WHY US

What's Hyperconvergence?

Why Hyperconvergence?

Who's Virtual SAN?

What's Software-Defined Storage?

Why Software-Defined Storage?

Who's HCI Appliance?

What's All-Flash Exactly?

Why All-Flash Exactly?

Who's Virtual Tape Library?
Hyperconverged Infrastructure

The best-in-class HCI building blocks

Software-Defined Storage

Unlock the full potential of your hardware

Data Protection

Safeguard your valuable assets

Free Tools

Enhance your productivity at no cost

HCI Appliance
Modern data center building block. A powerful, easy-to-use hyperconverged platform

Request a quote Request a quote

Virtual HCI Appliance
Exact set of software components powering our HCI appliance, pre-packaged and ready to install on your own hardware

Virtual HCI Appliance Free
Self-supported, KVM-based version of StarWind Virtual HCI Appliance, available for free

Virtual SAN
“Software replaces hardware” for SAN, application that eliminates a requirement in a physical shared storage

Download Download

Virtual SAN Free
Experience all the essential features in a self-supported, free version of StarWind VSAN

NVMe-oF Initiator
High-performance NVMe over Fabrics initiator for Windows

NVMe-oF Initiator Free
Essential features of NVMe-oF Initiator, available at no cost

Backup Appliance
All-in-one choice to safeguard your mission-critical data.

Book a demo

Virtual Tape Library
“Software replaces hardware” for tape libraries with cloud backup capabilities.

VTL Appliance
Immutable, ransomware-proof backup and archive target.

Virtual Tape Library Free
All the essentials features of StarWind VTL, for free

V2V Converter / P2V Converter
Free, simple, reliable and fast Virtual-to-Virtual, Physical-to-Virtual, and Any-to-Cloud conversion tool.

Download

Tape Redirector
Free and simple utility for exporting local tapes as iSCSI targets.

RDMA Performance Benchmark
Free tool for measuring performance of RDMA-capable networks.

Deduplication Analyzer
Free tool to analyze the data duplication ratio and forecast savings.

RAM Disk
Create ultra-high-performance virtual disks using RAM as a storage, for free.
Pricing

Our Vision

Licensing Models
Resources

Use Cases

Webinars

White Papers

Best Practices

Success Stories

Release Notes

Technical Papers
Blog
SUPPORT

Community Forums

FAQ

Knowledge Base

Product Lifecycle

StarWind VSAN Help

Product Security

StarWind V2V Help

System Requirements

Contact Support

If you encounter any challenges or technical issues with StarWind products, we encourage you to reach our Technical Support department.

Submit Ticket
Partners

OEM Solutions

Become a Reseller

Find a Reseller

VAR Portal
About us

Management

Certifications

Events

Our Customers

Press Releases

Product Reviews

Contact us
- - DE
  - ES
Book a demo

Home
Blog
Protecting Azure Virtual Machines using Just in time VM access

StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Find out how HCI cuts down virtualization costs and complexity

Protecting Azure Virtual Machines using Just in time VM access

August 7, 2019
5 min read

Nicolas Prigent

IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.

IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.

What is Just in Time VM Access?

Just in time VM access enables you to lock down your VMs in the network level by blocking inbound traffic to specific ports. It enables you to control the access and reduce the attack surface to your VMs, by allowing access only upon a specific need.

How does it work?

Upon a user request, based on Azure RBAC, Security Center will decide whether to grant access. If a request is approved, Security Center automatically configures the NSGs to allow inbound traffic to these ports, for the requested amount of time, after which it restores the NSGs to their previous states.

Let’s see how to configure Just in Time VM Access. First, navigate to the “Security Center” blade and click “Just in Time VM Access”:

By default, no Virtual Machines are configured for JIT VM Access. You need to enable the feature, so select the “Recommended” tab:

You should see your Virtual Machines in the following list. Select the VM for which the Just in Time VM Access must be enabled:

To enable the feature, you must configure the ports for which the JIT VM Access will be applicable. By design, there are some recommended ports:

In my case, I removed these ports and click “Add” to add a new one:

You can configure a max request time, which is the time remote access will be available for this protocol.

Once the port is added to the configuration, you can notice in the “Configured” tab that your Virtual Machine is visible:

What does it mean? You can now try to run a remote session to this Virtual Machine through the RDP protocol but it will not work because 3389 is not allowed in the NSG.

In order to allow access through 3389, we need to request an access. Go back to the security center blade and click “Request Access”:

Now, you can open the port and you also can allow an IP range for 1 hour.

Let’s try once again to run the RDP session to this Virtual Machine, and now it works because 3389 is allowed in the NSG.

Conclusion

Azure Just in Time is a great and helpful feature that allow or deny access to your machines in Azure. Thanks to JIT VM Access, accessing to your Azure servers will be more secure.

Hey! Found Nicolas’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?

Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager

Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!