Azure Hosting and Internal and Public addresses for Rock

Question

2

Azure Hosting and Internal and Public addresses for Rock

Brandon Gamache posted 10 Years Ago

Thank you for the replies on my previous webhosting question. I decided to try out Azure's free trial. Do you know how to get the internal and public addresses to work in Azure? The Azure site is crossroads.azurewebsites.net but during the install I put admin.crossroads.azurewebsites.net and public as crossroads.azurewebsites.net. The admin extension didn't work but public did. For the time being, I switched the internal and external around in the Database. I'm not certain if there is a feature in Azure that will allow me to add another subdomain or if it is a DNS issue that I need to play around with.

Also, from my previous question and Jon's answer, does Azure automatically comply with PCI or will we need to look at a VM or something else in Azure?

Thank you for any advice you are able to provide.

0
- Brandon Gamache replied 10 Years Ago
Thanks Jon. As you said, Azure is PCI Compliant but whether that covers Sites, I'm not certain.

http://www.windowsazure.com/en-us/support/trust-center/compliance/

"Windows Azure is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standards (DSS) as verified by an independent Qualified Security Assessor (QSA), allowing merchants to establish a secure cardholder environment and to achieve their own certification."

I can continue to look into but if someone is already a PCI expert, your help would be greatly appreciated.

Also here is Azure's customer guide for PCI Compliance: Windows Azure Customer PCI Guide
Edit Answer

Thanks Jon. As you said, Azure is PCI Compliant but whether that covers Sites, I'm not certain.  http://www.windowsazure.com/en-us/support/trust-center/compliance/ "Windows Azure is Level 1 compliant under the <a href="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.cmpgrp="body" ms.cmpnm="payment card industry (pci) data security standards (dss)" ms.cmptyp="link" ms.index="38" ms.interactiontype="1" ms.title="link | payment card industry (pci) data security standards (dss)" ms.uridomain="go.microsoft.com" ms.uripath="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.uriquery="?linkid=390165&clcid=0x409" style="color: rgb(0, 171, 236); text-decoration: none; -webkit-transition: all 0.1s ease-in-out; transition: all 0.1s ease-in-out; font-family: wf_segoe-ui_normal, 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 14px; line-height: 21px;">Payment Card Industry (PCI) Data Security Standards (DSS)</a> as verified by an independent Qualified Security Assessor (QSA), allowing merchants to establish a secure cardholder environment and to achieve their own certification." I can continue to look into but if someone is already a PCI expert, your help would be greatly appreciated.  Also here is Azure's customer guide for PCI Compliance: <a href="http://go.microsoft.com/fwlink/?linkid=389876&clcid=0x409">Windows Azure Customer PCI Guide</a>
Thanks Jon. As you said, Azure is PCI Compliant but whether that covers Sites, I'm not certain.  http://www.windowsazure.com/en-us/support/trust-center/compliance/ "Windows Azure is Level 1 compliant under the <a href="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.cmpgrp="body" ms.cmpnm="payment card industry (pci) data security standards (dss)" ms.cmptyp="link" ms.index="38" ms.interactiontype="1" ms.title="link | payment card industry (pci) data security standards (dss)" ms.uridomain="go.microsoft.com" ms.uripath="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.uriquery="?linkid=390165&clcid=0x409" style="color: rgb(0, 171, 236); text-decoration: none; -webkit-transition: all 0.1s ease-in-out; transition: all 0.1s ease-in-out; font-family: wf_segoe-ui_normal, 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 14px; line-height: 21px;">Payment Card Industry (PCI) Data Security Standards (DSS)</a> as verified by an independent Qualified Security Assessor (QSA), allowing merchants to establish a secure cardholder environment and to achieve their own certification." I can continue to look into but if someone is already a PCI expert, your help would be greatly appreciated.  Also here is Azure's customer guide for PCI Compliance: <a href="http://go.microsoft.com/fwlink/?linkid=389876&clcid=0x409">Windows Azure Customer PCI Guide</a>
Thanks Jon. As you said, Azure is PCI Compliant but whether that covers Sites, I'm not certain.  http://www.windowsazure.com/en-us/support/trust-center/compliance/ "Windows Azure is Level 1 compliant under the <a href="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.cmpgrp="body" ms.cmpnm="payment card industry (pci) data security standards (dss)" ms.cmptyp="link" ms.index="38" ms.interactiontype="1" ms.title="link | payment card industry (pci) data security standards (dss)" ms.uridomain="go.microsoft.com" ms.uripath="http://go.microsoft.com/fwlink/?linkid=390165&clcid=0x409" ms.uriquery="?linkid=390165&clcid=0x409" style="color: rgb(0, 171, 236); text-decoration: none; -webkit-transition: all 0.1s ease-in-out; transition: all 0.1s ease-in-out; font-family: wf_segoe-ui_normal, 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 14px; line-height: 21px;">Payment Card Industry (PCI) Data Security Standards (DSS)</a> as verified by an independent Qualified Security Assessor (QSA), allowing merchants to establish a secure cardholder environment and to achieve their own certification." I can continue to look into but if someone is already a PCI expert, your help would be greatly appreciated.  Also here is Azure's customer guide for PCI Compliance: <a href="http://go.microsoft.com/fwlink/?linkid=389876&clcid=0x409">Windows Azure Customer PCI Guide</a>
Save Cancel
Jon Edmiston

