none
Adding HPC Azure Nodes - firewall ports (what is the destination)? RRS feed

  • Question

  • We have a sizable HPC 2012 cluster on-premises and thus far it's been working great for about 1.5 years / no major issues to report... now we're looking to expand it as we have numerous large to very large jobs that only run several times a year. Hence, I'm researching adding compute nodes in Azure and have a question:

    I looked at the (https://technet.microsoft.com/library/ff919486.aspx#BKMK_AzurePorts) and it seems like you need port 443 and 3389 opened, which is fine. However, our network security team wants a source (i.e. our servers) and DESTINATION - wherever I look, I'm not able to find it.

    Does anybody know what is the actual destination that the firewall rule would have to be setup for? Surprised that this isn't mentioned anywhere in the documentation, I've literally looked everywhere....

    Thanks in advance!
    Saturday, August 13, 2016 4:00 PM

Answers

  • Hi,

      443 is used for service communication, and 3389 is for remote RDP. To be specific, the ports mentioned on the link you mentioned is for the azure nodes in the cloud which will be automatically configured by our deployment. All communications are outbound from on premise headnode to the cloud (proxy node and azure storage) through 443 port.

      The source should be your public network on your headnode which reaches out to cloud service. The destination should include two parts:

    1. The HPC Cloud service that hosts the azure compute nodes, this usually looks like <yourCloudServiceName>.cloudapp.net
    2. The Storage account which usually be <yourStorageAccount>.blob.core.windows.net, <yourStorageAccount>.table.windows.net and <yourStorageAccount>.queue.core.windows.net

      And if your company has strict access rule (No outbound to internet), then you can look into VPN or ExpressRoute which we also support.

       And if you have problems doing the deployment, you an reach us through hpcpack@microsoft.com . And sorry for not having complete documentation for our solutions.

    Qiufang Shi

    • Marked as answer by phil954 Wednesday, August 17, 2016 12:01 AM
    Monday, August 15, 2016 3:59 AM

All replies

  • Hi,

      443 is used for service communication, and 3389 is for remote RDP. To be specific, the ports mentioned on the link you mentioned is for the azure nodes in the cloud which will be automatically configured by our deployment. All communications are outbound from on premise headnode to the cloud (proxy node and azure storage) through 443 port.

      The source should be your public network on your headnode which reaches out to cloud service. The destination should include two parts:

    1. The HPC Cloud service that hosts the azure compute nodes, this usually looks like <yourCloudServiceName>.cloudapp.net
    2. The Storage account which usually be <yourStorageAccount>.blob.core.windows.net, <yourStorageAccount>.table.windows.net and <yourStorageAccount>.queue.core.windows.net

      And if your company has strict access rule (No outbound to internet), then you can look into VPN or ExpressRoute which we also support.

       And if you have problems doing the deployment, you an reach us through hpcpack@microsoft.com . And sorry for not having complete documentation for our solutions.

    Qiufang Shi

    • Marked as answer by phil954 Wednesday, August 17, 2016 12:01 AM
    Monday, August 15, 2016 3:59 AM
  • Excellent - thank you very much! # 1 and # 2 below are exactly what I was looking for.

    Wednesday, August 17, 2016 12:01 AM