Cloud Data Design, Orchestration, and Management Using Microsoft Azure by Francesco Diaz & Roberto Freato

Author:Francesco Diaz & Roberto Freato
Language: eng
Format: epub
Publisher: Apress, Berkeley, CA

At the time of this writing, encryption key is managed, secured, and rolled by Microsoft itself. There is a preview feature letting customers choose their keys using Azure Key Vault.

Security Perimeter

Since the beginning of the Azure Storage Service, every Storage Account have been available on the Internet by default. There was no way to prevent specific users to access the account or, conversely, to enable just few IPs or VNets to access it securely.

Recently, Microsoft introduces a Firewall capability similar to the one used in SQL Database, with the additional benefit to include one or more Virtual Networks in the trusted ring of permitted clients (Figure 3-10). In this last case, it is also guaranteed that the path followed by the clients, inside a VNet, will not pass through the public internet. For more information of this feature, known as Virtual Network Service Endpoints, you can follow this link: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview .

Figure 3-10We see how to include new or existing VNets to the allowed clients for the Storage Account, as well as specific IPs on the public internet. In case we have external monitoring software using the logging and metrics features of the storage account, we can check the last two options above

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.