Is it possible to share access to closed resources in Azure/Aws(access opened via IP) from my public server which has static ip?
I have current setup map
I need to connect to my aws servers via my public server.
Create a VPN connection between your static server and AWS. Check out the documentation https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html
Create an ssh tunnel or RDP connection to the webserver, then you will be able to connect the databases from there. Generally, this is the purpose of a bastion host.
Related
If I peer two Bastion VMs via VNet, and run a web application on one VM, will I be able to access its REST url from the other VM? Is there a charge involved for this type of access?
Sorry that I couldn't find it in me to understand all that jargon about ingress, egresss and gateways. I just want the simple answer to my question.
Can someone let me know if its possible to connect or PING a Databricks Cluster via its public ip address?
For example I have issued the command ping --all-ip-addresses and I get the ip address 10.172.226.115.
I would like to be able to PING that ip address(10.172.226.115) from my on-premise PC (or connect to the cluster with an application using the ip address?
Can someone let me know if that is possible?
That public IP is not guaranteed to be your cluster; unless somehow you've installed Databricks into your own cloud provider account, where you fully control the network routes, it would be connecting to Databricks managed infrastructure where the public ip would likely be an API gateway or router that serves traffic for more than one account
Note: just because you can ping Google DNS with outbound traffic doesn't mean inbound traffic from the internet is even allowed through the firewall
connect to the cluster with an application
I'd suggest using other Databricks support channels (i.e their community forum) to see if that's even possible, but I thought you're just supposed to upload and run code within their ecosystem. At least, for the community plans
Specifically, they have a REST API to submit a remote job from your local system, but if you want to be able to send data back to your local machine, I think you'd have to write and download from DBFS or other cloud filesystem
I've created a virtual machine on Google Cloud Platform following this manual.
I was able to create an SSH connection from my local machine to the VM and set it up to host a publicly available R Shiny App. Now I'm wondering if there is any way to access my local machine from the VM using this SSH connection. This would be a problem if the server gets hacked, maybe because I wasn't able to correctly configure security settings (I'm not too experienced with this). Or is this a "one-way" connection to the VM and the other way is blocked, e.g. by my personal firewall?
Any suggestion would help. Thanks!
An SSH connection requires that the target machine have a public SSH key that are used to identify an incoming client that has the corresponding private SSH key. If you can SSH from your local PC to a GCP Compute Engine (CE) then your local PC has a copy of the private key and the compute engine has the public key. This is one-way connection. There is no symmetry in a connection originating from the compute engine. To be able to SSH into your local PC then:
Your local PC needs to has SSH server installed.
Your local PC needs to have the public part of an SSH key pair configured.
The client needs to have the private part of an SSH key pair available.
The client needs to know your IP address.
There needs to be a network route to your local PC from the client.
Your firewall needs to permit the incoming client on the port that the SSH server is listening (default 22)
Unless the above are all satisfied, there should be no mechanism to allow a compromised compute engine to open a shell "back into" your local PC.
When you create a VPN connection with Amazon VPC, Amazon offers a configuration file for different router brands. This file can be downloaded as soon as the VPN creation is done.
So the natural procedure is to start the configuration process in Amazon and then just run the provided commands in your router.
My question is, can you do it the other way around? Is there a way to modify the VPN settings in Amazon based on my physical router settings? Or are Amazon VPN settings just read-only?
Yes, you can modify various VPN settings in Amazon.
For an existing VPN connection, you can edit the static routes for your connection from the VPC Console (in the navigation pane, choose VPN Connections) - see Editing Static Routes for a VPN Connection.
You can also specify many options when manually setting up a new VPN connection - see Setting up the VPN Connection in the Amazon VPC documentation.
For more general info on Amazon VPC/VPN connectivity options, see the Amazon Virtual Private Cloud Connectivity Options whitepaper.
I have deployed my ASP.NET WebForms application (Azure Web Role) on Azure virtual network. I have been told by the IAAS team that the subnet which I have used needs Proxy XX.XX.XX.XX:8080 for accessing the application from the internet. If it's a virtual machine I can add proxy xlass, but I am not able to add the proxy class in service configuration file and added it in application web.config, but still it's opening from public internet and not able to connect to RDP.
Please help me with this.
Thanks
RDP wouldn't require a proxy that I'm aware. I imagine you match the same config as mentioned here to set your ACLs (too many images and not enough text to copy here)
http://blogs.msdn.com/b/walterm/archive/2014/04/22/windows-azure-paas-acls-are-here.aspx
If you really are trying access for RDP check out the following. If just web access, the above should work.
http://www.cloudcomputingadmin.com/articles-tutorials/windows-azure/azure-virtual-networks-and-cloud-services-part3.html
As per
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-rdp-detailed-troubleshoot/
Source 3: Cloud service endpoint and ACL
To eliminate the cloud service endpoint and ACL as being the source of issues or misconfiguration for virtual machines created using the Service Management API, verify that another Azure virtual machine that is in the same cloud service or virtual network can make Remote Desktop connections to your Azure virtual machine.
If you do not have another virtual machine in the same cloud service or virtual network, you can easily create a new one. For more information, see Create a virtual machine running Windows in Azure. Delete the extra virtual machine when you are done with your testing.
If you can create a Remote Desktop connection with a virtual machine in the same cloud service or virtual network, check for these:
The endpoint configuration for Remote Desktop traffic on the target virtual machine. The private TCP port of the endpoint must match the TCP port on which the Remote Desktop Services service on the virtual machine is listening, which by default is 3389.
The ACL for the Remote Desktop traffic endpoint on the target virtual machine. ACLs allow you to specify allowed or denied incoming traffic from the Internet based on its source IP address. Misconfigured ACLs can prevent incoming Remote Desktop traffic to the endpoint. Examine your ACLs to ensure that incoming traffic from your public IP addresses of your proxy or other edge server is allowed. For more information, see What is a Network Access Control List (ACL)?.
To have public internet connectivity into your worker role you need one of the following:
A public IP address (https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/) associated to the worker role instance (or)
A public endpoint configured to expose a specific port (https://azure.microsoft.com/en-us/documentation/articles/load-balancer-overview/)
If you use Network Security Group, please ensure that you have appropriate ACLs opened up to allow connection from Internet.
Thanks