How can we improve Azure Virtual Machines?

← Virtual Machines

Allow VM Extensions to communicate via 168.63.129.16 to Storage and Key Vault

Currently, VM Extensions require access to Azure Storage and/or Key Vault in order to function, and according to MS Support, this is achieved via the internet on port 443.

For IaaS solutions where generic internet traffic is blocked (which seems to be agreed best-practice) Custom Script deployments can occasionally fail, and all subsequent ARM deployments fail.

The 'solution' to allow port 443 traffic out of the VMs isn't a viable one for secure solutions, neither is white-listing the Storage and/or Key Vault URLs, being s that's not possible in Windows Firewall, NSGs, or Routing Tables, forcing the use of costly third-party Firewall Appliances.

It would be considerably simpler for deployment purposes if these extensions communicated with Storage and Key Vault via the pre-existing virtualized host IP address of 168.63.129.16 already used for DHCP, DNS etc.

13 votes

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Andrew Herbert shared this idea · April 05, 2016 · Flag idea as inappropriate… · Admin →

2 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Marcel Paap commented · July 13, 2016 14:31 · Flag as inappropriate

Please fix this. Gives a lot of challenges with our IaaS deployments.

Submitting...
JH commented · July 13, 2016 04:37 · Flag as inappropriate

I agree, outbound internet access should not be a requirement for VM Extensions in general.

It would also help if we could run a simple Post CMD during deployment (similar to CMDLINES.TXT in the old days), for example to setup connectivity (e.g. Proxy)

Submitting...

Virtual Machines

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,457 ideas
- Additional Services 311 ideas
- Analytics Platform System 12 ideas
- API Apps 8 ideas
- API Management 445 ideas
- Automation 397 ideas
- Azure Active Directory 3,307 ideas
- Azure Active Directory Application Requests 216 ideas
- Azure Advisor 16 ideas
- Azure Analysis Services 141 ideas
- Azure API for FHIR 2 ideas
- Azure App Configuration 13 ideas
- Azure Backup 412 ideas
- Azure Blockchain Service 2 ideas
- Azure Bot Service 59 ideas
- Azure Cloud Shell 307 ideas
- Azure Confidential Compute 3 ideas
- Azure Container Instances 93 ideas
- Azure Container Registry 61 ideas
- Azure Cosmos DB 228 ideas
- Azure CycleCloud 1 idea
- Azure Data Explorer 52 ideas
- Azure Data Share (Public Preview) 2 ideas
- Azure Database for MariaDB 7 ideas
- Azure Database for MySQL 55 ideas
- Azure Database for PostgreSQL 86 ideas
- Azure Database Migration Service 43 ideas
- Azure Databricks 55 ideas
- Azure Dev Spaces 0 ideas
- Azure Digital Twins 22 ideas
- Azure Event Grid 52 ideas
- Azure Functions 140 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 89 ideas
- Azure Government 78 ideas
- Azure IoT 242 ideas
- Azure IoT Central 82 ideas
- Azure IoT Device Catalog 14 ideas
- Azure IoT Edge 61 ideas
- Azure IoT Solution Accelerators 27 ideas
- Azure Key Vault 111 ideas
- Azure Kinect DK 34 ideas
- Azure Kubernetes Service (AKS) 137 ideas
- Azure Lighthouse 9 ideas
- Azure Management Groups 22 ideas
- Azure Maps 39 ideas
- Azure Marketplace 384 ideas
- Azure Media Services 204 ideas
- Azure Migrate 32 ideas
- Azure mobile app 220 ideas
- Azure Monitor 89 ideas
- Azure Monitor- Alert Management 76 ideas
- Azure Monitor-Application Insights 553 ideas
- Azure Monitor-Log Analytics 883 ideas
- Azure Pack 324 ideas
- Azure portal 1,804 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Resource Manager 425 ideas
- Azure Search 230 ideas
- Azure Security Center 187 ideas
- Azure Sentinel 22 ideas
- Azure Service Health 19 ideas
- Azure SignalR Service 8 ideas
- Azure Spatial Anchors 16 ideas
- Azure Sphere 61 ideas
- Azure Stack 153 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 8 ideas
- Batch 44 ideas
- Batch AI 9 ideas
- Biztalk Services 23 ideas
- Blockchain 42 ideas
- Cache 51 ideas
- Change Tracking 7 ideas
- Cloud Services (Web and Worker Role) 284 ideas
- Cost Management 170 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 127 ideas
- Data Factory 701 ideas
- Data Lake 335 ideas
- Data Science VM 19 ideas
- Diagnostics and Monitoring 187 ideas
- Event Hubs 21 ideas
- Global Infrastructure 43 ideas
- HDInsight 124 ideas
- Lab Services 245 ideas
- Logic Apps 1,299 ideas
- Machine Learning 70 ideas
- Mobile Engagement 19 ideas
- Networking 879 ideas
- Notification Hubs 26 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 108 ideas
- SDK and Tools 138 ideas
- Security and Compliance 85 ideas
- Service Bus 183 ideas
- Service Fabric 277 ideas
- Signup and Billing 1,418 ideas
- Site Recovery 242 ideas
- SQL Data Sync 68 ideas
- SQL Data Warehouse 248 ideas
- SQL Database 640 ideas
- SQL Managed Instance 94 ideas
- SQL Server 9,681 ideas
- Storage 741 ideas
- StorSimple 46 ideas
- Stream Analytics 229 ideas
- Support Feedback 267 ideas
- System Center Data Protection Manager 110 ideas
- Update Management 109 ideas
- Virtual Machines 1,416 ideas
- Web Apps 363 ideas
Microsoft Azure