Download Azure Virtual Network

Microsoft is making available to customers as of December 14 the next version of its high-performance-computing (HPC) software, known as HPC Pack 2012. (As part of its move to simplify and reduce the number of Windows Server SKUs, Microsoft is no longer providing a Windows Server HPC product. Instead, it is providing the HPC functionality as a supplement to Windows Server.) Microsoft's HPC software allows users to run HPC applications on HPC clusters that include on-premises compute nodes, part-time servers and resources running on Windows Azure. Microsoft fourth "major" version of the software includes support for Windows Server 2012 (as head nodes, compute nodes, broker nodes and unmanaged server nodes) and Windows 8 (as clients and workstation nodes). HPC Pack 2012 also includes the ability to install a head node on the preview of Windows Azure Virtual Machine, enabling an entire cluster to run "in the cloud," according to a new post on the HPC Team blog. "Using the Preview release of Windows Azure Virtual Machine, an administrator or independent software vendor (ISV) can create and run an HPC cluster and workload fully in Windows Azure with only minimal or no investment in on-premises infrastructure," according to the company. The domain controller for the cluster can be either on-premises or running on Windows Azure. "You can add Windows Azure compute nodes to the cluster in the same way that you add Windows Azure nodes to an on-premises HPC cluster," said the "What's New" article on TechNet. HPC Pack 2012 provides the ability to deploy compute nodes in Windows Azure where Windows Azure Virtual Network is present, the Softies noted. (Azure Virtual Network, codenamed "Project Brooklyn," provides connectivity between enterprise networks and the cloud.) The fine print: "You can use HPC Pack 2012 to deploy nodes in Windows Azure deployments in which Windows Azure Virtual Network is available. Virtual Network securely extends your enterprise network to Windows Azure, which allows applications that run on Windows Azure nodes to access resources on the enterprise network. With Virtual Network, you can build traditional site-to-site virtual private networks (VPNs) to scale data centers, and create hybrid applications that span from an on-premises HPC cluster to Windows Azure. This feature provides applications with the means to access files in shared folders, and to access servers for license validation." Other new features in HPC Pack 2012: The ability to increase cluster robustness by adding more than two head nodes in a failover cluster group; single installion of all features previously split between the Express, Enterprise, Workstation and/or Cycle Harvesting editions; and overall performance and reliability updates. HPC Pack 2012 is available for download from the Microsoft Download Center. The HPC space remains a battleground for Windows and Linux, as it has been since well before the release of HPC Pack 2012's predecessor, Windows High-Performance Computing Server 2008 R2 in 2010 and its SP2 update last year. Editorial standards

Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Restrict managed disks from being imported or exported Article09/25/2024 In this article -->This article provides an overview of your options for preventing your Azure managed disks from being imported or exported.Custom roleTo limit the number of people who can import or export managed disks or snapshots using Azure RBAC, create a custom RBAC role that doesn't have the following permissions:Microsoft.Compute/disks/beginGetAccess/actionMicrosoft.Compute/disks/endGetAccess/actionMicrosoft.Compute/snapshots/beginGetAccess/actionMicrosoft.Compute/snapshots/endGetAccess/actionAny custom role without those permissions can't upload or download managed disks.Microsoft Entra authenticationIf you're using Microsoft Entra ID to control resource access, you can also use it to restrict uploading of Azure managed disks. When a user attempts to upload a disk, Azure validates the identity of the requesting user in Microsoft Entra ID, and confirms that user has the required permissions. To learn more, see either the PowerShell or CLI articles.Private linksYou can use private endpoints to restrict the upload and download of managed disks and more securely access data over a private link from clients on your Azure virtual network. The private endpoint uses an IP address from the virtual network address space for your managed disks. Network traffic between clients on their virtual network and managed disks only traverses over the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet. To learn more, see either the portal or CLI articles.Azure policyConfigure an Azure Policy to disable public network access to your managed disks.Configure the Network access policyEach managed disk and snapshot has its own NetworkAccessPolicy parameter that can prevent the resource from being exported. You can use the Azure CLI or Azure PowerShell module to set the parameter to DenyAll, which prevents the resource from being exported. --> Feedback Additional resources In this article

Share via Code Sample 07/06/2022 This sample demonstrates how to create a Linux Virtual Machine in a virtual network that privately accesses Azure File Share and an ADLS Gen 2 blob storage account using two Azure Private Endpoints. Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your virtual network, effectively bringing the service into your virtual network. The service could be an Azure service such as Azure Storage, Azure Cosmos DB, SQL, etc. or your own Private Link Service. For more information, see What is Azure Private Link?. For more information on the DNS configuration of a private endpoint, see Azure Private Endpoint DNS configuration.ArchitectureThe following picture shows the architecture and network topology of the sample.The ARM template deploys the following resources:Virtual Network: this virtual network has a single subnet that hosts an Linux (Ubuntu) virtual machineNetwork Security Group: this resource contains an inbound rule to allow the access to the virtual machine on port 22 (SSH)The virtual machine is created with a managed identity which is assigned the contributor role at the resource group scope levelA Public IP for the Linux virtual machineThe NIC used by the Linux virtual machine that makes use of the Public IPA Linux virtual machine used for testing the connectivity to the storage account via a private endpointA Log Analytics workspace used to monitor the health status of the Linux virtual machineAn ADLS Gen 2 storage account used to store the Azure File ShareAn ADLS Gen 2 storage account used to store the boot diagnostics logs of the virtual machine as blobsA Private DNS Zone for File Storage Account private endpoints (privatelink.file.core.windows.net)A Private DNS Zone for Blob Storage Account private endpoints (privatelink.blob.core.windows.net)A Private Endpoint to let the virtual machine access the Azure File Share via a private IP addressA Private Endpoint to let the virtual machine store boot diagnostics logs to the second storage account via a private IP addressA Private DNS Zone Group for the File Storage Account private endpointA Private DNS Zone Group for the Blob Storage Account private endpointThe PrivateDnsZoneGroup resource type establishes a relationship between the Private Endpoint and the Private the privatelink.* DNS zone for the name resolution of the fully qualified name of the resource referenced by the Private Endpoint.When creating a Private Endpoint, the related A record will automatically be created in the target Private DNS Zone with the private IP address of the network interface associated to the Private Endpoint and the name of the Azure resource referenced by the Private EndpointWhen deleting a Private Endpoint, the related A record gets automatically deleted from the corresponding Private DNS Zone.The two storage accounts are accessed via a different endpoint, hence their private endpoints need different Private DNS Zone:Storage ServiceZone NameBlob serviceprivatelink.blob.core.windows.netFile serviceprivatelink.file.core.windows.netFor more information, see Use private endpoints for Azure Storage.The ARM template uses the Azure Custom Script Extension to download and run the following Bash