Introduction
|
A Microsoft Azure VM Endpoint is a
feature that allows remote access to VMs from internet. This access could be
for administration (Example: RDP, PowerShell and SSH) or to use a service
(Example: HTTP, FTP …). This articles shares how Endpoints can be configured.
|
How to create a stand-alone
endpoint
|
To create a stand-alone endpoint, you can proceed
like the following:
|

|
|

|
|

|
|

|
How to create an endpoint with a
load-balanced set
|
Microsoft Azure is capable to randomly distribute
a specific type of incoming traffic across multiple virtual machines or
services in a configuration known as a load-balanced set. This is feasible
using an internal layer 4 load balancer it uses for VMs in the same cloud
service.
To create an endpoint with a load-balanced set,
you can proceed as the following:
Repeat the first three steps from “How to create
a stand-alone endpoint” Specify the details of the Endpoint (Name,
protocol, public and private ports) and check CREATE A LOAD-BALANCED SET option.
Once done, click on next button
|

|
Specify the details of the load
balanced set (name, protocol, probe port, probe interval and number of
probes) then click on finish button
|

|
The load balancer will check the health status of
a VM by periodically querying a PROBE PORT. If the VM is responding on
this port then the load balancer will consider that it is up and running.
Otherwise, it will consider that it is not responding and it will be excluded
from the load balancing. The checks are done every number of seconds
specified in PROBE INTERVAL and the load balancer will consider that
the VM is not responding if it does not get an answer after trying the number
of times specified in NUMBER OF PROBES.
Once you have created the load-balanced set, you
can join the VMs in the same cloud service to it. This could be done by using
the following:
|

|
|

|
|

|
|

|
Remark: For HTTP
traffic, you can use an HTTP probe which will allow a more advanced health
status check. This is done by checking a specific path you specify.
Availability Group Listener in
Windows Azure Now Supported! (And Scripts for Cloud-Only Configuration): http://blogs.msdn.com/b/sqlalwayson/archive/2013/08/06/availability-group-listener-in-windows-azure-now-supported-and-scripts-for-cloud-only-configuration.aspx

|

|
Configuration of ACLs for
Endpoints
|
ACLs can be configured for Endpoints to permit
access to specific IPs while denying it for others. ACLs are mainly used for
administration protocols (RDP, PowerShell and SSH) to restrict the access for
specific trusted IP addresses.
To configure ACLs for an Endpoint, you can
proceed like the following:
|

|
|

|
|

|
When you configure ACLs, you will
need to define the order of rules. The order is very important as, when a
client tries to use the Endpoint, the first matching rule will be the one
that will be processed. If no rule is matching then an implicit deny will be
applied.
|
Endpoints and Powershell
|
Endpoints can be configured with Powershell. You
can use the following PowerShell cmdlets for this purpose:
|
Conclusion
|
Endpoints allow services running
on Microsoft Azure VMs to be accessed remotely. They are easy to configure
and changes on them get reflected in few seconds. Microsoft Azure provides
also the capability to restrict the accesses to specific IPs or deny them
from specific ones. This article explored how Endpoints can be configured
with the interesting features they provide.
|