Private Ports in Azure Virtual Machine

Question

What is the concept of Private Ports in Azure Virtual Machines? What is its key advantage or use case. There scenarios I checked that for the RDP endpoint the Public Port is 3389 and private is takes up some random port number.

In order to access the VM via RD, I am forced to open that private port as well to access that. In few places I have seen for an HTTP endpoint both Private Port and Public port are made 80 for access?

What is the theory behind this?

Answer 1

Windows Azure places all of your Virtual Machines behind a load balancer. All of your virtual machines can open outbound connections. For inbound connections, you need to explicitly open ports in the firewall. These are input endpoints and instance input endpoints:

• Input endpoints are used when you'll load-balance traffic across virtual machines (e.g. a web server)
• Instance input endpoints would allow you to have a connection straight to a specific virtual machine (e.g. a database server)

Now, regarding public and private ports: Public ports are the port numbers exposed to the outside world. So for a web site, maybe that's port 80. You can then map that port to a port on the virtual machine itself. Maybe you run your web server on port 8000 for some reason. In this case, you can map public port 80 to private port 8000.

Now imagine SSH. SSH likes to listen on port 22. But if you have, say, 3 Linux vm's in a single service, there's simply no way to access all of them on port 22, since they all share an ip address. Therefore you'd need a specific port number for each machine. In this case, you'd assign, say, port 20000 to vm1, 21000 to vm2, etc. on the public port side, as an Instance Input Endpoint pointing to a specific virtual machine instance at port 22 on the private port side.

Hopefully that makes some sense... :)