10 years ago

If you have time to look into it it would be helpful.
0
- Brandon Gamache replied 10 Years Ago
Before I forget--for future Azure users--here is the process I had to go through:

Note: Rock’s external website will not be our main site, so this will only detail how to set up CNAME records, not A records.

Create your website.

Create a Traffic Manager (remember the name you set).

Under Traffic Manager, create and endpoint that points to your desired Azure website.

In your DNS setting for your domain, wherever you may have your domain registered or name servers located (DROA, GoDaddy, RackSpace etc.), point your subdomain as a CNAME to <name>.trafficmanager.net.

Go back to your website, click the manage domains button or go to the Configure tab then Manage Domains. Add your <name>.trafficmanager.net.

Add the subdomains (full CNAME records you created) (making sure the <name>.azurewebsite.net URL is first, <name>.trafficmanager.net is second, then your full custom domains).

Depending on what your Time To Live is set to (in Traffic Manager and in your DNS), it may take 5-10 minutes for it to work.

This is what worked for us, if you have found another way that works, feel free to share.
Edit Answer

Before I forget--for future Azure users--here is the process I had to go through: Note: Rock’s external website will not be our main site, so this will only detail how to set up CNAME records, not A records. <ol> <li>Create your website.</li> <li>Create a Traffic Manager (remember the name you set).</li> <li>Under Traffic Manager, create and endpoint that points to your desired Azure website.</li> <li>In your DNS setting for your domain, wherever you may have your domain registered or name servers located (DROA, GoDaddy, RackSpace etc.), point your subdomain as a CNAME to <name>.trafficmanager.net.</li> <li>Go back to your website, click the manage domains button or go to the Configure tab then Manage Domains. Add your <name>.trafficmanager.net.</li> <li>Add the subdomains (full CNAME records you created) (making sure the <name>.azurewebsite.net URL is first, <name>.trafficmanager.net is second, then your full custom domains).</li> </ol> Depending on what your Time To Live is set to (in Traffic Manager and in your DNS), it may take 5-10 minutes for it to work. This is what worked for us, if you have found another way that works, feel free to share.
Before I forget--for future Azure users--here is the process I had to go through: Note: Rock’s external website will not be our main site, so this will only detail how to set up CNAME records, not A records. <ol> <li>Create your website.</li> <li>Create a Traffic Manager (remember the name you set).</li> <li>Under Traffic Manager, create and endpoint that points to your desired Azure website.</li> <li>In your DNS setting for your domain, wherever you may have your domain registered or name servers located (DROA, GoDaddy, RackSpace etc.), point your subdomain as a CNAME to <name>.trafficmanager.net.</li> <li>Go back to your website, click the manage domains button or go to the Configure tab then Manage Domains. Add your <name>.trafficmanager.net.</li> <li>Add the subdomains (full CNAME records you created) (making sure the <name>.azurewebsite.net URL is first, <name>.trafficmanager.net is second, then your full custom domains).</li> </ol> Depending on what your Time To Live is set to (in Traffic Manager and in your DNS), it may take 5-10 minutes for it to work. This is what worked for us, if you have found another way that works, feel free to share.
Before I forget--for future Azure users--here is the process I had to go through: Note: Rock’s external website will not be our main site, so this will only detail how to set up CNAME records, not A records. <ol> <li>Create your website.</li> <li>Create a Traffic Manager (remember the name you set).</li> <li>Under Traffic Manager, create and endpoint that points to your desired Azure website.</li> <li>In your DNS setting for your domain, wherever you may have your domain registered or name servers located (DROA, GoDaddy, RackSpace etc.), point your subdomain as a CNAME to <name>.trafficmanager.net.</li> <li>Go back to your website, click the manage domains button or go to the Configure tab then Manage Domains. Add your <name>.trafficmanager.net.</li> <li>Add the subdomains (full CNAME records you created) (making sure the <name>.azurewebsite.net URL is first, <name>.trafficmanager.net is second, then your full custom domains).</li> </ol> Depending on what your Time To Live is set to (in Traffic Manager and in your DNS), it may take 5-10 minutes for it to work. This is what worked for us, if you have found another way that works, feel free to share.
Save Cancel
0
- Sam Rae replied 8 Years Ago
Does this mean that there's no way to do both internal and external Rock modules on the free Teir of Azure?

