Monday, October 28, 2013

Ins and Outs: Azure Input Endpoints

Go ahead, say that three times fast! Yes, it’s a tongue twister and when it comes to virtual machines and cloud services, it can be a bit of mind-bender too.  (If you haven’t had a chance to read my previous posts about Cloud Services for IaaS and Virtual Networks and DHCP, you might want to check those out for background.)

In a nutshell, input endpoints are openings in your cloud service firewall.
image
Because a cloud service has only one external IP address, port forwarding is used to direct various access requirements to the right location.

In this screen shot, you can see that my single cloud service (with a public IP of 137.135.42.10) has four endpoints open, two for the server named “sabina” and two for “franka”.
inputendpoints
In this case, the port numbers were randomly assigned and as this is a Windows Server the default ports are for RDP and PowerShell.

By looking at the specific endpoints assigned to “Franka”, we can se that Remote Desktop is using the public port 58155 and PowerShell is using 58392.
image
Because this Windows Server was spun up using the image from the Azure gallery, I can trust that the Windows Firewall on the OS has the appropriate rules open to allow traffic that is passed through the Azure endpoints to be received by the server.

If I was to add on a different service, like HTTP or FTP, I would need add the endpoint to Azure AND add the appropriate rules to server OS, so it will listen on the proper port. When creating a new endpoint, Azure will suggest the default port numbers, but they can be customized easily.

An important point to remember is that opening the endpoint in Azure won’t guarantee your server will be accessible via that protocol.  You must open the corresponding listener port from within your operating system. This is critical if you are bring your own server image to Azure, as it’s important to make sure that RDP (or your management protocol of choice) is also open on the OS otherwise you will be unable to manage your server once it’s in the cloud.

If you require more fine tuning of your endpoint access with customized ACL lists, that’s not available via the Azure GUI.  However, you can use PowerShell for that level of detail – read more here.

Depending on the work that your servers are doing within your cloud service, you can also configure basic round-robin load balances on those endpoints.  Learn more about that here.

Haven’t tried out Azure yet? Sign up for a free trial today.

No comments:

Post a Comment