted because our web server IP address was sullied by some other Azure tenant. If you get a blacklisted address, you can remove it and get a new one, also a suggestion from Sruthi. Here are the commands to remove the reserved IP, and to remove the cloud service association if needed:
remove-azurereservedip
Remove-AzureReservedIPAssociation
My sincere thanks to Sruthi for making it so simple and preventing an unnecessary redeployment of our company's public web server.
Add Public IP to an Existing VM
Log into the portal
Find the Resource Group (RG) where your VM is Located
Confirm your VM has a network interface - if not, create one (it should have one)
Create a Public IP Address (static or dynamic, doesn't matter) by adding one to your RG from the marketplace (do this first so it is creating while you make your NSG).
Create a Network Service Group by adding one to your RG from the marketplace and associating it with your VM.
Once the NSG has deployed, go back to the Overview of your PIP and click the "Associate" button in the info section of the blade.
Select the Network Interface of your VM you validated in step 3.
Get a cup of coffee or something, it will be a minute, but otherwise you're done.
New-AzureReservedIP -ReservedIPName "nameIP" -Location "East US" -ServiceName "azureA2vm"
Get this:
New-AzureReservedIP : A parameter cannot be found that matches parameter name 'ServiceName'.
At line:1 char:70
+ New-AzureReservedIP -ReservedIPName "nameIP" -Location "East US" -ServiceNam ...
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-AzureReservedIP], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.NewAzureReservedIPCmdlet
Check PowerShell version. Update to latest version.

Resources