locked
Public VIP for Azure Batch pools? RRS feed

  • Question

  • For the traditional Azure Worker Role, each host service has its own static public VIP which is shared by all the nodes in the deployment. This eases the firewall rule settings for things like Azure SQL Database.

    Is there similar thing for Azure Batch? Does each azure batch pool also has a static IP for it and can I use it for doing firewall rules?

    Monday, January 9, 2017 9:53 PM

Answers

  • Hi Regis82,

    Yes, the concept is the same for Azure Batch Pools. You can retrieve the VIP of each compute node in the pool by issuing the GetRemoteLoginSettings (VirtualMachineConfiguration) or GetRDPFile (CloudServiceConfiguration) call for your appropriate language SDK (e.g., .net VM, .net CloudService) or REST API VM, REST API CloudService.

    If you are using CloudServiceConfiguration with GetRDPFile, then you will need to crack open the RDP file to find the VIP.

    Note that depending upon the deployment variables (e.g., number of nodes, etc.) not all nodes may be under one VIP. You will need to aggregate the IPs across all nodes in a pool.

    Cheers,

    Fred


    • Edited by Fred Park [MSFT] Tuesday, January 10, 2017 4:02 PM clarification
    • Marked as answer by Regis82 Friday, January 13, 2017 12:38 AM
    Tuesday, January 10, 2017 3:59 PM

All replies

  • Hi Regis82,

    Yes, the concept is the same for Azure Batch Pools. You can retrieve the VIP of each compute node in the pool by issuing the GetRemoteLoginSettings (VirtualMachineConfiguration) or GetRDPFile (CloudServiceConfiguration) call for your appropriate language SDK (e.g., .net VM, .net CloudService) or REST API VM, REST API CloudService.

    If you are using CloudServiceConfiguration with GetRDPFile, then you will need to crack open the RDP file to find the VIP.

    Note that depending upon the deployment variables (e.g., number of nodes, etc.) not all nodes may be under one VIP. You will need to aggregate the IPs across all nodes in a pool.

    Cheers,

    Fred


    • Edited by Fred Park [MSFT] Tuesday, January 10, 2017 4:02 PM clarification
    • Marked as answer by Regis82 Friday, January 13, 2017 12:38 AM
    Tuesday, January 10, 2017 3:59 PM
  • Hi Fred,

    Thanks for your reply. Can you elaborate a bit more on the rules of VIPs are determined for nodes? Since I have enabled auto-scaling for my pool, if not all nodes are under one VIP, it would be very difficult for me to do the firewall rule right. I don't want to open firewall rule for all Azure IPs as that is too risky. Do you have any suggestion on how to do this?

    Tuesday, January 10, 2017 5:43 PM
  • Hi Regis82,

    Unfortunately there is no rule regarding how to determine VIPs for deployments as a pool can exceed a single deployment.

    If your pool is not very large or will not scale to large number of nodes (i.e., currently no greater than 150 nodes for CloudServiceConfiguration pools), then you can force a single deployment using the EnableInterNodeCommunication flag on pool creation. Note that this can impact your pool for even less than 150 nodes (for CloudServiceConfiguration pools), if the Batch service cannot allocate additional underlying roles to your pool within the same deployment.

    Cheers,

    Fred







    Tuesday, January 10, 2017 6:14 PM