Associate public IP addresses to resources

1.1 Design and Implement IP Addressing for Azure Resources

📘Microsoft Azure Networking Solutions (AZ-700)

1. What is a Public IP Address in Azure?

A public IP address in Azure is an IP that can be accessed from the Internet. Unlike private IPs, which are only reachable inside your Azure Virtual Network (VNet), public IPs let services be reachable externally.

  • Example in IT context:
    • A web server in Azure that needs to be accessed by clients worldwide must have a public IP.
    • Azure Load Balancers or Azure VPN Gateways that need to communicate over the Internet require public IPs.

2. Types of Public IP Addresses in Azure

When associating public IPs, you should know the types:

  1. Dynamic Public IP
    • Assigned automatically when the resource starts.
    • Can change if the resource is stopped and restarted.
    • Use case: Temporary testing servers or non-critical resources.
  2. Static Public IP
    • Assigned manually and does not change.
    • Use case: Production web servers, APIs, DNS records that need a fixed IP.
  3. SKU Types
    • Basic: Simple, fewer features. Supports a single availability zone.
    • Standard: More secure, supports zone redundancy, better for production workloads.

3. Azure Resources That Can Have a Public IP

You can associate public IPs with:

  • Virtual Machines (VMs)
    • Assign directly to a VM’s network interface (NIC) to allow direct Internet access.
    • Example: A VM hosting a public API.
  • Azure Load Balancer
    • Public IP is associated with the frontend configuration of the load balancer.
    • Example: Incoming traffic from the Internet to multiple VMs in a backend pool.
  • Azure Application Gateway
    • Public IP is associated with the gateway for web traffic routing.
    • Example: A web application fronted by Application Gateway with HTTPS.
  • Azure VPN Gateway
    • Public IP for establishing VPN connections with on-premises networks.
    • Example: Connecting a company office network to Azure securely.
  • Azure Bastion
    • Public IP is needed to allow remote RDP/SSH access to VMs without exposing their private IPs.

4. How to Associate a Public IP in Azure

Step 1: Create a Public IP

  • Go to Azure Portal → Create Resource → Networking → Public IP address.
  • Choose:
    • Name
    • SKU (Basic/Standard)
    • Assignment (Static/Dynamic)
    • IP version (IPv4 or IPv6)
    • Optional: DNS label

Step 2: Associate with a Resource

  • For a VM:
    • Go to VM → Networking → Network Interface → IP configurations → Associate public IP
    • Select the public IP you created.
  • For a Load Balancer or Application Gateway:
    • During configuration, attach the public IP to the frontend configuration.

Step 3: Verify

  • Check the resource’s IP configuration.
  • Ensure that the public IP is reachable (for VMs, you can test via RDP/SSH).

5. Important Considerations for the Exam

  • Static vs Dynamic: Know the difference and when to use each.
  • Association Options: Some resources (like Azure VMs, Load Balancers, and Application Gateways) require a public IP for Internet access.
  • SKU Limitations:
    • Basic: Cannot be used with Standard Load Balancers.
    • Standard: Must use Network Security Groups (NSGs) for security.
  • DNS Name Label: You can assign a public DNS name to your IP for easier access.
  • Costs: Static IPs and Standard SKUs usually cost more.
  • Security: Public IPs expose resources to the Internet; secure them with NSGs or firewalls.

6. IT Examples of Usage

  • Web Server: A VM running a web app needs a static public IP for client access.
  • Load Balancer: A public-facing load balancer distributes traffic to backend VMs; public IP is attached to its frontend.
  • VPN Gateway: A public IP is used to establish a secure IPsec VPN connection to an on-premises network.
  • Bastion Host: Public IP allows admins to securely connect to private VMs without exposing the VM to direct Internet access.

7. Exam Tips

  • Remember: Not all Azure resources can directly have a public IP.
  • Know how to attach a public IP to a VM, load balancer, Application Gateway, VPN Gateway, and Bastion.
  • Understand dynamic vs static IP assignment and Basic vs Standard SKUs.
  • Understand why a resource needs a public IP in terms of connectivity and accessibility.
  • Be ready for scenario-based questions where you have to decide whether to use a public IP and which type/SKU to choose.

Summary Table:

Resource TypePublic IP Needed?Assignment TypeNotes
Virtual MachineOptionalStatic/DynamicDirect Internet access
Load BalancerRequiredStatic/StandardFrontend config
Application GatewayRequiredStatic/StandardFrontend for web traffic
VPN GatewayRequiredStatic/StandardFor site-to-site VPN connectivity
Bastion HostRequiredStatic/StandardSecure RDP/SSH access to VMs
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by