Azure Cloud – Can Azure Cloud Servers Use Customer-Owned IPs?

amazon-web-servicesazurecloudnetworking

Question: Can Microsoft Azure servers appear to use customer-owned public IP addresses?

My company is migrating on-premise VMs to Azure cloud. Some of our servers use static public IPv4 addresses (from our IP range). In Azure, I understand they'll be reallocated public IPs from a Microsoft range.

The problem is many partners whitelist our IPs in their firewall. If these IPs change, our integrations are likely to break.

Instead, can Azure servers route connections using the original IPs?

EDIT: AWS seems to offer this. Does Azure have similar functionality?

For inbound connections, would advertising the original IPv4 address and forwarding connections to an Azure load balancer work? How about outbound connections — can outbound traffic from Azure VMs be routed so it appears to originate from a non-Azure IP?

Best Answer

You can't bring your own public IP to Azure, a workaround is to route all traffic via VPN or Expressroute.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm

Forced tunneling lets you redirect or "force" all Internet-bound traffic back to your on-premises location via a Site-to-Site VPN tunnel for inspection and auditing. This is a critical security requirement for most enterprise IT policies. Without forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from Azure network infrastructure directly out to the Internet, without the option to allow you to inspect or audit the traffic. Unauthorized Internet access can potentially lead to information disclosure or other types of security breaches.

In this case all inbound and outbound traffic would still use your current on-premise infrastructure.

If you can get you partners to whitelist new IP's you can allocate a range of public IP's that will "belong" to you in Azure and never change.

https://azure.microsoft.com/en-us/updates/preview-public-ip-prefix/

A Public IP prefix is a reserved range of static IP addresses that can be assigned to your subscription. You can use a prefix to simplify IP address management in Azure. Knowledge of the range ahead of time eliminates the need to change firewall rules as you assign IP addresses to new resources. This predictability significantly reduces management overhead when scaling in Azure.

Related Topic