The Schwartz Report

Blog archive

Microsoft Tightens Security for Virtual Machines in Windows Azure

Microsoft has added a new security option for those using its Windows Azure cloud service. Administrators can block unauthorized users from accessing virtual machines, Microsoft quietly announced at its TechEd conference in New Orleans earlier this month.

The new option lets administrators put Access Control Lists (ACLs) on individual endpoints. By putting the ACLs on endpoints or subnets, administrators can control unauthorized access to virtual machines that are protected behind a firewall but are accessible in the public cloud.

"We are adding an additional security option so that administrators can control inbound traffic to Virtual Machine," said Microsoft cloud strategy advisor Louis Panzano, from the company's office in Spain in a blog post. "You simply define how traffic from outside of your corporate firewall communicates with your virtual machine public endpoints through PowerShell and soon it will be available in the management portal."

During a session at Friday's MongoDB Days conference in New York (see this blog post), Microsoft cloud evangelist and architect David Makogon noted the announcement of the new security option, saying it offers an important way to control access to an exposed IP port. As Panzano noted in his blog post, Makogon pointed out the option for now is not available in the Windows Azure management portal (meaning it required the creation of PowerShell scripts).

Magogon said a good resource for creating that script is available via a blog post by Michael Washam, who until a few weeks ago was a senior program manager at Microsoft responsible for the Windows Azure PowerShell cmdlets for compute (IaaS, PaaS, and VNET), Windows Azure .NET SDK and areas of the Service Management API (RDFE).

"A significant improvement in the security of virtual machines is the ability to lock down an endpoint so that only a specified set of IP addresses can access it," wrote Washam, now a principal cloud architect at integrator Aditi Technologies. In his blog post, Washam explained how to specify ACLs during or after a deployment using PowerShell. "You create a new ACL configuration object using New-AzureAclConfig and then modify it with Set-AzureAclConfig," he noted. "The created ACL object is then specified to the *-AzureEndpoint cmdlet in the -ACL parameter." He shared an example script in his post.

This is an important new option, Magogon emphasized, advising attendees of his presentation it will keep unauthorized users out of their systems running in Windows Azure. "You probably don't want to have that port hanging out to the public," he said, noting by implementing the script you "can set Azure ACL configuration and create a rule [to] permit or block a particular subnet."


Posted by Jeffrey Schwartz on 06/24/2013 at 1:15 PM


  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.