Skip to content

Commit 69f75b5

Browse files
JJJessieWangJJJessieWang
authored
Update batch-virtual-network.md
1 parent 3405439 commit 69f75b5

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

articles/batch/batch-virtual-network.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,11 +70,13 @@ Batch creates a network security group (NSG) at the network interface level of e
7070
In order to provide the necessary communication between compute nodes and the Batch service, these NSGs are configured such that:
7171

7272
* Inbound TCP traffic on ports 29876 and 29877 from Batch service IP addresses that correspond to the BatchNodeManagement.*region* service tag. This rule is only created in `classic` pool communication mode.
73-
* Inbound TCP traffic on port 22 (Linux nodes) or port 3389 (Windows nodes) to permit remote access for SSH or RDP on default ports, respectively. For certain types of multi-instance tasks on Linux, such as MPI, you may need to allow SSH traffic for IPs in the subnet containing Batch compute nodes. Certain MPI runtimes may require launching over SSH, which is typically routed on private IP address space. This traffic might be blocked per subnet-level NSG rules.
7473
* Outbound any traffic on port 443 to Batch service IP addresses that correspond to the BatchNodeManagement.*region* service tag.
7574
* Outbound traffic on any port to the virtual network. This rule might be amended per subnet-level NSG rules.
7675
* Outbound traffic on any port to the Internet. This rule might be amended per subnet-level NSG rules.
7776

77+
> [!TIP]
78+
> For pools created using API version previous than `2024-07-01`, remote access rules also be configured. Inbound TCP traffic on port 22 (Linux nodes) or port 3389 (Windows nodes) to permit remote access for SSH or RDP on default ports, respectively.
79+
7880
> [!IMPORTANT]
7981
> Use caution if you modify or add inbound or outbound rules in Batch-configured NSGs. If communication to the compute nodes in the specified subnet is denied by an NSG, the Batch service will set the state of the compute nodes to **unusable**. Additionally, no resource locks should be applied to any resource created by Batch, because this can prevent cleanup of resources as a result of user-initiated actions such as deleting a pool.
8082

0 commit comments

Comments
 (0)