Bekker's Blog by Scott Bekker, Editor in Chief

Blog archive

Microsoft Shrinks Azure Stack's Attack Surface

In a move that could significantly reduce Azure Stack's attack surface and simplify network integration, Microsoft is consolidating a number of ports for the hybrid cloud platform.

Specifically, Microsoft plans to collapse port requirements for various Azure services running on Azure Stack from 27 different ports to just one. The services will communicate via Port 443, the standard port for HTTP over TLS/SSL. The change will take effect in an upcoming release, according to a Microsoft announcement last Friday.

Microsoft positions Azure Stack as a key differentiator versus other major public cloud providers, in that customers can run an integrated hardware and software system that is supposed to offer the exact same platform as Microsoft's Azure public cloud, but in a private datacenter. The approach enables customers to use the same application code in the public cloud and on the private cloud.

Early demand for the technology includes edge environments, disconnected environments, customers with specialized security requirements and those with specific compliance concerns. Hardware partners currently offering the 4-12 node integrated systems include Cisco, Dell EMC, Hewlett Packard Enterprise, Huawei and Lenovo.

Because it runs the same underlying code as Azure in the public cloud, Azure Stack supports a number of Azure services. Up until now, Microsoft has added the functionality for each service to its Azure Stack portal via a portal extension using a separate network port.

In the announcement, Thomas Roettinger, senior program manager for Azure Stack, acknowledged customer pushback for managing and securing multiple ports. "As the number of Azure services increases, so do the number of ports that must be opened on a firewall that supports Azure Stack," Roettinger said.

Following in Azure's footsteps, the Azure Stack will soon adopt a so-called Extension Host technology to funnel all the ports through Port 443. "In its first release, the User and Admin portal default extensions have moved to this model, thereby reducing the number of ports from 27 to one. Over time, additional services such as the SQL and MySQL providers will also be changed to use the Extension Host model," Roettinger said.

The change will be fully implemented with the 1810 update of the Azure Stack. In preparation, Azure Stack customers will need to import a pair of wild card SSL certificates, one for the admin portal and one for the tenant portal.

The current build, 1807, was only released a few days ago, and Roettinger suggested users have some time to prepare. New deployments of Azure Stack will require the wild card certificates sometime in September, he said.

Posted by Scott Bekker on August 13, 2018


Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Google To Acquire Cloud Startup Wiz for $32 Billion

    Google has announced a pending agreement to acquire Wiz Inc., a cloud security platform, in an all-cash deal worth $32 billion.

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

Most   Popular