Azure Virtual Network Service Endpoints

Azure Virtual Network Service Endpoints

By default Azure Managed Resources such as Azure Storage and Azure SQL Database with Public IP are accessed over internet connection from outside Azure and by VMs in Virtual Network over internet connection.

With Azure Virtual Network Service Endpoints, traffic between Azure Virtual Network and Azure Managed Resources remains on the Microsoft Azure backbone network and not on Public Internet.

Virtual Network Endpoints feature is currently available for the following Azure services:

Azure Storage
Azure SQL Database
Azure Cosmos DB
Azure SQL Data Warehouse (In Preview)

VIRTUAL NETWORK SERVICE ENDPOINT ARCHITECTURE

Figure below shows the Architecture of VNET Service Endpoints.

https://i.redd.it/y121emcfa5k11.png

WORKING OF VNET SERVICE ENDPOINTS

Virtual Network Service Endpoints are created in Virtual Network and are attached to Subnets. They extend Azure Virtual Network private address space to Azure Managed services. You can also restrict Azure resources to only be accessed from your VNET and not via the Internet. You also have the option to allow access from internet or from particular IP range only.

WHY WE NEED AZURE VIRTUAL NETWORK ENDPOINTS

Azures Managed Resources such as Azure Storage and Azure SQL have Internet facing IP addresses. Because of security reasons many customers prefer that their Azure Managed Services not be exposed directly to the Internet.

Click on the link below to read rest of the article.

https://mykloud.wordpress.com/2018/06/18/virtual-network-service-endpoint/

submitted by /u/harinderkohli
[link] [comments]

Leave a Reply