Use of Cloud Computing and Virtualization in the Time of Recession

Cloud Computing on Ulitzer

Subscribe to Cloud Computing on Ulitzer: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Computing on Ulitzer: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Cloud Computing Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Gary Arora, Zakia Bouachraoui

Related Topics: Cloud Computing, PC Security Journal, Azure Cloud on Ulitzer, Security Journal, Microsoft Developer, CIO/CTO Update, Java in the Cloud

Blog Feed Post

Can I use an ACL to protect my Azure SQL Server VM? (So many question. So little time. Part 49.)

Sign up for the Azure trialAt our IT Camp in Saint Louis a few weeks ago, Todd had a great question on protecting his cloud-based SQL Server:

Kevin,

Not sure this question was asked at the Azure IT boot camp but is there any future plans to segregate or ACL off the subnets in Azure?  Most of our web front ends are in our DMZ, in a lower security zone, and our SQL servers are in a higher protected zone.  The ACL allows communication between the two but I did not see that in the Azure portal.  So as it stands I could stand up a WFE and it could be talking directly to the SQL server and get compromised? 

Is it the position of Microsoft to use Windows firewall between the servers? 

I didn’t cover it in too much detail in our event, and it’s not something that is (yet) exposed in the Windows Azure Portal, but you do have the ability through PowerShell to assign complex network ACLs to a Windows Azure virtual machine. 

From the article “About Network Access Control Lists (ACLs)”:

Using Network ACLs, you can do the following:

  • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
  • Blacklist IP addresses
  • Create multiple rules per virtual machine endpoint
  • Specify up to 50 ACL rules per virtual machine endpoint
  • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
  • Specify an ACL for a specific remote subnet IPv4 address.

The most simple example of an ACL is the fact that a VM created running Windows likely has a public endpoint that maps to a private 3389 endpoint for the sake of remote desktop connections.  Without that endpoint definition, the default is to just block everything.  As you see from the previous list, we can be even more selective than just opening or closing ports. 

For the complete description of what ACLs are, read “About Network Access Control Lists (ACLs)”

To learn how to manage and use them in Windows Azure, read “Managing Access Control Lists (ACLs) for Endpoints”

$200 worth of Windows Azure for a free month!

Read the original blog entry...

More Stories By Kevin Remde

Kevin is an engaging and highly sought-after speaker and webcaster who has landed several times on Microsoft's top 10 webcast list, and has delivered many top-scoring TechNet events and webcasts. In his past outside of Microsoft, Kevin has held positions such as software engineer, information systems professional, and information systems manager. He loves sharing helpful new solutions and technologies with his IT professional peers.

A prolific blogger, Kevin shares his thoughts, ideas and tips on his “Full of I.T.” blog (http://aka.ms/FullOfIT). He also contributes to and moderates the TechNet Forum IT Manager discussion (http://aka.ms/ITManager), and presents live TechNet Events throughout the central U.S. (http://www.technetevents.com). When he's not busy learning or blogging about new technologies, Kevin enjoys digital photography and videography, and sings in a band. (Q: Midlife crisis? A: More cowbell!) He continues to challenge his TechNet Event audiences to sing Karaoke with him.