How to set up Endpoints to Microsoft Azure VMs
Introduction
A Microsoft Azure VM Endpoint is a feature that allows remote access to VMs from internet. This access could be for administration (Example: RDP, PowerShell and SSH) or to use a service (Example: HTTP, FTP …). This Wiki articles shares how Endpoints can be configured.
How to create a stand-alone endpoint
To create a stand-alone endpoint, you can proceed like the following:
- Go to VIRTUAL MACHINES and then select your VM
- Select ENDPOINTS tab and then click on ADD
- Make sure that ADD A STAND-ALONE ENDPOINT option is selected then click on next button
- Specify the details of the Endpoint (Name, protocol, public and private ports) then click on the finish button
How to create an endpoint with a load-balanced set
Microsoft Azure is capable to randomly distribute a specific type of incoming traffic across multiple virtual machines or services in a configuration known as a load-balanced set. This is feasible using an internal layer 4 load balancer it uses for VMs in the same cloud service.
To create an endpoint with a load-balanced set, you can proceed as the following:
- Repeat the first three steps from “How to create a stand-alone endpoint”
- Specify the details of the Endpoint (Name, protocol, public and private ports) and check CREATE A LOAD-BALANCED SET option. Once done, click on next button
- Specify the details of the load balanced set (name, protocol, probe port, probe interval and number of probes) then click on finish button
The load balancer will check the health status of a VM by periodically querying a PROBE PORT. If the VM is responding on this port then the load balancer will consider that it is up and running. Otherwise, it will consider that it is not responding and it will be excluded from the load balancing. The checks are done every number of seconds specified in PROBE INTERVAL and the load balancer will consider that the VM is not responding if it does not get an answer after trying the number of times specified in NUMBER OF PROBES.
Once you have created the load-balanced set, you can join the VMs in the same cloud service to it. This could be done by using the following:
- Go to VIRTUAL MACHINES and then select your VM
- Select ENDPOINTS tab and then click on ADD
- Select ADD AN ENDPOINT TO AN EXISTING LOAD-BALANCED SET option, make sure that the correct load-balanced set is selected then click on next button
- Specify the name of the Endpoint then click on finish button
Remark: For HTTP traffic, you can use an HTTP probe which will allow a more advanced health status check. This is done by checking a specific path you specify.
Availability Group Listener in Windows Azure Now Supported! (And Scripts for Cloud-Only Configuration): http://blogs.msdn.com/b/sqlalwayson/archive/2013/08/06/availability-group-listener-in-windows-azure-now-supported-and-scripts-for-cloud-only-configuration.aspx
Configuration of ACLs for Endpoints
ACLs can be configured for Endpoints to permit access to specific IPs while denying it for others. ACLs are mainly used for administration protocols (RDP, PowerShell and SSH) to restrict the access for specific trusted IP addresses.
To configure ACLs for an Endpoint, you can proceed like the following:
- Go to VIRTUAL MACHINES and then select your VM
- Select ENDPOINTS tab, select the Endpoint to update and then click on MANAGE ACL
- Configure the required ACLs then click on finish button
When you configure ACLs, you will need to define the order of rules. The order is very important as, when a client tries to use the Endpoint, the first matching rule will be the one that will be processed. If no rule is matching then an implicit deny will be applied.
Endpoints and Powershell
Endpoints can be configured with Powershell. You can use the following PowerShell cmdlets for this purpose:
- Add-AzureEndpoint: http://msdn.microsoft.com/library/azure/dn495300
- Get-AzureEndpoint: http://msdn.microsoft.com/en-us/library/azure/dn495158.aspx
- Remove-AzureEndpoint: http://msdn.microsoft.com/en-us/library/azure/dn495161.aspx
- Set-AzureLoadBalancedEndpoint: http://msdn.microsoft.com/en-us/library/dn495126.aspx
- Set-AzureAclConfig: http://msdn.microsoft.com/en-us/library/dn495192.aspx
Conclusion
Endpoints allow services running on Microsoft Azure VMs to be accessed remotely. They are easy to configure and changes on them get reflected in few seconds. Microsoft Azure provides also the capability to restrict the accesses to specific IPs or deny them from specific ones. This Wiki article explored how Endpoints can be configured with the interesting features they provide.