Robo Kiwi

  • Blog
  • Wiki
  • GitHub
  • .NET
    • Testing
    • .NET Patterns
    • Asynchronous Programming
    • Error Handling in .NET
    • MSBuild
    • Configuration in .NET & ASP.NET
  • Azure
    • Azure CLI
    • Azure Networking
    • Local Development
  • Apps & Tools
  • Cloud
  • Data & Databases
    • SQL
  • Debugging
  • JavaScript
  • Microsoft Dynamics
  • Microsoft Office
  • Practices
  • Principles & Theory
  • Scripting
    • PowerShell
  • Security
    • Let's Encrypt
  • Source Control
  • Web Technologies
    • React
  • Windows
Wiki / Azure / Azure Networking

Azure Networking

Overview

Azure networking resources are typically virtual network components and appliances.

NSGs, ASGs and similar traffic filtering are enforced at the Virtual Switch level on the host Virtual Machine, and don’t involve edge devices or other hardware or network appliances external to the VM host.

When Azure resources are talking to each other, they come via their public IPs. Despite this, if an Azure resource is talking to another Azure resource via its public IP, because of the routing within the Azure networks, that traffic won’t go out on the public internet.

Security

To mutually restrict access between a VNet resource and a PaaS or SaaS resource:

ResourceA in SubnetA in VNetA interacts with StorageA.

  • A Service Endpoint can be used to ensure StorageA can only be accessed by resources on SubnetA
  • A Service Endpoint Policy can ensure ResourceA cannot access storage accounts other than StorageA.

Application Security Groups (ASG)

Read More »

Azure FrontDoor

Read More »

Comparing Private Link and Service Endpoints

Read More »

Network Security Group (NSG)

Read More »

Private Link

Read More »

Service Endpoint Policies

Read More »

Service Endpoints

Read More »

Service Tags

Read More »
Copyright © David Moore 2022

Azure badge Built with Hugo