如何通过(地区)VNET连接Azure网站来辅助角色(TCP)?是否可以? [英] How to connect Azure Web Sites to a Worker Role (TCP) through a (regional) vnet? Is it possible?
问题描述
如何将一个使从的Azure PaaS的托管网络网站到工作者角色?这是部署在一个虚拟的网络。可以这样无需在打开一个输入点的,面向Internet的端口完成辅助角色?它看起来喜欢的网站目前还不能是虚拟的网络部署按照 Azure的虚拟网络的一部分常见问题解答:
How would one make a TCP connection from an Azure PaaS hosted Web Sites to a Worker Role? That's deployed in one virtual network. Can this be done without opening an Input Endpoints, Internet facing port on the worker role? It looks like WebSites cannot currently be part of virtual network deployments as per Azure Virtual Network FAQ:
我可以使用Windows Azure的网站与虚拟网络?不,我们不支持的网站与虚拟网络。
Can I use Windows Azure websites with Virtual Network? No. We do not support websites with virtual networks.
我是新来的Azure和各种配置玩,它看起来像这样的东西,也许可以用新的区域vnets (也许是内部负载平衡器),但随后又没有真正围绕信息比对,这等他们在不同的虚拟机和不同的网络中,从而使它们进行通信是一个更复杂的过程。
I'm new to Azure and playing with various configurations and it looks like this is something that could perhaps be done with the new regional vnets (and perhaps the internal load balancer), but then again there isn't really information around regarding this other than that they are on different virtual machines and in different networks and thus making them to communicate is a more involved process.
如果它有助于讨论,我有以下的区域互联星空的配置,这是由工人使用的 Xyz.ComputeRole 。这个角色一个接受的TCP连接。
If it helps discussion, I have the following are the regional vnet configurations, which are used by the worker Xyz.ComputeRole. This role is the one accepting TCP connections.
&LT;编辑:我发现关于此事<一个一个非常好的职位href=\"http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/\"相对=nofollow>网络隔离机器在Windows Azure中虚拟网络选项。因为它的立场,它看起来像我可以打开一个输入端点以辅助角色,然后限制只能从网站部署访问它。然而,这看起来好像有很多工作要做,和啤酒花在网络元素,如负载平衡器,也许我需要找出网站部署IP。
<edit: I found a really good post regarding this matter Network Isolation Options for Machines in Windows Azure Virtual Networks. As it stands, it looks like I could open an Input Endpoint to the worker role and then restrict access to it only from the WebSites deployment. However, it looks like a lot of work to do, and hops over the networking elements like a load-balancer, and perhaps I'd need to find out the Web Sites deployment IP.
我是关闭基地,并有通过TCP连接来连接一个网站,一个Azure的电脑角色一个简单的方法?
Am I off-base and there's a simple way to connect a WebSites to a Azure computer role via TCP connection?
网络配置
<VirtualNetworkConfiguration>
<Dns>
<DnsServers>
<DnsServer name="XyzVnetDns" IPAddress="192.168.50.0" />
</DnsServers>
</Dns>
<VirtualNetworkSites>
<VirtualNetworkSite name="XyzVNet" Location="North Europe">
<AddressSpace>
<AddressPrefix>10.0.0.0/8</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Sub1">
<AddressPrefix>10.0.0.0/11</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="XyzVnetDns" />
</DnsServersRef>
</VirtualNetworkSite>
</VirtualNetworkSites>
云服务配置
<NetworkConfiguration>
<VirtualNetworkSite name="XyzVNet" />
<AddressAssignments>
<InstanceAddress roleName="Xyz.ComputeRole">
<Subnets>
<Subnet name="Sub1" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
推荐答案
您不能添加Azure网站部署到互联星空因为有针对Web站点没有专用站IP地址。这也将preclude你设置访问控制列表(ACL)目前关于辅助角色的输入终结点。
You cannot add Azure Web Sites deployments to a VNet because there's no dedicated outbound IP address for Web Sites. This will also preclude you from setting up Access Control Lists (ACL's) on the worker role's input endpoints.
有关网站 - > Worker角色(云服务)的安全性,你需要依靠应用程序特定的东西(也许一个SSL证书或别的什么)
For Web Sites -> Worker Role (cloud service) security, you'd need to rely on something app-specific (maybe an SSL cert or something else).
顺便说一下:关于大量的工作要做限制访问:你试过不知道到底是什么(或者,如果你尝试过),但它是通过门户微不足道(只需输入子网掩码和...完成),并通过命令行很容易的为好。
By the way: regarding "a lot of work to do" for restricting access: Not sure exactly what you tried (or if you tried it), but it's trivial through the portal (just enter a subnet mask and... done), and very easy through command-line as well.
这篇关于如何通过(地区)VNET连接Azure网站来辅助角色(TCP)?是否可以?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
