You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/batch/security-best-practices.md
+3-4Lines changed: 3 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,7 +69,7 @@ Batch management operations via Azure Resource Manager are encrypted using HTTPS
69
69
70
70
### Batch pool compute nodes
71
71
72
-
The Batch service communicates with a Batch node agent that runs on each node in the pool. For example, the service instructs the node agent to run a task, stop a task, or get the files for a task. Communication with the node agent is enabled by one or more load balancers, the number of which depends on the number of nodes in a pool. The load balancer forwards the communication to the desired node, with each node being addressed by a unique port number. By default, load balancers have public IP addresses associated with them. You can also remotely access pool nodes via RDP or SSH (this access can be enabled by setting [InboundNatPool](/rest/api/batchmanagement/pool/create#inboundnatpool) during pool creation).
72
+
The Batch service communicates with a Batch node agent that runs on each node in the pool. For example, the service instructs the node agent to run a task, stop a task, or get the files for a task. Communication with the node agent is enabled by one or more load balancers, the number of which depends on the number of nodes in a pool. The load balancer forwards the communication to the desired node, with each node being addressed by a unique port number. By default, load balancers have public IP addresses associated with them. You can also remotely access pool nodes via RDP or SSH, see [Configure remote access to compute nodes in an Azure Batch pool](azure/batch/pool-endpoint-configuration).
73
73
74
74
#### Batch compute node OS
75
75
@@ -158,15 +158,14 @@ For more information, see [Create a pool without public IP addresses](simplified
158
158
159
159
#### Limit remote access to pool nodes
160
160
161
-
Pools created using API version previous than `2024-07-01`, Batch by default allows a node user with network connectivity to connect externally to a compute node in a Batch pool by using RDP or SSH.
161
+
Pools created using API version earlier than `2024-07-01`, Batch by default allows a node user with network connectivity to connect externally to a compute node in a Batch pool by using RDP or SSH. You can limit the remote access by creating you pools using API with version `2024-07-01` or later.
162
162
163
-
To limit remote access to nodes, use one of the following methods:
163
+
To limit remote access to nodes in pools created by API with version earlier than `2024-07-01`, use one of the following methods:
164
164
165
165
- Configure the [PoolEndpointConfiguration](/rest/api/batchservice/pool/add#poolendpointconfiguration) to deny access. The appropriate network security group (NSG) will be associated with the pool.
166
166
- Create your pool [without public IP addresses](simplified-node-communication-pool-no-public-ip.md). By default, these pools can't be accessed outside of the VNet.
167
167
- Associate an NSG with the VNet to deny access to the RDP or SSH ports.
168
168
- Don't create any users on the node. Without any node users, remote access won't be possible.
169
-
- Create your pools using API with version `2024-07-01` or later.
0 commit comments