2

I'm looking to create endpoints (if that's what its still being called) using the Resource Management deployment mode (arm mode). I am currently using Resource Management deployment mode to create virtual machines in Azure since every article practically recommends that as the preferred way. I created an Ubuntu Linux VM in Azure in hopes to really use Azure as a cloud platform for Linux VMs. Despite the new azure portal constantly evolving (with documentations that could surely improve), I managed to create endpoints via Network Security Group (NSG) resource using the new azure portal. However, I am still unable to create endpoints (if that's what its even called anymore) via the Azure CLI... I just get "error: 'endpoint' is not an azure command. See 'azure help'." message. I've read the Azure docs enough to know that I need to execute azure login command and also execute azure config mode arm command since I used the Resource Management deployment mode to create my vm. when I enter the command azure vm --help, I don't see information regarding vm create endpoint, which leads me to believe this command is not supported for Resource Management mode.

How would I create endpoints, or more specifically Inbound security rules, using Azure CLI if I created an Ubuntu Linux VM using Resource Management deployment mode?

kimbaudi
  • 13,655
  • 9
  • 62
  • 74

1 Answers1

3

In ARM mode, endpoint is not available for VM. Instead, you can add a inbound rule to your ARM Network Security Group. Here is how it looks like.

azure network nsg rule create --protocol tcp --direction inbound --priority 1000 \
--destination-port-range 22 --access allow -g TestRG -a TestNSG -n SSHRule

The above command add a rule to the NSQ named TestNSG in resource group TestRG. The rule is named SSHRule which allows TCP inbound traffic through the port 22 with priority 1000.

For more information, see the "Manage rules" of "Manage NSGs using the Azure CLI"

Jack Zeng
  • 2,257
  • 12
  • 23
  • Yes, ARM mode doesn't have concept of "endpoints" like ASM mode. Instead, ARM has Network security groups (NSG) and I needed to use the `azure network nsg rule create` command using Azure CLI. I think its important to also mention that to execute this command, you need to make sure you are in ARM mode. You can do this by entering `azure config mode arm` after you login to Azure CLI (`azure login`). The way I found out whether I was in ARM or ASM mode was to enter `azure help`, which printed out which mode I was in. – kimbaudi Jun 06 '16 at 22:35
  • Also, to find out more information about the `azure network nsg rule create` command using Azure CLI, first make sure you are in ARM mode (`azure config mode arm`) and then enter `azure network nsg rule create --help`, which will give you info on the available options for that command. I was able to create an Inbound security rule to allow port 80 for my Resource group named UbuntuRG and Virtual machine named UbuntuVM using the following command: `azure network nsg rule create -g UbuntuRG -a UbuntuVM -n web-rule -c Allow -p Tcp -r Inbound -y 200 -f Internet -o * -e * -u 80` – kimbaudi Jun 06 '16 at 22:39