Hello everybody,
When working with AVD, having outbound internet access seems the most logical thing to have. Users expect to have their browser working and IT admin rely on the internet access for patching, OS activation and many other things.
Well Microsoft decided to take away this standard right called Default Outbound internet access. You can read the announcement here.
After March 31st, all new virtual machines won’t have default outbound internet access, meaning the It admin has to foresee this.
Now, to provide the virtual machine outbound access to the internet, the IT admin has several options. The IT admin can add public ip’s to the session host but this is a very bad idea. Route all the traffic to the internet is also a very good and secure options. Only thing to think about it the SNAT exhaustion.
The last option is to add an Azure NAT Gateway to the network. This resource will make sure that your Azure virtual machines can access the internet. In the past the NAT Gateway was a zonal resource. This means that you had to deploy a NAT Gateway in each zone your virtual machines were in. With the new NAT Gateway, you only need to deploy one gateway in your region.
Let’s see how the deployment works. Search for NAT Gateways in the top search bar and select the Create button.
Select your Subscription, Resource group, give your NAT Gateway a name and choose the Standard V2 deployment.
The Gateway needs to be associated with a public ip address. You can select an existing one or choose here to create a new public ip.
The next step is to associate the NAT gateway with your virtual network and to specific subnets.
After the deployment, we can check the properties of the NAT Gateway. Here we see the associate virtual network, SKU and amount of subnets associated.
Now that the NAT Gateway is associated, all the outbound traffic from the AVD session hosts in the connected subnets will pass the gateway and you won’t have issues after the deadline from 31st of March.
If you have any questions about this change, feel free to reach out.
Until next time.