I'm trying out RockRMS on the Azure free teir at the moment and it's going well. I've set both the internal and external sites to [mychurch].azurewebsites.net. I can access both of the sites, but getting between the public and the interal sites is a bit hacky (you have to manually enter a page number in the URL).
Edit Answer

Does this mean that there's no way to do both internal and external Rock modules on the free Teir of Azure? I'm trying out RockRMS on the Azure free teir at the moment and it's going well. I've set both the internal and external sites to [mychurch].azurewebsites.net. I can access both of the sites, but getting between the public and the interal sites is a bit hacky (you have to manually enter a page number in the URL).
Does this mean that there's no way to do both internal and external Rock modules on the free Teir of Azure? I'm trying out RockRMS on the Azure free teir at the moment and it's going well. I've set both the internal and external sites to [mychurch].azurewebsites.net. I can access both of the sites, but getting between the public and the interal sites is a bit hacky (you have to manually enter a page number in the URL).
Does this mean that there's no way to do both internal and external Rock modules on the free Teir of Azure? I'm trying out RockRMS on the Azure free teir at the moment and it's going well. I've set both the internal and external sites to [mychurch].azurewebsites.net. I can access both of the sites, but getting between the public and the interal sites is a bit hacky (you have to manually enter a page number in the URL).
Save Cancel

Jon Edmiston · Accepted Answer · 2014-03-13T15:59-07:00

1

Jon Edmiston replied 10 Years Ago

Normally there are two steps to get custom domains working with Rock.

Configure your DNS to point to your website (this will depend on your DNS provider and your web hoster). If your web hoster provides a dedicated IP address you can create an A Record for it. If they give you a domain name instead you can create a CNAME Record to point to it. This will drive the traffic to your Rock install.
Next you need to tell Rock which domain belongs to which site. You configure this under Admin Tools > CMS Settings > Sites . The installer has already setup the URLs you provided during the install, but if you'd like to add more you can make these changes here.

Azure adds one additional step, call it 1B. In Azure you also need to configure the Traffic Manager. This document tells you everything you need to know. I'd recommend reading it in its entirety. I skipped around a bit and suffer because of it :)

http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/

In terms of PCI, I think I have more questions than answers. Here are some notes from Arvixe on the topic:

http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/

While Microsoft has achieved PCI compliance for Azure (see the bottom of this blog post http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx) it's uncertain if this includes Azure Websites.

We still have a lot of learning to do in this area. We'd love to provide more direction in the future, but our development and documentation efforts are consuming a vast majority of our time. We'd love to see someone step up and become the PCI expert for this community.

Edit Answer

Normally there are two steps to get custom domains working with Rock.

