Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

How to Reserve Public Virtual IP Addresses in Microsoft Azure

Not to be confused with the internal static IP addresses that can be assigned to Azure virtual machines, in this Ask the Admin I’ll show you how to reserve public virtual IP addresses in Microsoft Azure.

Microsoft Azure IP Addressing

Before we look at how to reserve virtual IP addresses (VIPs) in Azure, let’s quickly recap Azure IP addressing. For more information on how to specify a static internal IP address as part of a VM’s configuration, see the Petri IT Knowledgebase article, “How to Easily Assign a Static IP Address in Microsoft Azure.”

External Public IP Addresses

The public virtual IP address (or VIP) of the cloud service hosting a VM is the IP address used to connect to the VM from the Internet. If all the VMs in a cloud service are shut down and deallocated from the Azure fabric, then the VIP assigned to the cloud service is released.

At the time of writing, Azure doesn’t support reserving VIPs for Affinity Group based Virtual Networks, or VMs or cloud services that already exist; although Microsoft does plan to add this functionality in the near future.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Reserving Public IP Addresses

Microsoft recommends that instead of reserving VIPs, you should use a DNS CNAME record to point to the DNS name of the cloud service, such as myservicename.cloudapp.net, as opposed to creating a record with the cloud service’s VIP. But is some cases it’s necessary to refer to a cloud service by its VIP, such as when defining a firewall ACLs.

VIPs can only be reserved using PowerShell, so you’ll need to set up the latest PowerShell tools for Azure and make a secure connection to your subscription as outlined in “Setup Windows Azure PowerShell Management.”

Using the New-AzureReserverIP PowerShell cmdlet to create a VIP reservation.

Using the New-AzureReserverIP PowerShell cmdlet to create a VIP reservation. (Image: Russell Smith)

Using the New-AzureReservedIP PowerShell cmdlet

After specifying all the necessary variables for my new VM and cloud service in the script below, I use the New-AzureReservedIP cmdlet to create a VIP reservation called ReservedIP1. Note that you cannot specify the IP address itself, because it’s automatically assigned by Azure.

The only difference in the rest of the script from creating a VM without a VIP reservation is that the ReservedIPName is added to the New-AzureVM cmdlet, with the name of the reserved IP address as specified using the New-AzureReservedIP cmdlet.

In the following example, I’m adding a standalone Windows Server to an already existing virtual network:

​ # Define variables for new VM and cloud service

$vmName = "CONTOSOSRV5"
$serviceName = "contosoSRV5" 
$password = "Passw0rd!"
$username = $vmName + "admin"
$vnetName = "CONTOSO"
$subNet = "Subnet-1"
$location = "North Europe"
$instanceSize = "Medium" 
$imageName = “a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201407.01-en.us-127GB.vhd”

# Create a new reserved VIP

New-AzureReservedIP –ReservedIPName “ReservedIP1” –Label “VIP1” –Location $location

# Configure settings for the new VM and cloud service

$newVM = New-AzureVMConfig -Name $vmName -InstanceSize $instanceSize -ImageName $imageName -DiskLabel "OS"

$newVM | Add-AzureProvisioningConfig –Windows -AdminUsername $username -Password $password -DisableAutomaticUpdates

$newVM | Set-AzureSubnet -SubnetNames $subNet

# Create the new VM and cloud service using the reserved VIP

New-AzureVM -ServiceName $serviceName -VMs $newVM -VNetName $vnetName -Location $location -ReservedIPName "ReservedIP1" -WaitForBoot

Once you run the script and the new VM is running, go to the Azure management portal and make a note of the Public virtual IP (VIP) on the VM dashboard. Now shut down the VM from inside the portal, wait for the VM’s status to change to Stopped (deallocated) and then restart the VM. You will see that the same VIP is assigned.

Removing Reserved Public IP Addresses

If you are no longer using a reserved VIP, it’s important to delete it otherwise charges will be incurred on your subscription. To remove a reserved VIP, use the following command:

​ Remove-AzureReservedIP -ReservedIPName "ReservedIP1" –Force

Reserved VIP Pricing

You can reserve up to five VIPs on your Azure subscription, and you will not be charged as long as they are being used, i.e. that there is at least one active VM or web/worker instance hosted by the cloud service.

If you need more than 5 reserved VIPs, it’s possible to reserve a maximum of 100 by contacting Azure support. For more information on pricing, see Reserved IP Address Pricing Details on the Azure website.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: