Skip to main content

Notifications

Announcements

Forum Structure Changes on 11/8 – Update Your Subscriptions!
News and Announcements icon
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / securing CHE VM using ...
Finance | Project Operations, Human Resources, ...
Suggested answer

securing CHE VM using bastion

(0) ShareShare
ReportReport
Posted on by Talent
Hi
 
One if our customers are looking for some information regarding securing the CHE and blocking ports that are not required.

They are currently using bastions and followed this documentation where it says that Bastion is recommended:
https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/dev-tools/secure-developer-vm

However, there is another documentation which says the contradictory statements as in Bastion is not supported :
Deploy and access development environments - Finance & Operations | Dynamics 365 | Microsoft Learn

Questions that they have are:
  • Can we join the VM to the customer’s domain or not? Will it cause issues if we do so?
  • How many developers should be the maximum to use one VM?
  • What ports inbound and outbound should be open as a minimum to make sure that developers can still do their Dynamics work but that it is secured connectivity-wise?
  • The Storage Account is also publicly accessible, can we close that connection so that the VM can access the SA via the VNET or will cause that issues?
  • Overall, what security best practices should be also activate the secure the environment more?
Any insight or customer example will be very helpful on this.
  • Suggested answer
    fsilva-jr Profile Picture
    fsilva-jr 20 on at
    securing CHE VM using bastion
    Working with the network team you can configure your VM´s to use one common network. It will allow you to connect to your VM´s using the local ip instead of a public one. It means that you will only be able to connect to the VM´s through the local network or VPN.
    The VM´s will be "in the same network", but not in the same domain!
     
  • Martin Dráb Profile Picture
    Martin Dráb 229,275 Most Valuable Professional on at
    securing CHE VM using bastion
    The first link says that you "can consider using Azure Bastion"; which is exactly the same thing as "is recommended". The second one says that the Dynamics team won't give you support for setting up Bastion, which doesn't mean that you can't use it.
     
    I'm on a project where Bastion is used for CHE, but it's not managed by myself.
     
    The answer to "How many developers should be the maximum to use one VM?" is one. Two developers can't develop in the same environment at once.
     
    Configure Azure Bastion for Dynamics 365 F&O VMs will answer some of your other questions.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Forum Structure Changes on 11/8 – Update Your Subscriptions!

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Coming on 11/8!

In our never-ending quest to help the Dynamics 365 Community members get answers faster …

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,900 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 229,275 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans