Microsoft Azure Essentials Fundamentals of Azure Second Edition e-optimized 5x11 pdf

Download 8,71 Mb.

Pdf ko'rish

bet	98/260
Sana	16.09.2021
Hajmi	8,71 Mb.
	#176022

1 ... 94 95 96 97 98 99 100 101 ... 260

Bog'liq
9781509302963 Microsoft Azure Essentials Fundamentals of Azure 2nd ed pdf

Network connectivity
By default, Azure VMs are not able to accept requests from the Internet. To do so, a VM must be
configured to permit inbound network traffic.
Note Configuring network connectivity sets rules for how network traffic reaches the VM. It does
not have any relation to the firewall (software or similar features) running on the VM itself. You
might need to configure the server’s firewall to allow traffic on the desired port and protocol.
In the Resource Manager model, a VM has inbound connectivity from the Internet if it either has a
public IP address on the associated NIC or is the NAT/load-balanced target of an Azure load balancer.
NSGs can further restrain that connectivity. To view the NSG rules for a VM using the Azure portal,
you will need to start by examining the network interface in the Settings blade for the VM. From there,
you would view the Inbound Security Rules on the NSG. There are several blades to move through
when viewing this information in the Azure portal. The path would be as follows:
[Your VM] > Settings > Network Interfaces > [Select the NIC] > Settings (for the selected NIC) >
Network Security Group > [Select the Network Security Group] > Settings (for the selected NSG) >
Inbound Security Rules
In the end, you should get to a screen that looks like that shown in Figure 3-8.

Figure 3-8 The Inbound Security Rules for an NSG on a VM.
Another approach to viewing the NSG configuration is to use the Get-AzureRmNetworkSecurityGroup
PowerShell cmdlet.
When using a load balancer in conjunction with one or more VMs in an availability set, the
connectivity from the public Internet to the VM is controlled by inbound NAT rules and load balancing
rules, as seen in Figure 3-9. The rules are part of the load balancer resource configuration, not the VM.
The load balancer is configured to work with, or target, the specific VM(s).

86
CHAPTER 3 |    Azure Virtual Machines

Figure 3-9  The Inbound NAT Rules for a Load Balancer resource targeting a Resource Manager VM.
For classic Azure VMs, the Azure Load Balancer exposes endpoints for an Azure cloud service. It is the
configuration of the Azure Load Balancer that controls how requests from the Internet reach a specific
port using a related protocol (such as TCP or UDP) on the VM. This configuration is configuring the
Azure Load Balancer to allow traffic from the Internet, creating a mapping between public ports on
the Azure Load Balancer and private ports on the VM.
Note  NSGs can be applied to both classic VMs and Resource Manager VMs. For the purposes of
this scenario on virtual machine connectivity, NSGs are not discussed for classic VMs.
Configuring and managing a virtual machine
Creating an Azure VM is only the beginning. There are several important factors that you should
consider to successfully manage the VMs. Factors such as scalability, SLA, disk management, and
machine maintenance are all important to consider.
The overall management of the VMs is largely the user’s responsibility—you can do pretty much
whatever you desire on the VM. Configuration and management of the VM can be done via numerous
methods, such as manually via a Remote Desktop connection, remotely using PowerShell or
PowerShell DSC (desired state configuration), or VM extensions for popular tools like Chef and
Puppet. There is a wide range of choices for configuring the VM—the choice is yours.

Download 8,71 Mb.

Do'stlaringiz bilan baham:

1 ... 94 95 96 97 98 99 100 101 ... 260