Oct 5, 2023 10:00:07 PM

VM Internet Access Retiring

In September 2025, the current method for outbound internet access on virtual machines (VM) in Azure will be retired. After this date, new VMs (including session hosts) that require internet access will need to use explicit outbound connectivity methods.

Currently in Azure, VMs that are created in a virtual network without a defined explicit outbound method are assigned a default public IP address that enables internet connectivity. Microsoft recommends transitioning to an explicit outbound method for all VM's thus standardizing environments.

The three different options for upgrading are:

1. Add an Azure NAT Gateway to applicable subnets
2. Add an Azure Network Load Balancer (NLB)
3. Directly attach a public IP address to each network interface (PIP)

MyCloudIT recommends option-three for deployments with only one session host. For deployments with multiple session hosts MyCloudIT and Microsoft recommend option-one. We recommend only using static public IP addresses.

Note: For MyCloudIT deployments option two already configured on the DMZ subnet (hosting the RDGW VM) so no change is required for this VM or subnet.

It is critical with any of the three options each subnet has a network security group (NSG) with appropriate rules.

The pricing for this upgrade will be the cost of Public IP addreess and the NAT gateway. As of writing this article a NAT gateway cost is about $1 per day plus 4.5 cents per GB. The cost of a public IP address is about 12 cents per day.

See: https://azure.microsoft.com/en-au/pricing/details/azure-nat-gateway/

See: https://azure.microsoft.com/en-au/pricing/details/ip-addresses/

Please see related article: https://mycloudit.com/learn/load-balancer-as-basic-sku-retires

MyCloudIT are able to assist with these upgrades if required. Please contact support.