How to handle common network for cloud enabled business

Rui Cabral 1 Reputation point
2021-10-05T13:50:03.717+00:00

Hello,
One of the business scenarios that I face is that often our teams need to access client systems, which are made available after whitelisting IP addresses. In traditional environments, even when operating behind a VPN, normally the external-facing endpoint was not just an IP, it would normally be a network, which often is a challenge when asked to provide one single IP for whitelisting.

Currently, with fully could-based businesses, with 0 infrastructure, there is no VPN to connect to. Most teams are connected directly to the internet and sharing private connections with public IPs not only is not the right thing to do but also is not sustainable when it comes to business continuity.

I often go back to the thinking where I can use virtual desktops or DaaS to address this gap, but is this the only way, or are there other ways to address these challenges?

How are you addressing these challenges?

Thank you

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,458 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,305 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 24,666 Reputation points Microsoft Employee
    2021-10-05T22:01:17.86+00:00

    Hello @Rui Cabral , Thank you for reaching out. As per my understanding of the question due to the ongoing Pandemic many of the employees are working remotely and as they need access to client VMs they have to provide an Public IP of their home network so that it can be whitelisted, but due to remote work it is not always feasible to provide a single IP. Please correct me if my understanding is wrong.

    Based on my understanding above there are some services which can help you in this case:

    1. Azure Bastion Service : This service provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software. Azure Bastion and VNet peering can be used together and it supports Global virtual network peering which provides ability to transfer data between virtual networks across Azure subscriptions. You can go though this document on leveraging Azure Bastion for remote work.
    2. Azure Virtual WAN : Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. For remote users you can set Point to Site VPN connections using IKEv2 and SSTP protocols.

    You can also use Virtual Desktop Infrastructure as already mentioned by you. You can also go through this document which primarily describes how you can leverage Azure networking services, Microsoft network, and the Azure partner ecosystem to work remotely and mitigate network issues that you might be facing because of the COVID-19 crisis.

    Hope this helps. Please let me know if you have any additional concerns or questions. Thank you!

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.