<ol>
	<li>Configure your DNS to point to your website (this will depend on your DNS provider and your web hoster). If your web hoster provides a dedicated IP address you can create an A Record for it. If they give you a domain name instead you can create a CNAME Record to point to it. This will drive the traffic to your Rock install.</li>
	<li>Next you need to tell Rock which domain belongs to which site. You configure this under Admin Tools &gt; CMS Settings &gt; Sites . The installer has already setup the URLs you provided during the install, but if you&#39;d like to add more you can make these changes here.</li>
</ol>

Azure adds one additional step, call it 1B. &nbsp;In Azure you also need to configure the Traffic Manager. This document tells you everything you need to know.&nbsp;I&#39;d recommend reading it in its&nbsp;entirety. I skipped around a bit and suffer because of it :)

<a href="http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/">http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/</a>

In terms of PCI, I think I have more questions than answers. Here are some notes from Arvixe on the topic:

<a href="http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/">http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/</a>

While Microsoft has achieved PCI compliance for Azure (see the bottom of this blog post&nbsp;<a href="http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx">http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx</a>) it&#39;s uncertain if this includes Azure Websites.&nbsp;

We still have a lot of learning to do in this area. We&#39;d love to provide more direction in the future, but our development and documentation efforts are consuming a vast majority of our time. We&#39;d love to see someone step up and become the PCI expert for this community.

<p>Normally there are two steps to get custom domains working with Rock.</p>

<ol>
	<li>Configure your DNS to point to your website (this will depend on your DNS provider and your web hoster). If your web hoster provides a dedicated IP address you can create an <em>A Record</em> for it. If they give you a domain name instead you can create a <em>CNAME Record</em> to point to it. This will drive the traffic to your Rock install.</li>
	<li>Next you need to tell Rock which domain belongs to which site. You configure this under <em>Admin Tools &gt; CMS Settings &gt; Sites</em> . The installer has already setup the URLs you provided during the install, but if you&#39;d like to add more you can make these changes here.</li>
</ol>

<p>Azure adds one additional step, call it 1B. &nbsp;In Azure you also need to configure the Traffic Manager. This document tells you everything you need to know.&nbsp;I&#39;d recommend reading it in its&nbsp;entirety. I skipped around a bit and suffer because of it :)</p>

<p><a href="http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/">http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/</a></p>

<p>In terms of PCI, I think I have more questions than answers. Here are some notes from Arvixe on the topic:</p>

<p><a href="http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/">http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/</a></p>

<p>While Microsoft has achieved PCI compliance for Azure (see the bottom of this blog post&nbsp;<a href="http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx">http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx</a>) it&#39;s uncertain if this includes Azure Websites.&nbsp;</p>

<p>We still have a lot of learning to do in this area. We&#39;d love to provide more direction in the future, but our development and documentation efforts are consuming a vast majority of our time. We&#39;d love to see someone step up and become the PCI expert for this community.</p>

<p>Normally there are two steps to get custom domains working with Rock.</p>

<ol>
	<li>Configure your DNS to point to your website (this will depend on your DNS provider and your web hoster). If your web hoster provides a dedicated IP address you can create an <em>A Record</em> for it. If they give you a domain name instead you can create a <em>CNAME Record</em> to point to it. This will drive the traffic to your Rock install.</li>
	<li>Next you need to tell Rock which domain belongs to which site. You configure this under <em>Admin Tools &gt; CMS Settings &gt; Sites</em> . The installer has already setup the URLs you provided during the install, but if you&#39;d like to add more you can make these changes here.</li>
</ol>

<p>Azure adds one additional step, call it 1B. &nbsp;In Azure you also need to configure the Traffic Manager. This document tells you everything you need to know.&nbsp;I&#39;d recommend reading it in its&nbsp;entirety. I skipped around a bit and suffer because of it :)</p>

<p><a href="http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/">http://www.windowsazure.com/en-us/documentation/articles/web-sites-custom-domain-name/</a></p>

<p>In terms of PCI, I think I have more questions than answers. Here are some notes from Arvixe on the topic:</p>

<p><a href="http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/">http://forum.arvixe.com/smf/pre-sale-questions/pci-compliance-vps-plan-is-arvixe-pci-compliant/</a></p>

<p>While Microsoft has achieved PCI compliance for Azure (see the bottom of this blog post&nbsp;<a href="http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx">http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx</a>) it&#39;s uncertain if this includes Azure Websites.&nbsp;</p>

<p>We still have a lot of learning to do in this area. We&#39;d love to provide more direction in the future, but our development and documentation efforts are consuming a vast majority of our time. We&#39;d love to see someone step up and become the PCI expert for this community.</p>

Save Cancel

Jon Edmiston

10 years ago

Adding this great guide for future readers of this post. http://bretstateham.com/10-easy-steps-to-azure-web-site-custom-domains/

Question

2

Azure Hosting and Internal and Public addresses for Rock

1

0

0

0