Protect Azure resources with Network Security Groups
Cloud Police
The Azure cloud offers a variety of access options for resources. Many organizations outsource parts of their data centers to Azure and publish services such as websites, applications, or complex infrastructures as publicly accessible offerings or for users within their own organizations. Rarely are the scenarios so simple that they involve a single website or a single web server operated and published from an Azure virtual machine (VM). "Lift and shift" scenarios or complex architectures, in particular, often map various protected levels that force the isolation of diverse services and components. Classic data centers are rarely connected by any-to-any communication but are grouped into zones and protected.
For demanding applications that comprise multiple components, databases, front ends, back ends, storage, microservices, and loosely connected external data sources, no one likely has the need to talk to everyone else. This means that Azure also needs to support the isolation and distribution of various resources. Imagine a distributed application with multiple tiers distributed across multiple data centers for resilience. Because Azure networks can be connected across data center boundaries and regions, as well, it must be possible to define which requests cross these boundaries. The means of choice goes by the name of Network Security Groups (NSGs).
Rules-Based Traffic Control
On Azure networks, NSGs act like a firewall, examining and filtering incoming and outgoing traffic. Filtering is solved in a classic way, involving definable rules, controlled by Azure admins. The solution is useful for all resources of an Azure network, such as VMs, Azure batch services, HDInsight, Azure AD Domain Services, containers in Kubernetes or container instances, or Azure SQL. These firewall-style capabilities can be applied to multiple resources and are not limited to the outer limits of a
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Networking strategies for Linux on Azure
We explore advanced networking strategies tailored for Linux workloads on Azure. -
Private cloud with Microsoft Azure Stack
Azure Stack is an Azure extension that implements an on-premises data center for consistent hybrid cloud deployments. -
Azure Arc agent on local machines
Manage your on-premises servers with Windows Admin Center in Azure. -
The Azure Arc multicloud and on-premises management platform
The Azure Arc cloud service supports centralized management of Windows and Linux servers, Kubernetes clusters, and SQL servers that are not themselves running in Azure, extending Azure management capabilities to servers in traditional data centers or any other cloud environment. We show you how to get Azure Arc up and running and look at its key features. -
Advanced monitoring techniques for Azure VMs on Linux
We delve into advanced monitoring methods for enhancing the performance and security of Linux-based Azure virtual machines.