Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 11 Current »

Virtual Networks have default connectivity, but are totally isolated.

VNet peering

  • VNET A can talk to VNET B via a private IP address with a fast and low-latency connectivity.

  • Peering supports cross-subscription connectivity and supports cross-region connectivity.

  • But, limitations :

    • we cannot have address spaces that overlap (for example, VNAT A and VNET B have the same address space and so, the peering will not work)

    • we cannot have transitive routing (VNET A cannot talk to a VNET through VNET B).

Service Endpoints

  • If we have Azure PAAS, we know by default they have public endpoint connectivity. But, if we want to make connectivity more private, we can use private endpoints → we precise resource providers and want a private backbone connectivity between resources. And, Microsoft is going to manage a system route for a subnet to be able to access a resource in our resource group.

  • We are not providing a private IP address to Microsoft.Storage resources, but we only are configuring access to subnet 2 to all Microsoft.Storage resources.

  • We can combine this with resource firewalls if we want to lock down storage accounts (allow/deny traffic) and make only accessible across Microsoft Backbone and so, we can remove public internet access.

Private Link

  • It’s similar to VNet Peering and we are not going over the public internet. IT’s going over that Microsoft Backbone and it’s going to proxy and provide secure connectivity across to a given resource within Azure.

  • We can get more granular security - we can configure connectivity to specific resources (not a whole resource type).

  • Connectivity is possible with our on-premises infra; Connectivity is possible from peered virtual networks. And, accessible services in other regions.

  • No labels