This video goes over two Azure IP addresses used for Azure VM’s. The WireServer IP of 18.104.22.168 and the Azure Instance Metadata Service (IMDS) IP address 169.254.169.254. In the video, I go over what each is used for and then give a demonstration on using the WireServer IP address to query DNS. After that, I use the IMDS REST Endpoint to pull metadata including the Azure environment and scheduled events.Continue reading “Two Azure IP Addresses You Need to Know About”
I recently worked on a project to deploy several VM’s in Azure. One of the requirements for this was to block all internet access from the Azure VM’s. This is a prudent step in securing an environment; preventing malicious code from web based threats.
Update 1/2018 – Microsoft has implemented NSG Service Tags for storage and Azure SQL. Information on that is located here. Additional information and the opportunity to vote on adding other services can be found here.
To accommodate this, a Network Security Group (NSG) was created and applied to the VM Subnet. Several rules were applied, including one similar to the picture below. The rule simply blocked traffic from the VirtualNetwork out to the Internet on any source or destination port.
After the rule was put in place and tested I began to setup the rest of the environment. Right away I ran into trouble, the VM’s took up to 30 minutes to deploy and errored out with the message “New-AzureRmVm : Long Running Operation Failed with status ‘Failed’. Continue reading “Azure VM and Internet Access”