locked
How does Azure VM connect to the internet? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Dear community,

    I would like to check how does back VMs in Azure access the internet (without a public IP)

    In Amazon AWS, instances gets connected to the internet via a NAT gateway or an internet gateway.

    In my case, after I deployed a VM in Azure, I removed its public IP (to prevent charges). How do I connect this VM to the internet?

    Any advice is appreciated.


    • Edited by Johnsyjohn Wednesday, November 9, 2016 2:51 AM
    Wednesday, November 9, 2016 2:51 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I understand your idea. In fact, even you not set a public IP with your VM, the VM will always have Public IP Address, but you can’t assign any Endpoints. So if you don’t set a public IP with your VM, you can’t RDP or SSH your VM with the default public IP address, but the VM can access the internet.

    About the public IP pricing, in the ARM model, the first 5 “static” public IP addresses in a region are free. This is applicable irrespective of the type of resource (VM or Load-balancer) to which the IP address is associated. All others are charged at $0.004/hr. So you can deploy a VM with a public IP address, use it as a jumpbox, other VMs can deploy without public IP addresses.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 1:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    "In fact, even you not set a public IP with your VM, the VM will always have Public IP Address,"

    If you deploy the VM and set the public IP address as None, it means you have not reserved a public IP.


    Every backend instances will have its own dynamic public IP address, those public IP addresses are free, same as the VM configured to point to the NAT gateway. 

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 5:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Johnson,

    When we create a VM we have the option to attached a public IP to VM or leave it as blank. As you mentioned here of course we can use a Jump Box VM with Public IP and RDP to them using Jump Box.You have to deploy the Jump Box VM to the same VNET.

    As an example lets assume you have two tier web app and you don't want to expose the DB VMs to public internet. In this case we can leave the VMs without a public IP and use a Jump Box VM to RDP the DB VMs when we need to do any configurations.

    Thanks  

    If this answer help Please mark it as a answer Blog-http://allaboutwindowssl.com/

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 6:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    During we deploy the VM, set the public IP address is not None, the public IP address is not free.

    The default dynamic public IP, we can perform a network capture to find it, but the IP cannot be used with RDP or SSH, and can't be assign. 

    At least we need a public IP as the jumpbox, via the jumpbox access other VMs with internal IP addresses.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to <b>mark the replies as answers</b> if they help.<br/> If you have feedback for TechNet Subscriber Support, contact <a href="mailto:tnmff@microsoft.com"> tnmff@microsoft.com</a>.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 6:59 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    According to your description, we can use portal to create a public IP and associate the public IP address to the VM’s network interface:

    More information about create public IP, please refer to the link below:

    https://azure.microsoft.com/en-us/documentation/articles/virtual-network-deploy-static-pip-arm-portal/


    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 9, 2016 4:01 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    You can create new Public IP using portal.

    Navigate to the NIC of the VM and follow as below screenshot 

    Thanks

    If this answer help Please mark it as a answer Blog-http://allaboutwindowssl.com/

    Wednesday, November 9, 2016 6:41 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Johnson,

    Unless the VM is having a public facing IP (either its own public IP or the public IP of a load balancer) there is no way to access the internet from the VM. As mentioned above you will have to re-enable the public IP to commence internet based communication to your VM. Also, without the Public IP you will not be able to RDP into this VM.

    Hope this helps.

    Regards,

    Loydon

    ________________________________________________________________________________________________________________
    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer so that other customers can benefit from it.

    Wednesday, November 9, 2016 10:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you for the replies. I take it that the concept for azure is slightly different from Amazon aws. In Amazon, backend instances can be configured to not have a public IP. Instead we can configure a NAT gateway and then for backend instances to access to the internet, these backend instances will be configured to point to the NAT gateway.

    In the case of Azure, does this mean that:

    1. There is no way to configure a NAT gateway and to configure the backend instances to point to the NAT gateway to access the internet?

    2. If there is no way to configure a NAT gateway, it will be"mandatory" to have a public IP allocated to the backend instances. I would like to to if there are charges to a DYNAMIC public IP.





    • Edited by Johnsyjohn Thursday, November 10, 2016 1:01 AM
    Thursday, November 10, 2016 12:59 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I understand your idea. In fact, even you not set a public IP with your VM, the VM will always have Public IP Address, but you can’t assign any Endpoints. So if you don’t set a public IP with your VM, you can’t RDP or SSH your VM with the default public IP address, but the VM can access the internet.

    About the public IP pricing, in the ARM model, the first 5 “static” public IP addresses in a region are free. This is applicable irrespective of the type of resource (VM or Load-balancer) to which the IP address is associated. All others are charged at $0.004/hr. So you can deploy a VM with a public IP address, use it as a jumpbox, other VMs can deploy without public IP addresses.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 1:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    In Amazon, we would configure a jump server with public IP. From the jump server, we would then RDP/SSH into those backend instances. (With rules in the security group)

    Noted on the pricing.

    So, in Azure, is this the normal practice to have different dynamic public IP address in the backend instances?


    We are concerned about the costs of the dynamic IP addresses if we have many backend instances. As compared to Amazon, Azure will cost more because every backend instances will have its own dynamic public IP address.

    • Edited by Johnsyjohn Thursday, November 10, 2016 2:33 AM
    Thursday, November 10, 2016 2:31 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    "In fact, even you not set a public IP with your VM, the VM will always have Public IP Address,"

    If you deploy the VM and set the public IP address as None, it means you have not reserved a public IP.


    Every backend instances will have its own dynamic public IP address, those public IP addresses are free, same as the VM configured to point to the NAT gateway. 

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 5:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Johnson,

    When we create a VM we have the option to attached a public IP to VM or leave it as blank. As you mentioned here of course we can use a Jump Box VM with Public IP and RDP to them using Jump Box.You have to deploy the Jump Box VM to the same VNET.

    As an example lets assume you have two tier web app and you don't want to expose the DB VMs to public internet. In this case we can leave the VMs without a public IP and use a Jump Box VM to RDP the DB VMs when we need to do any configurations.

    Thanks  

    If this answer help Please mark it as a answer Blog-http://allaboutwindowssl.com/

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 6:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am confused.

    So, are the dynamic IP addresses free or not?

    I have created a new VM3, remove its public IP.

    How do I assign a "free dynamic IP address"?

    Please refer to the screenshot here

    https://www.dropbox.com/s/z2wh76pvnw2bl6q/VM3.JPG?dl=0

    Thursday, November 10, 2016 6:37 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    During we deploy the VM, set the public IP address is not None, the public IP address is not free.

    The default dynamic public IP, we can perform a network capture to find it, but the IP cannot be used with RDP or SSH, and can't be assign. 

    At least we need a public IP as the jumpbox, via the jumpbox access other VMs with internal IP addresses.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to <b>mark the replies as answers</b> if they help.<br/> If you have feedback for TechNet Subscriber Support, contact <a href="mailto:tnmff@microsoft.com"> tnmff@microsoft.com</a>.

    • Marked as answer by Johnsyjohn Friday, November 11, 2016 4:08 AM
    Thursday, November 10, 2016 6:59 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Ok I think I understood your explanation. If I understand it correctly:

    1. Create a jump server with public IP (Not None) Public submet

    2. Create a backend server without public IP (none) App subnet

    3. RDP into the jump server.

    4. In the jump server, RDP to Backend server with internal IP

    5. From the Backend server I am able to access the internet with its dynamic IP (which I can find out by doing a packet capture)

    Am I right?

    I will test it out.

    Thursday, November 10, 2016 7:09 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Johnson,

    Yes, you are right.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to <b>mark the replies as answers</b> if they help.<br/> If you have feedback for TechNet Subscriber Support, contact <a href="mailto:tnmff@microsoft.com"> tnmff@microsoft.com</a>.

    Thursday, November 10, 2016 7:15 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Johanson,

    Please refer the my previous post in there I attached the screenshot how its done.

    https://azure.microsoft.com/en-us/documentation/articles/virtual-network-ip-addresses-overview-arm/

    Thanks

    If this answer help Please mark it as a answer Blog-http://allaboutwindowssl.com/

    Thursday, November 10, 2016 7:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    During we deploy the VM, set the public IP address is not None, the public IP address is not free.

    The default dynamic public IP, we can perform a network capture to find it, but the IP cannot be used with RDP or SSH, and can't be assign. 

    At least we need a public IP as the jumpbox, via the jumpbox access other VMs with internal IP addresses.

    If you still have questions, welcome to post back here. Thanks.

    Best Regards,

    Please remember to <b>mark the replies as answers</b> if they help.<br/> If you have feedback for TechNet Subscriber Support, contact <a href="mailto:tnmff@microsoft.com"> tnmff@microsoft.com</a>.

    Hello Jason,

    - I have tested out. I set up a backend VM without a public IP (None).

    - RDP into the backend VM from a jump server.

    - Tested able to access internet.

    Thank you for your explanation. Now I understand that for Azure instances to access internet, it is slightly different from Amazon.

    In Amazon, if you choose not to allocate a public IP address, it will not "auto" assign a dynamic IP address to the instance. You will need to point it to the internet gateway or a NAT gateway to allow the instance to access the internet.

    Whereas in Azure, if you choose not to allocate a public IP address, it will "auto" assign a dynamic IP address to the instance.


    • Edited by Johnsyjohn Friday, November 11, 2016 4:11 AM
    Friday, November 11, 2016 4:07 AM