I recently had the opportunity to see an Azure OMS demo by Ryan Zoeller from the Microsoft Cloud and Enterprise Black Belt team. Ryan mentioned in passing the challenges of setting up remote access to demo virtual machines. At one extreme, the networking can be configured to allow access from anywhere, which opens up a potential attack vector. At the other extreme, networking can be locked down tight, but that limits your ability to access them during a demo at a client’s site. Everything in between is complicated and requires actual work.
I wanted a better solution, so I built one. I’m not doing any of the actual work in the middle ground, I’m just building a utility script to make more effective use of one of the extremes.
We can lock down the Azure network security group(s) (NSGs) for our Azure VMs. Then, when we need to connect to them from a new location, we just run a short snippet of PowerShell code to make the necessary changes to the NSGs, allow us to connect.
The full code and a detailed explanation of how it works is available here.