Skip to content

Josh's IT-Blog

Information Technology, and other interesting things …

  • Home
  • About
  • Contact
  • Links

Azure Automation Hybrid Worker behind a Firewall / Proxy

Posted on 24. March 201620. October 2020 By Burkard Josh
Automation, Microsoft Azure

One nice feature of Azure Automation is the Hybrid Worker. With the Hybrid Worker you can execute Runbooks inside your onPremise infrastructure. according to the official documentation or at John Hennen’s post, you have to open your FireWall for outbound traffic to *.cloudapp.net for this ports 443,9354,30000-30199.

Azure Automation Hybrid Worker Traffic

When i told this requirement to our security-team, they weren’t very enthusiastic about the wildcard rule for *.cloudapp.net. So i have to search another solution.

To configure the Microsoft Monitoring Agent to use your proxy services, go to the Control Panel → System and Security → Microsoft Monitoring Agent and then go to the Proxy Settings tab:

MSOMS-ProxySettings

after confiring the Proxy ettings, you can configure the Workspace ID and Key:

2016-03-22_15-24-09Now, you have to run one Job on the new Hybrid Worker, which will fail cause of additional needed firewall exceptions.

Inside the Hybrid Worker server in the directory %AllUsersProfile%\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\ you will find for each Runbook-Job a SubDirectory (for example 5hrotqyb.mz5). Inside this directory, there is one file with the file-extension *.SandboxID. Open this file, and you would found the Value “sandboxHubEndpointDetail”, inside which is the Server-URL. in my case net.tcp://oaas-prod-wes1.cloudapp.net:30016/AzureRunbookWorker/16/SandboxManager/12345678-1234-1234-1234-123456789012

now you should create an outbound firewall rule like this:

 Source: your internal Server IP
Destination URL: oaas-prod-wes1.cloudapp.net
Protocol: TCP
Destination Ports: 9354, and 30000-30199

 

Share this:

  • Facebook
  • Twitter
  • Email
  • Print

Post navigation

❮ Previous Post: daily Backup Report for SC DPM
Next Post: how to get the correct Virtual Disk for a VMware vm ❯

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

Categories

  • General (13)
  • Hardware (9)
    • Network (8)
      • Cisco (2)
    • Storage (2)
  • Microsoft Azure (1)
    • Automation (1)
  • PowerShell (1)
  • Software (1)
    • Excel (1)
  • System Center (19)
    • SCCM (3)
    • SCDPM (1)
    • SCOM (13)
    • SCSM (1)
    • SMA (1)
  • VMware (8)
  • Windows 2008 R2 (10)
    • Active Directory (7)
  • Windows 2012 R2 (1)
  • Windows 2016 (1)
  • Windows 7 (4)
    • BitLocker (1)
  • WordPress (1)

Links

  • Burkard-Fingerlin Family
  • Swisscom (Schweiz) AG
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

FOLLOW ME ON GITHUB

joshburkard (Josh Burkard)

Josh Burkard

joshburkard
Belgium
https://www.burkard.it
Joined on Jul 10, 2015
13 Public Repositories
0 Public Gists

Copyright © 2023 Josh's IT-Blog.

Theme: Oceanly by ScriptsTown

 

Loading Comments...
 

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.