Blog Post

Azure PaaS Blog
4 MIN READ

Configure remote access to compute nodes in an Azure Batch pool using Azure Portal

akshitavijay's avatar
akshitavijay
Icon for Microsoft rankMicrosoft
Jan 24, 2025

If configured, you can allow a node user with network connectivity to connect externally to a compute node in a Batch pool. For example, a user can connect by Remote Desktop (RDP) on port 3389 to a compute node in a Windows pool. Similarly, by default, a user can connect by Secure Shell (SSH) to port 22 to a compute node in a Linux pool.

As of API version 2024-07-01 (and all pools created after 30 November 2025 regardless of API version), Batch no longer automatically maps common remote access ports for SSH and RDP. If you wish to allow remote access to your Batch compute nodes with pools created with API version 2024-07-01 or later (and after 30 November 2025), then you must manually configure the pool endpoint configuration to enable such access.

In your environment, you might need to enable, restrict, or disable external access settings or any other ports you wish on the Batch pool. You can modify these settings by using the Batch APIs to set the PoolEndpointConfiguration property.

While creating the pool using Azure Portal, you need to create network address translation (NAT) pools and network security group (NSG) rule for configuring pool endpoint. Click on the Inbound NAT pool under the virtual network section. You can refer to the snippet below as a reference:

 

 

A window like the screenshot below will open to create NAT pool and NSG rule:

 

 

You can either click on +Add or use the default option given to add NAT pool for RDP/SSH from the template. This will open a new window to create the inbound NAT pool like the below snippet:

 

Complete the required fields as demonstrated in the screenshot above. For the backend port, enter 22 for SSH or 3389 for the Windows pool. Next, click on Network Security Group Rules. This action will open a window for creating NSG rules, as illustrated below:

 

 

Under the Access field, select Allow and assign a priority. In the Source Address Prefix field, you can specify the IP address or IP range for which you want to enable remote desktop access. If you wish to allow access from all addresses, enter *. Afterward, click Select. This action will return you to the previous page for creating the NAT pool. Verify all the details, then click OK and then click on select.

This process will add the necessary NAT pool and NSG rules to enable RDP access and configure the pool endpoint. Once completed, navigate to the node and click Connect. The IP address of the node will be displayed, which can be used to establish a remote desktop connection.

Configure remote access to nodes in an existing Batch pool

In this section we will learn how to establish remote access to nodes in an existing pool. To configure remote access to nodes in an existing pool, you need to update network configuration of the pool. You can modify these settings by using the Batch APIs to set the PoolEndpointConfiguration property. The pool endpoint configuration is part of the pool's network configuration.

Important Note:

It is required that Network configuration properties of a pool require the pool to be of size zero nodes to be accepted as part of the request to update. Hence, it is required to scaled down the pool to zero nodes first and then perform the update to configure remote access.

 

If you perform an update with active nodes in the pool, you will receive error like below,

"error": {

    "code": "PropertyCannotBeUpdated",

  "message": "A property that cannot be updated was specified as part of the request.\nRequestId:30e8eb47-6f99-42e1-9ac0-xxxxxxxx\nTime:2025-03-27T12:37:10.1152648Z",

    "target": "BatchAccount",

    "details": [

      {

        "code": "Reason",

        "message": "A property that cannot be updated was specified as part of the request."

      },

{

        "code": "PropertyName",

        "message": "networkConfiguration"

      },

      {

        "code": "PropertyPath",

        "message": "properties.networkConfiguration"

      }

    ]

  }

In this article we will learn how to update Pool network settings using Batch management API from portal.

  1. Sale down the pool to 0 nodes for which you want to configure remote access endpoint.
  2. Users can quickly make use of below link to use Try It option for Update API for Batch pool. Pool - Update - REST API (Azure Batch Management) | Microsoft Learn
  1. Provide all the details of your Batch account and pool.
  2. In the Request Body section, provide the below JSON details.

Use below JSON to configure the RDP endpoint on compute nodes in a Windows pool

{

  "properties": {

    "networkConfiguration": {

      "subnetId": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Network/virtualNetworks/xxxx/subnets/xxxx",

"endpointConfiguration": {

            "inboundNATPools": [

                {

                    "name": "RDP",

                    "protocol": "tcp",

                    "backendPort": 3389,

                    "frontendPortRangeStart": 7500,

                    "frontendPortRangeEnd": 8000,

                    "networkSecurityGroupRules": [

                        {

                            "priority": 150,

                            "access": "allow",

                            "sourceAddressPrefix": "*"

                        }

                    ]

                }

            ]

        }

    }

Use below JSON to configure the SSH endpoint on compute nodes in a Linux pool

{

  "properties": {

    "networkConfiguration": {

      "subnetId": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Network/virtualNetworks/xxxx/subnets/xxxx",

"endpointConfiguration": {

            "inboundNATPools": [

                {

                    "name": "SSH",

                    "protocol": "tcp",

                    "backendPort": 22,

                    "frontendPortRangeStart": 4000,

                    "frontendPortRangeEnd": 4500,

                    "networkSecurityGroupRules": [

                        {

                            "priority": 150,

                            "access": "allow",

                            "sourceAddressPrefix": "*"

                        }

                    ]

                }

            ]

        }

    }

  1. Click Run; you should see response code 200 which is success.

 

Now your pool is configured with remote access. You can also validate the settings from portal. Navigate to pool properties and check the network configuration to verify RDP/SSH port is configured.

Updated Apr 02, 2025
Version 4.0