how to public web in azure for security ?

%3CLINGO-SUB%20id%3D%22lingo-sub-532648%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-532648%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20don%E2%80%99t%20understand%20your%20question%2C%20please%20tell%20me%20more.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3CBR%20%2F%3EHannes%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-525566%22%20slang%3D%22en-US%22%3Ehow%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-525566%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20current%20i%20created%20one%20vnet%20with%20these%20subnet%20with%20below%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B-%20Database%20Subnet%20%3A%20contain%20VM%20database%20server%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B-%20Web%20Subnet%20%3A%20contain%20VM%20IIS%20web%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20-%201%20NSG%20for%20level%20subnet%20assign%20for%20database%20subnet%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B-%201%20NSG%20for%20level%20subnet%20assign%20for%20web%20subnet%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bafter%20I%20create%201%20VM%20database%20in%20Database%20SUbnet%20and%201%20VM%20Web%20in%20Web%20subnet%20.%20Configure%20web%20connected%20to%20database%20and%20from%20VM%20Web%20I%20can%26nbsp%3B%20open%20browser%20and%20access%20web%20ok%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bnow%20I%20want%20public%20web%20site%20to%20outsite%20(Internet)%20can%20access%20this%20web%20then%20I%20should%20how%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BI%20am%20reading%20on%20web%20then%20see%20more%20way%20but%20as%20need%20add%20more%20subnet%20as%20DMZ%20or%20add%20NVA%20or%26nbsp%3BAzure%20load%20balancer%20....very%20more%20option%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bplease%20recommend%20help%20me%20best%20practice%20and%20security%20about%20this%20case%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-525566%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-532836%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-532836%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289860%22%20target%3D%22_blank%22%3E%40Hannes_LG%3C%2FA%3E%26nbsp%3B%3A%20i%20just%20updated%20my%20question%20detail%20.thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-533376%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-533376%22%20slang%3D%22en-US%22%3EYour%20welcome%2C%20I%20guess%20I%20can%20help%20you%2C%20but%20I%20want%20to%20understand%20your%20situation%20in%20detail.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-533551%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-533551%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EMy%20situation%20only%20want%20out%20site%20can%20access%20url%20as%20%3CA%20href%3D%22http%3A%2F%2Ftestweb.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftestweb.com%3C%2FA%3E%20.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-551687%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-551687%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234118%22%20target%3D%22_blank%22%3E%40Tien%20Ngo%20Thanh%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuick%20question.%20Why%20are%20you%20not%20using%20app%20services%20and%20Azure%20SQL%20for%20your%20site%3F%20Why%20are%20you%20using%20VM's%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20need%20to%20use%20VM's%20then%20your%20web%20server%20will%20need%20to%20have%20a%20public%20IP%20address.%20you%20would%20then%20configure%20your%20NSG%20to%20allow%20port%20443%20(secure%20web)%20to%20the%20web%20server.%20As%20you%20only%20have%20one%20web%20server%20you%20will%20not%20need%20a%20load%20balancer%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-551763%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-551763%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50205%22%20target%3D%22_blank%22%3E%40Richard%20Hooper%3C%2FA%3E%26nbsp%3B%3A%20i%20want%20migrate%20to%20vm%20after%20that%20then%20move%20later%20.%20I%20will%20try%20configure%20%2C%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-551797%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20public%20web%20in%20azure%20for%20security%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-551797%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F234118%22%20target%3D%22_blank%22%3E%40Tien%20Ngo%20Thanh%3C%2FA%3E%26nbsp%3BLet%20me%20know%20how%20you%20get%20on.%20If%20you%20need%20any%20help%20etc%20let%20me%20know.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hello

      current i created one vnet with these subnet with below

     - Database Subnet : contain VM database server

     - Web Subnet : contain VM IIS web 

      - 1 NSG for level subnet assign for database subnet

     - 1 NSG for level subnet assign for web subnet

     after I create 1 VM database in Database SUbnet and 1 VM Web in Web subnet . Configure web connected to database and from VM Web I can  open browser and access web ok 

       now I want public web site to outsite (Internet) can access this web then I should how ? 

       I am reading on web then see more way but as need add more subnet as DMZ or add NVA or Azure load balancer ....very more option 

       please recommend help me best practice and security about this case

Best Regards,

Thanks

7 Replies
Highlighted
Hi,

I don’t understand your question, please tell me more.

Regards,
Hannes
Highlighted

@Hannes_LG : i just updated my question detail .thanks

Highlighted
Your welcome, I guess I can help you, but I want to understand your situation in detail.
Highlighted

My situation only want out site can access url as http://testweb.com .

Highlighted

@Tien Ngo Thanh 

Quick question. Why are you not using app services and Azure SQL for your site? Why are you using VM's?

 

If you need to use VM's then your web server will need to have a public IP address. you would then configure your NSG to allow port 443 (secure web) to the web server. As you only have one web server you will not need a load balancer etc.

 

Highlighted

@Richard Hooper : i want migrate to vm after that then move later . I will try configure , thanks

Highlighted

@Tien Ngo Thanh Let me know how you get on. If you need any help etc let me know.