Attaching a static public IP address to a VM
When a public IP address is attached to a VM, all network ports on that VM allow inbound and outbound access to and from the public Internet.
Because there is a greater security risk in exposing a VM to the public Internet, consult your network administrator before using a public IP address.
- Public IP address access may be disabled by your administrator.
- To learn more about other options for sharing a VM with external users, see Accessing VM desktops.
How to attach a static public IP address to a VM
To attach a static public IP address to a VM
Navigate to the VM Settings > Network Adapters page for the VM you want to edit.
Where is that?
Navigate to the environment.
Click (Settings) for the VM you want to edit.
If the Settings button isn’t visible, you don’t have permission to edit the VM settings. Work with your instructor or Skytap administrator to edit these settings.
The VM Settings page displays. Click the Network Adapters tab.
Click Add Static Public IP.
Public IP addresses can’t be attached to network adapters on Manual networks. If Add Static Public IP is missing, create an automatic network, attach the VM to it, and then repeat the steps above to add the public IP address on the new network adapter.
A window displays the public IP addresses available to your account and their status:
Status Description Unattached The IP address is available and not attached to any VMs. Attached The IP address is attached to a VM. You can attach the same public IP address to multiple VMs. Deployed The IP address is attached to a running VM. You can’t attach a public IP address that is deployed.
- A public IP address can be attached to multiple VMs, but it can be actively deployed on only one VM at a time. The public IP address is deployed when someone runs one of the VMs the public IP is attached to. While the public IP address is deployed, users can't run any of other VMs that the public IP address is attached to.
- If a public IP is attached to other VMs, the UI displays the number of environments and templates the public IP address is attached to, as well as all owners of those resources. Click on an owner's name to display the owner's contact information.
- If no public IP addresses are available, contact your account administrator to request that they add a static public IP address to your account.
- Click Attach Public IP to attach an IP address.
You may need to configure the VM guest OS to accept incoming connections.
A guest OS typically has a software-based firewall that blocks most connections to a VM by default. Even if you attach a public IP address to a VM, you may not be able to connect to the VM unless you change the firewall rules to allow incoming connections.
- For information about configuring firewall rules for your guest OS, see the guest OS documentation.
- For information about Windows Firewall Rules, see Understanding Firewall Rules and Configuring Firewall Rules.
Also see Protecting a VM that is exposed to the internet or compromised.
Accessing the VM via its public IP address
When the VM is running, it’s accessible from the public Internet via the IPv4 address you attached.
Notes about connecting to the public IP address:
- From within the VM
Skytap routes traffic from the public IP address to the VM local IP address via Network Address Translation (NAT). Within the VM, the public IP isn't visible to the guest OS or applications running on the VM. For example, if you're logged into a firewall appliance VM that is attached to a public IP address, you'll need to access the appliance's web interface from the VM local IP address (example: 10.0.0.1).
- From other VMs in the same environment
Generally, a VM can't ping a public IP address that's attached to another VM in the same environment. VMs on the same network must communicate to each other using their private network IP addresses. For more information, see Can I connect to a public IP address or published service from another VM in the same environment?
Can I register a static public IP with a DNS service?
Skytap doesn’t provide managed DNS services for static public IP addresses. However, because a public IP address is an externally-facing IP address, you can register it with your own public or private DNS registrar.
If you choose to register the public IP address, carefully monitor the static public IP address to ensure that it stays connected to a specific VM within your account. If the public IP address becomes attached to another machine, or if it’s released from your account, you should update your DNS entry. Released IP addresses are distributed to other customers; they can’t be recovered.
If you need a DNS name for a VM, we highly recommend using a dynamic public IP address with a Skytap-managed DNS name. For more information, see What is the difference between static public IPs and dynamic public IPs with DNS?
Can I attach a public IP address to a VM that is also connected to a Skytap VPN or Private Network Connection?
Yes. Public IP addresses can be added to an environment that is connected to a VPN or Private Network Connection (WAN). You should exercise caution to prevent security issues from exposing the environment and WAN to the public Internet.
What happens when I save the VM in a template?
The same static public IP address is attached to any VMs created from the template. When a static public IP address is attached to multiple VMs, only one of those VMs can run at a time.