Configure Private Access with Azure container instances
In this topic, you will learn how to configure the Portnox™ Private Access service to allow your users to access your private web applications hosted in Microsoft Azure and accessible within an Azure private network, by using a Docker container in an Azure container instance.
In this scenario:
-
You want your on-premises and remote users to be able to access private web applications that are hosted in Azure.
-
You need to host a Portnox Docker container in Azure, for example, in Azure container instances, and in the same Azure local network as the hosted web applications.
We assume that you have already configured Azure and that another container instance runs a web application, accessible via HTTP within your Azure local network.
Set up the Private Access gateway in Portnox Cloud
In this section, you will set up a Private Access gateway in Portnox Cloud, create a container instance in Azure, and run the Portnox Private Access Docker container.
-
In the top menu of Portnox Cloud,
select the Private Access option. Then, on the Private Access screen,
click on the + Create button and select the Create gateway
option.
-
In the Gateway details step, enter a name for this gateway in the
Gateway Name field, and in the Gateway Region field, select either
US Node or EU Node. Then, click on the Create and view
details button.
-
In the Provision container step, click on the Copy
command link under the displayed Docker command to copy the command to the clipboard.
-
Create an Azure container instance:
Set up the Private Access application in Portnox Cloud
In this section, you will set up a Private Access application in Portnox Cloud and configure it to access your private web application hosted in the same local network as the Docker container.
-
In the top menu of Portnox Cloud, select the Private Access option. Then, on the
Private Access screen, click on the + Create button and select
the Create application option.
-
On the Application details screen, enter a name for the application in the
Application Name field, and in the Gateway field, select the
gateway that you have just created.
Note: The Application Name must be a valid subdomain name, because the URL will be constructed using this name. You should only use lowercase letters, digits, and hyphens.
Result: If you want to use the Portnox URL, you can copy the URL for your application by clicking on the ⧉ icon.
- Optional:
If you want to use a URL in your own domain for the application:
-
In the IP, port and protocol section, enter the details of the hosted web application in the
IP Address, Port, and Protocol
fields.
Note: Use the IP address and port configured in your Azure instance that hosts your application. Ensure that the Docker container and the web application instance use the same Azure virtual network.
- Optional: In the Policy assignments section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
- Click on the Save button to save your configuration.
Result: Your users can now access your private web application by typing the URL in their browser, as long as they are enrolled with AgentP. AgentP will validate their certificate and provide access based on Portnox Cloud access and risk assessment policies.