Azure Appendix A: Microsoft Entra ID Application Proxy

  • Published on Apr 23, 2025
  • 3 minute(s) read
  • Migration Team
 Prev Next

Summary

Microsoft Entra ID Application Proxy provides secure remote access to on-premises web applications. After a single sign-on to Azure AD, users can access both cloud and on-premises applications through either an external URL or an internal application portal.

In a Nasuni environment, App Proxy can be used to provide additional security to Nasuni’s Web Access and management user interface. One example is leveraging AAD’s MFA support. More complex scenarios involve robust Conditional Access policies that enforce geographic limitations and client security posture checks.

Architecture

App Proxy makes use of a connector installed on a Windows Server in the customer’s network. The connector creates outbound connections to the Application Proxy Service in Azure. This does not require the customer to open any inbound ports on their firewall.

Figure A-1: Architecture of Microsoft Entra ID Application Proxy.

  1. User is directed to the AAD sign-in page.

  2. After successful sign-in (client passes all conditional access policies), a token is returned to the user.

  3. User sends the token to the App Proxy Service, which passes it along to the App Proxy Connector.

  4. The Connector performs any additional authentication required with on-premise Active Directory.

The Connector sends the request to the Edge Appliance or NMC.

The Edge Appliance’s or NMC’s response is sent via the Connector back to the user.In a Nasuni environment, App Proxy can be used to provide additional security to Nasuni’s Web Access and management user interface. One example is leveraging AAD’s MFA support. More complex scenarios involve robust Conditional Access policies that enforce geographic limitations and client security posture checks.

Procedure

After moving the VM to a new host, you can use console commands to reset to “factory” settings, then reconfigure the network settings.

Important: After making any changes, you must use the Nasuni Edge Appliance to enter those settings so that the Nasuni Edge Appliance is consistent with the platform. This applies to all changes.

To reset to “factory” settings, then reconfigure the network settings, follow these steps:

  1. After moving the VM to a new host, access the console for the Nasuni Edge Appliance. For the Nasuni Edge Appliance virtual machine, use the virtual machine console window. The console prompt appears.

    Figure A-2: Console prompt.

  2. Press Enter to access the Service menu. The login prompt appears. Enter the username and password. The login username is service, and the default password is service. The Service Menu appears.

    Figure A-3: Service Menu.

  3. To access commands to change the network configuration, enter editnetwork at the prompt.

    The network prompt appears.

    Figure A-4: Network prompt.

  4. To perform a “factory reset” of the Nasuni Edge Appliance, enter factoryreset at the prompt.

    A Message appears asking for permission to continue.

    Warning: EXECUTING THIS COMMAND DESTROYS THE CURRENT NETWORK CONFIGURATION AND RETURNS THE NASUNI EDGE APPLIANCE TO THE DEFAULT SETTINGS. THIS COMMAND ALSO CLEANS UP AND RECONFIGURES THE NIC LAYOUT OF THE SYSTEM.

    Note: Running factoryreset does not cause a loss of access to iDRAC.

    Note: Running factoryreset does not reset the hostname. To reset the hostname, use the sethostname command.

  5. Enter yes at the prompt.

    The Nasuni Edge Appliance reboots.

  6. Once again, access the console for the Nasuni Edge Appliance. For the Nasuni Edge Appliance virtual machine, use the virtual machine console window. The console prompt appears.

    Figure A-5: Console prompt.

  7. Press Enter to access the Service menu. The login prompt appears. Enter the username and password. The login username is service, and the default password is service. The Service Menu appears.

    Figure A-6: Service Menu.

  8. To access commands to change the network configuration, enter editnetwork at the prompt.

    The network prompt appears.

    Figure A-7: Network prompt.

  9. The default is to use DHCP settings. To use DHCP settings for the network device and the system, enter the following command:

    setall dhcp

    Press Enter. The setall dhcp command runs:

    Figure A-8: setall dhcp command.

    The network device and the system use DHCP settings. Continue with step 11.

  10. Alternatively, to use static settings for the network device and the system, enter the following command:

    setall static

    Press Enter. The setall static command runs:

    Figure A-9: setall static command.

    Change values as necessary and save your values.

  11. To exit the editnetwork commands, enter close.

  12. To exit the console commands, enter quit.

  13. On the Nasuni Edge Appliance, enter any changed settings so that the Nasuni Edge Appliance is consistent with the platform.

Related articles