Forum Discussion

SRAJAKUMARM365AZURE's avatar
SRAJAKUMARM365AZURE
Copper Contributor
Jul 27, 2020

Is using Remote Access Services (RAS) Gateway on Azure is recommended?

Hi,   I need your inputs.   We have an Azure subscription where we are hosting retail applications. The retail application is hosted on Azure VMs.  The requirement is to publish the retail applic...
azure
Azure Resource Management
networking
virtual network
pazdedav's avatar
pazdedav
MVP
Jul 30, 2020

Hi SRAJAKUMARM365AZURE ,

 

I agree with Peter_Beckendorf that Azure AD Application Proxy is a great alternative to traditional reverse proxy solutions, especially if you want to publish web application.

 

In case a VPN is a hard requirement, you could still use Azure VPN Gateway (and have either P2S connections from your users regardless of their location, or S2S VPN from their office network) and restrict access to the VNet where you are hosting your retail app using NSGs. In a typical scenario, you have a VNet with a GatewaySubnet (where you host your VPN GW) and then one or several other subnets, where you host your workloads. By applying an NSG on the workload subnet, permitting only TCP/443 or TCP/80 (depends on your configuration) protocol/port for inbound, you can control what "services" will your remote users have available.

 

There are other products and solutions in the Azure Marketplace you could use as your VPN gateway, but majority of my customers prefer a managed service (Azure VPN Gateway), so they don't need to manage that component (typically an appliance running on Azure VM) themselves. But it all depends on your requirements, organizational capabilities, etc.

 

Best regards,

David