Login/Register
Static IP address for Role in Windows Azure?
Asked Answered
Solved azureip-addressazure-configurationstatic-ip-addressazure-deployment
H

3

9

Does anyone knows if obtaining a static IP address for a Web or Worker Role on Windows Azure is possible (possibly only in private beta)?

Hutton answered 23/6, 2011 at 8:42 Comment(2)
+1. This has been a top request for awhile (way back when WAz was first released). Of course, you can somewhat rely on the VIP address you get if you never delete the deployment (only upgrade and VIP swap). But, even that is not truly guaranteed.Nanette
Dunnry, we tried that in the past, and IP address of a given role do change from time to time even if you don't upgrade (I suspect major Azure Fabric upgrades have an impact here).Hutton
S
7

A few years later, Azure now lets you reserve IP addresses for VMs and cloud services (Web and Worker roles). However, it is only accessible from PowerShell for the time being (this will change in the future, apparently).

The first five static IP addresses are free. To create an IP you will need to make sure you have the latest version of the Azure PowerShell command-line interface and also have your Azure account linked to Azure PowerShell (outside the scope of this post but not hard).

To Create a new IP in PowerShell:

$ReservedIP = New-AzureReservedIP -ReservedIPName "FirewallIP" -Label "WebAppFirewallIP" -Location "Japan West"

To associate it with a VM:

New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $images[60].ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123 | New-AzureVM -ServiceName "WebApp" –ReservedIPName $ReservedIP -Location "Japan West"

To insert your new IP into a Web or Worker Role (if the worker role has an external endpoint), add the following to ServiceConfiguration.Cloud.cscfg:

<ServiceConfiguration>
  <NetworkConfiguration>
    <AddressAssignments>
      <ReservedIPs>
        <ReservedIP name="<reserved-ip-name>"/>
      </ReservedIPs>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

To view an IP at any time:

Get-AzureReservedIP -ReservedIPName "FirewallIP"

Source: Documentation

Sur answered 14/5, 2014 at 0:46 Comment(3)
Anybody have experience with the worker role config? I added above config to my cscfg (3 worker roles in there) and when I deploy I get "Validation Errors: Error validating the .cscfg file against the .csdef file. Severity:Error, message:ReservedIP '<my-reservedip-name>' was not mapped to an endpoint. The service definition must contain atleast one endpoint that maps to the ReservedIP."Shoifet
@Shoifet Worker roles by default do not have an external (public-facing) endpoint. I edited my answer to make that a bit clearer. There is good news, however, in that it's possible but you'll need to set up an endpoint yourself first. I can't speak to how to set it up since I've never done it, but here's a MSDN article that will hopefully guide you in the right direction: msdn.microsoft.com/en-us/library/hh180158.aspx.Sur
It wouldn't be a dummy endpoint, as there are no endpoints by default in a worker role and so it cannot receive incoming connections. This makes sense because worker roles are designed to grab work, process it, and move on, not to receive connections from the Internet (that's a job for web roles). If you need to speak to a worker role (and via a static IP) you'll need to expose an endpoint first. Otherwise it is unable to receive external connections.Sur
S
7

There's an update to this story. Back in October 2011, Microsoft announced improved in-place updates to existing deployed services (announcement here). You can now update your deployment in several ways without having the assigned IP address changed. For example:

  • Grow/shrink Role size
  • Increase local storage size
  • Change endpoints
  • Add / remove roles

Once you deploy: As long as you don't delete your deployment, your IP address will stay as-is.

Supersession answered 26/6, 2012 at 0:22 Comment(1)
This is a significant improvement although one of our developers accidentally checked the box in VS "If deployment can't be updated do a full deployment". This deleted our deployment and issued a new IP, so we had to changes the A record with our DNS host. Luckily we were only testing Azure at that point but it would have been a major headache otherwise. We later found out our DNS host supports wildcard CNAMES so this isn't really a problem for us any longer.Gause
S
7

A few years later, Azure now lets you reserve IP addresses for VMs and cloud services (Web and Worker roles). However, it is only accessible from PowerShell for the time being (this will change in the future, apparently).

The first five static IP addresses are free. To create an IP you will need to make sure you have the latest version of the Azure PowerShell command-line interface and also have your Azure account linked to Azure PowerShell (outside the scope of this post but not hard).

To Create a new IP in PowerShell:

$ReservedIP = New-AzureReservedIP -ReservedIPName "FirewallIP" -Label "WebAppFirewallIP" -Location "Japan West"

To associate it with a VM:

New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $images[60].ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123 | New-AzureVM -ServiceName "WebApp" –ReservedIPName $ReservedIP -Location "Japan West"

To insert your new IP into a Web or Worker Role (if the worker role has an external endpoint), add the following to ServiceConfiguration.Cloud.cscfg:

<ServiceConfiguration>
  <NetworkConfiguration>
    <AddressAssignments>
      <ReservedIPs>
        <ReservedIP name="<reserved-ip-name>"/>
      </ReservedIPs>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

To view an IP at any time:

Get-AzureReservedIP -ReservedIPName "FirewallIP"

Source: Documentation

Sur answered 14/5, 2014 at 0:46 Comment(3)
Anybody have experience with the worker role config? I added above config to my cscfg (3 worker roles in there) and when I deploy I get "Validation Errors: Error validating the .cscfg file against the .csdef file. Severity:Error, message:ReservedIP '<my-reservedip-name>' was not mapped to an endpoint. The service definition must contain atleast one endpoint that maps to the ReservedIP."Shoifet
@Shoifet Worker roles by default do not have an external (public-facing) endpoint. I edited my answer to make that a bit clearer. There is good news, however, in that it's possible but you'll need to set up an endpoint yourself first. I can't speak to how to set it up since I've never done it, but here's a MSDN article that will hopefully guide you in the right direction: msdn.microsoft.com/en-us/library/hh180158.aspx.Sur
It wouldn't be a dummy endpoint, as there are no endpoints by default in a worker role and so it cannot receive incoming connections. This makes sense because worker roles are designed to grab work, process it, and move on, not to receive connections from the Internet (that's a job for web roles). If you need to speak to a worker role (and via a static IP) you'll need to expose an endpoint first. Otherwise it is unable to receive external connections.Sur
S
3

Unfortunately, this is not possible for the time being... If you need to do IP-based access control, you could open a support call and request the current IP address range for a given datacenter, but there is no real guarantee it won't change over time.

Siegel answered 23/6, 2011 at 14:21 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.