
close
close
You need some form of publicly addressable location for any service in Azure that will be available on the Internet. In Azure, this comes in the form of a public IP address, a low-cost option where you consume an address from Microsoft huge repositories – typically based on IPv4.
Public IP addresses, often referred to just as PIPs, are normally allocated on demand. For example, you might deploy a load balancer to NAT a number of virtual machines, and Azure will assign an address to you. You have no idea what that address will be until you get it. By default, the address is dynamic, but with resources such as load balancers or virtual machines, it’s usually best to configure the address with:
advertisment
Some organizations, particularly those with bureaucracies or slow-moving change control processes, will struggle with services that are being deployed publicly on the Internet. For example, let’s pretend that we work for a such an organization that is setting up a service in Azure that will have multiple PIPs. The firewalls of the organization need to be updated to allow inbound or outbound traffic to these PIPs.
The typical experience is that we have to wait until the service is deployed before we can start to configure the on-premises firewall rules. I have visited in some organizations where a simple process such as setting up a user might take 2 weeks, a request to install Visio might take 6 weeks, or a getting a laptop for a new user might even take over 2 months! How long do you think it will take one of these organizations to allow outbound HTTPS access to a new service?
The process will be:
Cloud speed!
The idea of Public IP Address Prefix is that you can pre-request a range of sequential IP addresses from Azure in advance of their deployment. For example, I can request a /28, a /16, or a /8 (there are other ranges) of addresses. I will get a range of addresses from Azure. Note that until the prefix is assigned, there is no pre-determination what the address range will be – you find out what the actual addresses are when the prefix is created.
Once you have the addresses you can approach your network & security teams and pre-create rules to allow outbound (or inbound, if required) access.
A public IP address prefix in Azure [Image Credit: Aidan Finn]
A sequence of 3 pre-known public IP addresses in Azure [Image Credit: Aidan Finn]
Public IP Address Prefix launched in Preview at Microsoft Ignite in a limited number of regions:
advertisment
More regions will be added over time. The preview currently requires that you use a special preview flight (version) of the Azure Portal – without it, you cannot create PIPS from the prefix allocation.
More from Aidan Finn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
System Center 2022 is Now Available with New Datacenter Management Capabilities
Apr 4, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group