Share via

Static vs Dynamic IP address for Azure VM

MG 21 Reputation points
2021-11-23T17:57:55.173+00:00

hi,

I would like to share some thoughts.

Should I use static or (default) dynamic private IP addresses for IAAS Azure VM's like Domain Controllers, DNS Servers, Application Servers and other important infrastructure Servers.

I mean not setting a fixed address within the operating system but on the Azure virtual nic.

I found this:

5-plan-addressing

Blockquote

Static vs dynamic addressing
IP addresses can also be statically assigned or dynamically assigned. Static IP addresses do not change and are best for certain situations such as:
DNS name resolution, where a change in the IP address would require updating host records.
IP address-based security models that require apps or services to have a static IP address.
TLS/SSL certificates linked to an IP address.
Firewall rules that allow or deny traffic using IP address ranges.
Role-based VMs such as Domain Controllers and DNS servers.

Another link:

3-azure-public-private-ip-addressing

Blockquote

Private IP addresses
Private IP addresses are used for communication within an Azure Virtual Network, including virtual networks and your on-premises networks. Private IP addresses can be set to dynamic (DHCP lease) or static (DHCP reservation).
Dynamic private IP addresses are assigned through a DHCP lease and can change over the lifespan of the Azure resource.
Static private IP addresses are assigned through a DHCP reservation and don't change throughout the lifespan of the Azure resource. Static private IP addresses persist if a resource is stopped or deallocated.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
Accepted answer
  1. Ravi Kanth Koppala 3,391 Reputation points Microsoft Employee Moderator
    2021-11-24T02:55:49.583+00:00

    @MG ,

    Both Static IP and Dynamic IP come with some advantages and some disadvantages, and which one t use is a debatable topic. Some enterprises have clear cloud guidelines on what services to be in static IP (like FTP server, Email Server, VPN, etc.) and what services/devices can be on dynamic IP. Microsoft also recommends such suggestions. For example, Don't assign a public IP address to your virtual machine, Instead, use a VPN or Azure Bastion to connect to the device. By default, a virtual machine (VM) is automatically assigned a private IP address from your specified range. This range is based on the subnet in which the VM is deployed. The VM keeps the address until the VM is deleted. Azure dynamically assigns the following available private IP address from the subnet you create a VM in. I recommend having a static IP address to the services where a change can bring down the service. So, you better have a static IP within your subnet for the Domain Controllers, DNS Servers, Application Servers, and other essential infrastructure Servers. So, The virtual machine must have a static IP address (within the subnet), and the primary DNS server must point to the on-premises domain controller.

    I hope that helps.

    Please 'Accept as answer' if the provided information is helpful to help others in the community looking for help on similar topics.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.