0

I have a quick question regarding deploying a configuration in ARM mode.

I want to have two app servers behind a load balancer, with a database server on the same subnet.

Creating the load-balancer and rules for this seems to be working fine, but I have an issue with trying to access my database server via SSH.

I originally wanted to set up SSH access to my database server by setting up an inbound NAT rule to forward a port from my database server to the load balancer. This would allow me SSH access to my database via my DNS name and a specific port.

However, It seems you cannot forward a port to a load balancer outside of the machines availability set.

I don't want to have my database server in the same availability set as my app server as you should have an availability set per tier.

But I don't particularly want to give my database server a full public IP address and DNS name either, as it shouldn't really be accessible outside its own subnet.

If I have an availability set per tier, does that mean I also must have a public IP address per tier to allow for SSH access to each machine?

What is the recommended way to set up a configuration like this, with SSH access to each machine spread across avaiability sets?

Dalaigh88
  • 392
  • 3
  • 13
  • bastion host, ssh through other host, public ip address to db host, forward some port to first availability set vm and forward that port on a vm to ssh port on a db server? there are tons of ways to achieve this, but how do you expect to connect to something without exposing it to the internet? – 4c74356b41 Nov 14 '16 at 12:46
  • Cant SSH through other host, as I need that SSH port accessible publicly for chef automation. SSHing through my app server via port forwarding would probably achieve this, but _feels_ a bit wrong. I can assign a public IP and DNS name for the Data Tier, but again, I suppose it just feels wrong to fully expose my DB to the Internet... This is probably the solution I will use unless I there is a better solution.... – Dalaigh88 Nov 14 '16 at 13:02
  • well, you deliberately do not want to give access to your server and yet you want to have access... you must believe in miracles ;) – 4c74356b41 Nov 14 '16 at 13:05
  • My issue isn't making my server available on the internet. I would like both my app server and database to be available behind a load balancer using a single DNS name. My question was wheather this is possible if the app server and db server are in different avaiablility sets... But thanks for your input anyway.... – Dalaigh88 Nov 14 '16 at 13:22
  • not with different availability sets, i believe – 4c74356b41 Nov 14 '16 at 13:25

0 Answers0