Jump to content













Photo
- - - - -

Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network

  Posted by Pantelis Apostolidis , in Azure 16 November 2017 · 51 views

Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network
As we have already saw at a previews post, we can use the Service Endpoints to protect an Azure SQL Server inside an Azure Virtual Network. Today we will see how we can protect a Storage Account.
First we need to enable the Microsoft.Storage Service Endpoint to an existing Virtual Network or create a new Virtual Network and enable it. At this port I am creating a new Virtual Network, so at the Azure Portal press New and at the search box type “Virtual Network”.
Enter the name of the Virtual Network and all the required fields. The only difference is to click “Enable” at the Service Endpoints and select the “Microsoft.Storage”.
Posted Image
After the Virtual Network we can proceed with the Storage Account. Create a Storage Account by going to Azure Portal, press New, search for “Storage Account” and press Create. At the “Create storage account” blade enter all the required fields. The difference here is to click “Enable” at the “Virtual Networks” and select the Virtual Network that you have enabled “Service Endpoints” and select the desired subnet.
Posted Image
After the Storage Account creation, open the Storage Account and go to the “Firewall and virtual network” setting. and you will see that the selected Virtual Network and Subnet are configured and all other networks and the Internet access are forbidden.
Posted Image
Now if you go to the File Service of the Storage Account you will get an “Access Denied” message, since you are accessing from the Internet.
Posted Image
In order to access the Storage Account File Service (And all other services like blob) I created a Virtual Machine inside the Virtual Network and opened the Portal from it. Now I can access the Storage Account services.
Posted Image
Of course we can add our Public IP and access the Storage Account configuration, make the required changes and then remove it.
Posted Image
Also we can add / remove existing and new networks
Posted Image
Posted Image
The post Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network appeared first on Apostolidis IT Corner.


Source