Thursday, March 21, 2013

Adding EndPoints on Windows Azure VM's

After you have created a Virtual Machine in Windows Azure, an EndPoint is created for accessing the Virtual Machine with Remote Desktop (RDP) from your local computer. An EndPoint is basically a mapping between a Public IP Port and a Private IP Port. Each time you use the Windows Azure Management Portal to connect to your Virtual Machine in Windows Azure, by hitting the Connect button, the RDP connection connects to the Public IP Port. The network traffic that arrives at that Public port, becomes routed to the Private port, making sure the network traffic accesses the application or service it was intended for.

So for RDP everything is setup nicely by Windows Azure, but say you have a SQL Server database on that VM, which you want to access from a (Azure) website or your local SQL Server Management Studio. In that case you need an extra EndPoint to be able to access that database from the outer world.

Although not advisable, you can map Public IP Port 1433 (SQL Server's standard port) to Private Port 1433. But by doing so, you make it easier for hackers to access your database (although they don't have security credentials), so it's better to take a random number between 1024 and 65535 and configure that as the Public IP Port.

Follow these steps to create an EndPoint for accessing a SQL Server database.

Login to the Management Portal with your Microsoft account which is mapped to your Windows Azure subscription and click on 'Virtual Machines' in the menu on the left. Next select a Virtual Machine  by clicking on it (that is: if you've created one beforehand) and then click on 'EndPoints'. In the screen that follows you'll see that an EndPoint is already created for Remote Desktop connections.

Now click the 'Add EndPoint' button, afterwhich you get the first screen of a 2 pages wizard.

Leave the bullet on the first radio button and proceed to the next screen of the wizard, by clicking on the small arrow button in the lower right corner.

In this screen you have to make a couple decisions. First, select an identifiable name for the EndPoint. Since we are creating an EndPoint for SQL Server, you could choose a name in that direction. Keep in mind that spaces are not allowed!
The second choice you have to make is the number of the Public Port. Choose a random number between 1024 and 65535, preferable NOT 1433.
The last choice is actually a value you should already know, namely the (Private) Port which is used for SQL Server. By default SQL Server communicates on port 1433. So unless you did configure another port, enter 1433 for the Private Port.
So far the configuration of the EndPoint. Now click the button with the check mark, to have Windows Azure create the EndPoint. This can take 1 or 2 minutes.
What's next
Having an EndPoint configured to be able to access a database in a Windows Azure VM is only one step. The next steps will be creating a SQL Server authentication login and grant it the needed authorizations. Read more about it in this article on BizTalk Events.

No comments: