Scribd
Upload
11 views2 pages

Azure Basic 35

The document outlines the steps to use a custom website, including creating a public zone and adding an alias record. It explains the configuration of secure access to virtual networks using Network Security Groups (NSG) and Application Security Groups (ASG) to filter traffic and define security policies. Additionally, it describes Azure Bastion, a service for secure RDP/SSH connectivity to virtual machines without requiring public IPs.

Uploaded by

Mahmud Rayhan Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views2 pages

Azure Basic 35

The document outlines the steps to use a custom website, including creating a public zone and adding an alias record. It explains the configuration of secure access to virtual networks using Network Security Groups (NSG) and Application Security Groups (ASG) to filter traffic and define security policies. Additionally, it describes Azure Bastion, a service for secure RDP/SSH connectivity to virtual machines without requiring public IPs.

Uploaded by

Mahmud Rayhan Shajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

How do I use my custom website?

We need to create a public zone and add an alias record. Once verified with the registrar,
we can start using our custom name.
B) Configure secure access to virtual networks
Network Security Groups(NSG)
Network security group is used to filter network traffic between Azure resources in
an Azure
virtual network. A network security group contains security rules. These can allow or
deny
inbound and outbound network traffic from various Azure resources.
Each rule contains a few things and you can specify them as →
Source, Destination, Port, and Protocol.
When we create any NSG, the default security rules are applied and the rule
attributes you can
modify to create an augmented security rule.
Network security group
o These are the rules that are assigned to allow traffic to flow. The NSG can be assigned
at a NIC level or a subnet level. It is recommended to apply at any one level only.
o If there is no NSG, then traffic will be allowed in and out
o We set inbound and outbound rules
o Priority – All rules are assigned a priority and the lowest number is taken first. If rule
100 says allow and 101 says deny, then the result allows.
--Back to Index-- 107
o Default Security rules – There are 6 default rules that can neither be removed or
modified.
Source: Microsoft Docs → Azure network security groups overview | Microsoft Learn
Please refer to this link → Creating and Configuring -Azure Network
security group
Default security rules
--Back to Index-- 108
Application Security Groups(ASG)
Application Security Group (ASG) is part of the Network Security Group(NSG). You
can define
your network security group rules based on your application security groups.
Application security groups allow you to configure network security as a natural
extension of an
application's architecture, allowing you to group virtual machines and define
network security
policies based on those groups.
Let's take a look at how to implement application security groups by creating a
configuration for
an online retailer. In the below example. We need to control network traffic to
virtual machines in
application security groups.
Application security groups work similarly to network security groups, but they
provide an
application-centric way of looking at your infrastructure. You join your virtual
machines to an
application security group. Then you use the application security group as the
source or
destination in the network security group rules.
--Back to Index-- 109
Azure Bastion Implementation
Azure Bastion is a service you run that allows you to connect to a virtual machine
using your
browser and the Azure portal, or through a native SSH or RDP client already
installed on your
local computer.
● It is a fully managed PaaS that you run/provision inside your virtual network.
● It provides secure, seamless RDP/SSH connectivity to your VMs directly from
portal over TLS.
● When you connect through this, your VM doesn't need a public IP, agent, or client
software.
Prerequisites
● A virtual network. This will be the VNet to which you deploy Bastion.
● A virtual machine in the virtual network. This VM isn't a part of the Bastion
configuration and
doesn't become a bastion host. You connect to this VM later in this tutorial via
Bastion.
● Required VM roles: Reader role on VM & Reader role on the NIC(with private IP of
VM).
● Required inbound ports: For Windows VMs - RDP (3389) & For Linux VMs - SSH
(22).
Pls refer to this → Tutorial: Deploy Bastion using specified settings: Azure
portal
--Back to Index-- 110

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy