如何将公共静态IP地址设置为存储帐户？

Question

我有一个Azure存储帐户，其blob端点为：'mystorageaccountname.blob.core.windows.net‘(和队列等)。我想选择一个静态IP地址，因为我的一些更热心的客户只想通过防火墙分配一组已知的IP地址。我已经向他们提供了我的Azure区域的Azure IP范围列表，但是他们不想分配这么广泛的范围。

1 Azure门户添加新资源"A public IP address is a dynamic or static IP address that you can assign to virtual machines, load balancers, and virtual network gateways to communicate with the Internet. Your public IP addresses are associated with your Azure subscription, and can be moved freely between Azure resources. The address of dynamic public IP address may change when dissociated and moved between resources, or when the associated resource is shutdown or deleted. You can use a static public IP address to ensure that the assigned address remains the same, even if the associated resource is shutdown or deleted.

In the Classic deployment model, a public IP address was named an instance-level public IP (ILPIP) address when assigned to a virtual machine or role instance directly, and a virtual IP address (VIP) when assigned to a cloud service. Furthermore, a reserved IP address could be associated to the VIP of a cloud service to ensure that the assigned address remained the same even if its virtual machines or deployments were stopped. These concepts have now been unified in the Resource Manager deployment model with the public IP address resource.

","isPrivate":false,"hasPrivateOffer":false,"isMacc":true,"isPreview":false,"isByol":false,"isCSPEnabled":true,"isCSPSelective":false,"isThirdParty":false,"isStopSell":false,"isReseller":false,"hasFreeTrials":false,"marketingMaterial":[],"version":"1.1.5","metadata":{"leadGeneration":null,"testDrive":null},"categoryIds":["networking"],"screenshotUris":[],"links":[{"id":"0","displayName":"Service overview","uri":"https://docs.microsoft.com/azure/virtual-network/virtual-network-public-ip-address"},{"id":"1","displayName":"Pricing details","uri":"http://azure.microsoft.com/pricing/details/ip-addresses/"}],"filters":[],"plans":[{"id":"PublicIPAddress-ARM","displayName":"Public IP address","summary":"An IP address that can be used with virtual machines and load balancers.","description":"

A public IP address is a dynamic or static IP address that you can assign to virtual machines, load balancers, and virtual network gateways to communicate with the Internet. Your public IP addresses are associated with your Azure subscription, and can be moved freely between Azure resources. The address of dynamic public IP address may change when dissociated and moved between resources, or when the associated resource is shutdown or deleted. You can use a static public IP address to ensure that the assigned address remains the same, even if the associated resource is shutdown or deleted.

In the Classic deployment model, a public IP address was named an instance-level public IP (ILPIP) address when assigned to a virtual machine or role instance directly, and a virtual IP address (VIP) when assigned to a cloud service. Furthermore, a reserved IP address could be associated to the VIP of a cloud service to ensure that the assigned address remained the same even if its virtual machines or deployments were stopped. These concepts have now been unified in the Resource Manager deployment model with the public IP address resource.

","restrictedAudience":{},"skuId":"PublicIPAddress-ARM","planId":"PublicIPAddress-ARM","legacyPlanId":"Microsoft.PublicIPAddress-ARM","keywords":[],"type":"None","leadGeneration":null,"testDrive":null,"categoryIds":["networking"],"conversionPaths":[],"metadata":{},"uiDefinitionUri":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/UIDefinition.json","artifacts":[{"name":"PublicIPAddress","uri":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/PublicIPAddress.json","type":"Template"}],"version":"1.1.5","itemName":"PublicIPAddress-ARM","isPrivate":false,"isHidden":false,"hasFreeTrials":false,"isByol":false,"isFree":false,"isPayg":false,"isStopSell":false,"cspState":"OptIn","isQuantifiable":false,"purchaseDurationDiscounts":[],"upns":[],"hasRI":false,"stackType":"ARM"}],"selectedPlanId":"PublicIPAddress-ARM","iconFileUris":{"small":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Small.png","medium":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Medium.png","large":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Large.png","wide":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Wide.png"},"itemType":"Single","hasNoProducts":true,"hasNoPlans":false,"privateBadgeText":null,"createBladeType":1,"offerType":"None","useEnterpriseContract":false,"hasStandardContractAmendments":false,"standardContractAmendmentsRevisionId":"00000000-0000-0000-0000-000000000000","supportUri":null,"galleryItemAccess":0,"privateSubscriptions":[],"isTenantPrivate":false,"hasRIPlans":false}/id/PublicIPAddress-ARM/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false)"">公共IP地址A public IP address is a dynamic or static IP address that you can assign to virtual machines, load balancers, and virtual network gateways to communicate with the Internet. Your public IP addresses are associated with your Azure subscription, and can be moved freely between Azure resources. The address of dynamic public IP address may change when dissociated and moved between resources, or when the associated resource is shutdown or deleted. You can use a static public IP address to ensure that the assigned address remains the same, even if the associated resource is shutdown or deleted.

In the Classic deployment model, a public IP address was named an instance-level public IP (ILPIP) address when assigned to a virtual machine or role instance directly, and a virtual IP address (VIP) when assigned to a cloud service. Furthermore, a reserved IP address could be associated to the VIP of a cloud service to ensure that the assigned address remained the same even if its virtual machines or deployments were stopped. These concepts have now been unified in the Resource Manager deployment model with the public IP address resource.

","isPrivate":false,"hasPrivateOffer":false,"isMacc":true,"isPreview":false,"isByol":false,"isCSPEnabled":true,"isCSPSelective":false,"isThirdParty":false,"isStopSell":false,"isReseller":false,"hasFreeTrials":false,"marketingMaterial":[],"version":"1.1.5","metadata":{"leadGeneration":null,"testDrive":null},"categoryIds":["networking"],"screenshotUris":[],"links":[{"id":"0","displayName":"Service overview","uri":"https://docs.microsoft.com/azure/virtual-network/virtual-network-public-ip-address"},{"id":"1","displayName":"Pricing details","uri":"http://azure.microsoft.com/pricing/details/ip-addresses/"}],"filters":[],"plans":[{"id":"PublicIPAddress-ARM","displayName":"Public IP address","summary":"An IP address that can be used with virtual machines and load balancers.","description":"

A public IP address is a dynamic or static IP address that you can assign to virtual machines, load balancers, and virtual network gateways to communicate with the Internet. Your public IP addresses are associated with your Azure subscription, and can be moved freely between Azure resources. The address of dynamic public IP address may change when dissociated and moved between resources, or when the associated resource is shutdown or deleted. You can use a static public IP address to ensure that the assigned address remains the same, even if the associated resource is shutdown or deleted.

In the Classic deployment model, a public IP address was named an instance-level public IP (ILPIP) address when assigned to a virtual machine or role instance directly, and a virtual IP address (VIP) when assigned to a cloud service. Furthermore, a reserved IP address could be associated to the VIP of a cloud service to ensure that the assigned address remained the same even if its virtual machines or deployments were stopped. These concepts have now been unified in the Resource Manager deployment model with the public IP address resource.

","restrictedAudience":{},"skuId":"PublicIPAddress-ARM","planId":"PublicIPAddress-ARM","legacyPlanId":"Microsoft.PublicIPAddress-ARM","keywords":[],"type":"None","leadGeneration":null,"testDrive":null,"categoryIds":["networking"],"conversionPaths":[],"metadata":{},"uiDefinitionUri":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/UIDefinition.json","artifacts":[{"name":"PublicIPAddress","uri":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/PublicIPAddress.json","type":"Template"}],"version":"1.1.5","itemName":"PublicIPAddress-ARM","isPrivate":false,"isHidden":false,"hasFreeTrials":false,"isByol":false,"isFree":false,"isPayg":false,"isStopSell":false,"cspState":"OptIn","isQuantifiable":false,"purchaseDurationDiscounts":[],"upns":[],"hasRI":false,"stackType":"ARM"}],"selectedPlanId":"PublicIPAddress-ARM","iconFileUris":{"small":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Small.png","medium":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Medium.png","large":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Large.png","wide":"https://catalogartifact.azureedge.net/publicartifacts/Microsoft.PublicIPAddress-ARM-1.1.5/Wide.png"},"itemType":"Single","hasNoProducts":true,"hasNoPlans":false,"privateBadgeText":null,"createBladeType":1,"offerType":"None","useEnterpriseContract":false,"hasStandardContractAmendments":false,"standardContractAmendmentsRevisionId":"00000000-0000-0000-0000-000000000000","supportUri":null,"galleryItemAccess":0,"privateSubscriptions":[],"isTenantPrivate":false,"hasRIPlans":false}/id/PublicIPAddress-ARM/resourceGroupId//resourceGroupLocation//dontDiscardJourney~/false)"">公共IP地址，允许我为虚拟网络网关添加公共静态IP地址( VNG ?)。我可以将所有流量通过VNG重新路由到虚拟存储端点吗？“

2: Azure API管理可以配置为公共静态IP，然后添加“通过”路由。

每个客户端的app.config都需要更新"AzureWebJobsStorage“才能通过API路由为每个端点类型发送请求，使用'显式存储端点连接字符串‘

3:替代APIm: dotnet作为托管在Azure WebApp上的反向代理，并以这种方式管理重路由。

也在Azure Docs问题论坛和StackOverflow上发布

Answer 1

您不能将公共IP直接分配给存储帐户，它们只能通过名称引用，而vNet网关对此没有帮助。您可以将一个代理放在存储帐户的前面，如App，并让它代理所有流量到存储帐户，这可能会奏效。然而，对于这个问题，这是一个复杂而昂贵的解决方案，应该通过对DNS名称的客户过滤而不是IP来解决，而大多数防火墙已经能够这样做了一段时间。

如果您的客户是Azure客户，那么使用他们自己的vNets，您还可以查看私有端点，这将允许他们将存储帐户连接到他们的vNet并通过私有IP访问它。