Azure two VM’s in cloud service, can not RDP to one


I am new to Azure and trying to setup our companies testing environment in Azure.

As I understand it for two machines to talk to each other in Azure they need to be in the same cloud service, i.e. our web server and DB server.

So I have created a service, then created each of the VM's in that service. They are both running. In the endpoints I can see:

web server:

HTTP           TCP       80           80             -
HTTPS          TCP       443          443            -
PowerShell     TCP       5986         5986           -
Remote Desktop TCP       50232        3389           -

db server:

MSSQL          TCP            1433         1433          -
PowerShell     TCP            54327        5986          -
Remote Desktop TCP            52459        3389          -

in the cloud service the input areas

protoApp : 123.456.789.227:80
protoApp : 123.456.789.227:443
protoApp : 123.456.789.227:5986
protoApp : 123.456.789.227:50232
protodb : 123.456.789.227:1433
protodb : 123.456.789.227:54327
protodb : 123.456.789.227:52459

I can connect to the protodb server but not the protoapp server (on the given ports).

There are two / three questions really.

  1. Should they both be in the same cloud service?
  2. Should the live DB and web server be in a seperate cloud server (not created them yet)
  3. Can anyone think of a reason why I can no longer MSTSC / rdp to one of the machines, even though the endpoints say its all fine, the machine is running and the cloud service says it has it as an endpoint.

Best Answer

You're asking multiple questions, as you're pointing out yourself. I'll try and touch on all of them:

  1. A "Cloud Service" is meant to be a logical grouping of identical servers. Effectively, a cloud services means a single external ip address. You can easily form a load balanced farm of web servers inside the same cloud service for instance, or if you have servers that shouldn't be publicly accessible there is no harm in putting them in there as well. You're not allowed to publish an endpoint on the same port for multiple servers withouth this being a load-balanced set (of identical servers).

  2. A more flexible way of doing things is by using virtual networks. Here you have more control over the internal ip addressing, and you're able to put servers in different cloud services inside the same virtual network. If you had 4 frontend servers and 2 backend db servers, I would probably create a virtual network for all of them, and then group them into two different cloud services, one for web and one for db. But that's just me - Azure is flexible, and meant to be that way.

  3. You should absolutely be able to RDP to both of your servers. As you can see, they are assigned a unique public port which is translated to the default RDP port (3389) on the vm, so you should be able to hit both. Maybe there's something wrong with the OS or the Windows Firewall running on the vm itself.