Recently, a Microsoft partner asked me how to restrict access by Remote Desktop to virtual machines hosted in Windows Azure. In this post, I present the solution to the Partner's request. Next sections introduce the request as submitted from the partner and the method to fullfill it.
The testing scenario is based on:
- A Windows Azure Virtual Network used for connecting virtual machines
o 1 Address Space 10.0.0.0/8
o 1 Subnet 10.0.0.0/24 named Subnet-1
- 3 Windows Azure Virtual Machines connected to subnet10.0.0.0/24. Windows Azure will offer DHCP and DNS services
o Virtual Machine 1: Dirillivirtual1
o Virtual Machine 2: Dirillivirtual2
o Virtual Machine 3: Dirillivirtual3
- Each virtual machine is accessible by Internet or external network using endpoints: You can associate specific ports and a protocol to endpoints. Resources can connect to an endpoint by using a protocol of TCP or UDP. The TCP protocol includes HTTP and HTTPS communication. In this example, we will create an endpoint for the TCP port 3389 (RDP) and we will associate it to virtual machine "Dirillivirtual3": no endpoints will be configured for the other virtual machines, Dirillivirtual1 and Dirillivirtual2.
We will perform the following tasks:
In this section, we create the virtual network named "Subnet-1"
Each virtual machine will be connected to the virtual network "Subnet-1" created in the previous step.
In this step, we will restrict access to "Dirillivirtual3" machine only to authorizaed IP addresses and configure RDP connections to "Dirillivirtual1" and "Dirillivirtual2" . An endpoint associated to RDP 3389 will be defined only on "Dirillivirtual3" .
You can administer "Dirillivirtual1" and "Dirillivirtual2" using Remote Desktops snap-in available on "Dirillivirtual3"
The last step we will perform is to delete endpoints on "Dirillivirtual1" and "Dirillivirtual2" to prevent external access
Now, you can perform administrative task on windows Azure virtual machines using an unique access point