Ability to support enterprise proxy
In TP2 a transparent proxy only is supported to communicate with Azure. Unfortunately thats no option because of our network security policy. So it prevents to use Azure Stack as a future hybrid Cloud platform. We need the ability that Azure Stack supports enterprise proxy servers with proxy authentication/ssl interception.
We need more justification on whether this blocks production deployment of multi-node integrated systems.
enterprise proxy is a must have to adopt Azure stack in the data center
Timothy Tavarez commented
Proxy is acting as a blocker in a project. Support for non-transparent proxy would make life much easier.
so we are directing Azure Stack traffic toward corporate proxy via inline-proxy configured as a child to the parent corporate proxy. the inline proxy passes through all azure traffic. however the corporate proxy intercepts traffic to enable security checks, and these break the Microsoft SSL/TLS certificate e.g login.micrsoftonline.com, which Azure stack refuses to accept. so not just support direct proxy, but enable corporate root ca certificate to be installed in Azure Stack to accept the traffic via an intercepting corporate proxy
at work, we have been struggling to get a transparent proxy approved, the only valid enterprise access to the internet is via direct proxy, and we can not deploy a transparent proxy as it is considered a security concern due to its nature of intercepting traffic and might allow caching. all proxies have to be managed by the upstream IT network security group, not different support groups.
This is definitely a showstopper for most enterprise level companies (including the one I currently work for). As security increases, there will be no way around this in many cases.
This is becoming a show stopper for our Multinode POC as well. Being a financial institution we have strict internet access controls that require outbound internet from our corporate internal network to go via Enterprise proxy. We can't deploy a transparent proxy. Enterprise proxy support is a must if this solution is going to be widely accepted.
Scott Napolitan commented
We are currently investigating support for Enterprise Proxy as we understand this is a pain point for many Enterprise customers.
We plan to support our products on Azure Stack. As our company has strict rules on security and has an enterprise proxy where nearly no exception is possible, we feel that our customers will be blocked in running our applications because of the same proxy issue. It required us month of discussion with IT to get a temporary workaround to be able to do a POC without proxy even if our whole companies data center run with proxy.