Q: What is a Windows Azure cloud service endpoint, and why do I need them?
A: Consider a virtual machine that's deployed in Windows Azure IaaS to a cloud service. (A cloud service contains resources and acts as a boundary of security and communication.) All the virtual machines deployed in the same cloud service are automatically allocated a dynamic IP address via DHCP; those virtual machines can all communicate directly with each other. The cloud service also has its own virtual IP address that's an Internet addressable IP address—which means it can be communicated to across the Internet, as the following figure depicts.
The cloud service virtual IP address is therefore shared between all the virtual machines that are running in the cloud service, which introduces a challenge if you need to connect to different virtual machines over the Internet. This is where endpoints are used. Endpoints enable mapping within the cloud service from an externally accessible port on the cloud service virtual IP address to a port on a specific virtual machine. Default endpoints created for each Windows virtual machine are for RDP and PowerShell to enable simple management. The following figure shows these default endpoints for my three virtual machines, viewed via my cloud service dashboard. To see the actual mapping details, look at the endpoint configuration for each virtual machine.
As you can see, an endpoint provides mapping from one port to another port for a specific virtual machine. This allows many different virtual machines to be accessed through the single cloud service virtual IP address by using unique external ports for each service and each virtual machine. Additional endpoints can easily be added for virtual machines through the endpoints area of the virtual machine configuration. This is required if you need additional ports to be accessible for a virtual machine from the cloud service's virtual IP address and therefore accessible from the Internet.
