I'm currently assessing various configuration management systems for managing mostly Windows machines. I'm liking the look of Ansible so far, but I am concerned I have a fairly major blocker. I need the chosen system to be able to manage nodes that are both on a local network (which is fine) and on a remote network (inside Azure) that is not directly connected to my main network.
I know Ansible can talk to Azure resources, but I am primarily thinking about configuring the Azure VMs once created. These VMs are not currently directly addressable over the internet and ideally, I want to avoid having to give every VM a public IP and expose WINRM for all machines. When looking at an agent-based system such as Puppet it works fine as the nodes call into the master, but obviously, that is not the case with Ansible. I note that it is possible ot use a jump server, but this appears to be Linux only.
Given this requirement, is Ansible a no-go or is there a way round this?