Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECURING MS AZURE DATA ENDPOINTS - Coggle Diagram
SECURING MS AZURE DATA ENDPOINTS
EXPLORING DATA AND ENDPOINT CONSIDERATIONS
Connectivity in Azure
• Azure is a multi-tenant service, where companies share lots of nodes and compute power on the cloud
• Most services are shared, but each customer is ISOLATED from others
• Some services can also be deployed as dedicated services (have different network capabilities)
Virtual Network
A VN construct created in Azure
A VN live within a subscription, within a Region
Has IP ranges assigned to
Can break up into Virtual Subnets
To connect to other VN need to use Vnet Pairing
Types of Data
BLOB:
Unstructured, random access or append only operations, massive accessed via API
FILES:
Unstructured data via file system API
FILES:
Unstructured data via file system API
Non-Relational DB
:Unstructured, random access or append only operations, massive accessed via API
Communication Endpoints
Defense in Depth
INTEGRATING DATA SERVICES WITH VNet
Virtual Network Injection
Using Service Enpoints
Controlling Access from Vnet with NSG
Using Service Endpoint Policies
Azure Private Link
Azure NVA or Azure Firewall
SECURING MY RESOURCE ENPOINT
Public Endpoint
Firewall and IP Restrictions
Threat Detection