How to access private VMs within an azure virtual network

Question

Say I have an azure deployment with a Vnet, a loadbalancer with a public IP and two VMs behind it with private IPs.

If I want to access these VMs from outside of the vnet via SSH e.g. to gather logs, or to otherwise manage, either from another vnet in azure or from somewhere completely external, do I then have to have public IPs on the nics for those VMs as well? That feels a bit odd. How are private vms in a vnet usually accessed? Do you just have another VM within the same vnet with a public IP that you can use to access the private VMs? Or do I need to set up a VPN between two vnets in azure, or the vnet and another external network?

evilSnobu evilSnobu · Accepted Answer · 2016-08-24T13:53:23

Do you just have another VM within the same vnet with a public IP that you can use to access the private VMs?

That's one way to do it - also called a jump box. Make sure you use some kind of 3rd party multi factor authentication if you don't restrict access on public IP space.

Another way would be to create a Dynamic/Route-Based VPN Gateway in the VNET and Point-to-site from your office computer, or a Site-to-Site VPN if your management is carried from more than a few machines.

Docs here:

Point-to-Site - https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-point-to-site-create/

Site-to-Site - https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-site-to-site-create/

How to access private VMs within an azure virtual network

1 Answers