Any Azure Guru's among the forums? - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

eek replied

1 December 2017, 13:57
Originally posted by SimonMac View Post

Vodafone!

Yep - good luck there. But how often does the ip address actually change...
Leave a comment:
SimonMac replied

1 December 2017, 13:50
Originally posted by eek View Post

Who doesn't?

Vodafone!
Leave a comment:
eek replied

1 December 2017, 13:49
Originally posted by SimonMac View Post

They don't provide static IP's

Who doesn't?
Leave a comment:
SimonMac replied

1 December 2017, 13:43
Originally posted by mattfx View Post

Try and send Lance a PM - he's a cloud god

Or, pay for a static IP from your provider. I'm with PlusNet and they charged me a one-off fee of a fiver to have a fixed IP for the length of the contract. Best internet provider out there IMO.

Edit: Hadn't seen, he had already replied! Teach me to read the whole thread before commenting!

They don't provide static IP's
Leave a comment:
Lance replied

1 December 2017, 10:49
Originally posted by mattfx View Post

Try and send Lance a PM - he's a cloud god

Or, pay for a static IP from your provider. I'm with PlusNet and they charged me a one-off fee of a fiver to have a fixed IP for the length of the contract. Best internet provider out there IMO.

Edit: Hadn't seen, he had already replied! Teach me to read the whole thread before commenting!

Blasphemy.... There's only one cloud god.
Leave a comment:
mattfx replied

1 December 2017, 09:40
Originally posted by garethevans1986 View Post

VPN into the network. It's never a good idea having a windows server with port 3389 open to the public either.

Gareth

I always change my RDS services to run over a different port - usually something like 4489 so I can remember!
Leave a comment:
mattfx replied

1 December 2017, 09:39
Try and send Lance a PM - he's a cloud god

Or, pay for a static IP from your provider. I'm with PlusNet and they charged me a one-off fee of a fiver to have a fixed IP for the length of the contract. Best internet provider out there IMO.

Edit: Hadn't seen, he had already replied! Teach me to read the whole thread before commenting!
Leave a comment:
garethevans1986 replied

30 November 2017, 21:16
VPN into the network. It's never a good idea having a windows server with port 3389 open to the public either.

Gareth
Leave a comment:
Lance replied

30 November 2017, 11:28
Azure network security groups won't allow use of DNS names.
So your choices are:
1) A firewall appliance that does allow DNS names. I'm not sure if any on the marketplace do that and they're costly as they usually need a D2 VM as a minimum to run.
2) VPN
3) Is strong authentication not suitable? Maybe set it to lockout for an hour after 5 failed attempts
4) A Linux VM running as a firewall as you can get quite funky with that and won't need a D2 VM.
Leave a comment:
ctm replied

30 November 2017, 09:20
You could do it with the firewalls available on the marketplace. But not sure there is quite the business case for the cost.

The cisco ASA-v would do this for example.
Leave a comment:
SimonMac replied

30 November 2017, 08:56
Originally posted by DaveB View Post

Well if you'd said that in the first place.....

I was trying to set it at the Azure level, not the VM level
Leave a comment:
DaveB replied

30 November 2017, 08:55
Originally posted by SimonMac View Post

That would be perfect, if I was using IIS, even if I was using Apache it would be possible using .htaccesss, but it's a Splunk instance which uses something called CherryPy for it's webserver

Well if you'd said that in the first place.....
Leave a comment:
SimonMac replied

30 November 2017, 08:48
Originally posted by DaveB View Post

How about this?

https://blogs.endjin.com/2014/09/res...-whitelisting/

That would be perfect, if I was using IIS, even if I was using Apache it would be possible using .htaccesss, but it's a Splunk instance which uses something called CherryPy for it's webserver
Leave a comment:
DaveB replied

30 November 2017, 08:44
Originally posted by SimonMac View Post

I use noip.com to give me the DNS name, and any IP changes get picked up automatically (I am using this to VPN into my network) I just wanted to be able to set the inbound rule on Azure to the DNS name rather than an IP address.

I think this will have to be the solution I use

How about this?

https://blogs.endjin.com/2014/09/res...-whitelisting/
Leave a comment:
SimonMac replied

30 November 2017, 08:19
Originally posted by DaveB View Post

You can use a dynamic DNS service. Lots of free ones around if you google, or paid ones that support multiple addresses / domains etc.

They assign you a DNS name entry against the initial IP you give them and run a client on the machine you need access for that automatically detects IP changes and update the DNS in real time.

I use noip.com to give me the DNS name, and any IP changes get picked up automatically (I am using this to VPN into my network) I just wanted to be able to set the inbound rule on Azure to the DNS name rather than an IP address.

Originally posted by ctm View Post

We have some sub contractors in a similiar boat connecting to multiple differernt azure subscriptions. (Infact when we had it opened, there was a large number of brute force connections against servers with public IPs)

The way we got around it was to setup a Point to Site VPN and they connect in to where they are required. We then lock down the environments to only local IPs.

I think this will have to be the solution I use
Leave a comment: