1st steps into Microsoft Azure, setting up security rules
This week I had the pleasure of stepping into unknown territory, Microsoft Azure was on my list as we are setting up a service for our customers and customers to be. I didn’t have the opportunity before to work with Microsoft Azure and learning new things is always a pleasure I think.
Yesterday we, my co-worker Erik and me, setup the environment created a resource group, network and deployed the servers we needed. Nothing strange there, even without any knowledge of Microsoft Azure those steps are pretty much a breeze.
Today I set off with a vendor to install their product so we can deliver the offering to our customers and customers to be (interested call our sales guys). So we needed 443 to be open to the fixed IP address we opened up after a small battle with the Microsoft Azure console (more in another blog post).
So the task for today (was a small task so took half an hour) was to open access for 443. It’s simple if you know it but I thought perhaps some of you are also looking in the console and wonder at first where to find it…. perhaps it’s just me, my logic is not always working I notice frequently.
So let’s take a look at the console and how we can set security rules for a virtual machine that is accessible from outside. If you look at the console you see the machine we deployed, it’s a small environment mean to grow. So on the left (doing a little tour) you see the menu where you have the ability to get a higher level overview or where you can add virtual machines (with certain apps installed, like SQL Server), services or just add a SQL database with x DTU.
So when we click on the machine that we need to access from externally we see the next overview. The dashboard is in Dutch for some reason, my whole system is in English and somehow Microsoft Azure thought it would be a great idea to display everything in Dutch, hating it.
Anyway, This is the virtual machine with the properties (instellingen in Dutch) and so on. I click on “All instellingen”, All properties and get the ability to add a disk (depends on your chosen template) and network interface etc etc.. pretty basic and the screen opens up to the right is you click on something.
What I couldn’t find is the way to change the security rules, RDP (3389) is open by default… not sure if I like that idea. I needed 443 to be open and I figured that I needed to do that in Microsoft Azure and not at machine level. So what do you do, you click around and hope to find it. It is not at machine level, actually it is but not in the console at the machine.
Within the console of Microsoft Azure you need to click on “All Resources” and you will be presented with a list of all virtual machines and all there different components of those virtual machines. One of those properties you find there is security rules, per virtual machine Microsoft Azure displays security rules and you can change them.
So if you click on the security rule (show above by a blue shield) the properties screen opens op and you can select “incoming” or “outgoing” security rules.
By default only RDP is allowed so all machines you deploy have RDP open and if you disable this you won’t be able to access the machines by RDP externally but also not from another virtual machine. Again another blog to discuss this management issue.
So here we have the rule set for this virtual machine only 3389 is open from the outside and I need 443 open , so let’s click on “Add” or “toevoegen” (in Dutch) to add that rule. I kept the same naming standard but that’s not necessary at all. So you give it a name, Set the protocol (TCP for https) and add the port number.
Once all that is set we’re good to go and we have 443 open to the machine, time to do a little testing… the proof of the pudding is in the tasting 🙂 I’m getting a logon option there so our monitoring as a service console is reachable.
The Microsoft Azure console is not hard to learn, the biggest issue is to understand or figure out what they idea was behind the cloud solution. With the security rules I knew this had to be managed on a higher level to keep an overview but failed to find the entrance to do so at first. I noted a few more things of interest and will add a few blog about that soon.
Further on it is interesting to work with Microsoft Azure, there are a few thing to say but they will come in another article. hope this helps some of you or at least gave some interesting reading material for now.