我们有一个用例,我们不希望将我们的云服务公开给公众,只能通过我们的内部网络访问。有没有办法将公共IP关联起来并通过内部IP访问云服务。我已经将CloudService添加到我们的VN,但我仍然可以通过公共IP访问CloudService。
<NetworkConfiguration>
<VirtualNetworkSite name="xxxxVN" />
<AddressAssignments>
<InstanceAddress roleName="WorkerRole7">
<Subnets>
<Subnet name="default" />
</Subnets>
</InstanceAddress>
<InstanceAddress roleName="WebRole7">
<Subnets>
<Subnet name="default" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
</NetworkConfiguration>
CSDEF:
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="AzureCloudService7" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="WebRole7" vmsize="Small">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InternalEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
<Imports>
<Import moduleName="RemoteAccess" />
</Imports>
</WebRole>
<WorkerRole name="WorkerRole7" vmsize="Small">
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
</WorkerRole>
</ServiceDefinition>>
当我删除Inputendpoint时它要求绑定,所以我将它作为Internalendpoint给出并尝试部署它仍然可以通过VIP访问cloudservice。
答案 0 :(得分:1)
通过公共负载均衡器(即VIP)可用的唯一端口是在CSDEF文件中定义为InputEndpoints的端口。因此,只需删除这些输入端点,您将删除从公共IP与该VM通信的功能。