Jump to content
  • entries
    142
  • comments
    0
  • views
    83597

Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network


proximagr

541 views

 Share

Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network
As we have already saw at a previews post, we can use the Service Endpoints to protect an Azure SQL Server inside an Azure Virtual Network. Today we will see how we can protect a Storage Account.
First we need to enable the Microsoft.Storage Service Endpoint to an existing Virtual Network or create a new Virtual Network and enable it. At this port I am creating a new Virtual Network, so at the Azure Portal press New and at the search box type “Virtual Network”.
Enter the name of the Virtual Network and all the required fields. The only difference is to click “Enable” at the Service Endpoints and select the “Microsoft.Storage”.
img_5a0d9f139f019.png
After the Virtual Network we can proceed with the Storage Account. Create a Storage Account by going to Azure Portal, press New, search for “Storage Account” and press Create. At the “Create storage account” blade enter all the required fields. The difference here is to click “Enable” at the “Virtual Networks” and select the Virtual Network that you have enabled “Service Endpoints” and select the desired subnet.
img_5a0da1c94f2b9.png
After the Storage Account creation, open the Storage Account and go to the “Firewall and virtual network” setting. and you will see that the selected Virtual Network and Subnet are configured and all other networks and the Internet access are forbidden.
img_5a0da846832a3.png
Now if you go to the File Service of the Storage Account you will get an “Access Denied” message, since you are accessing from the Internet.
img_5a0dabdab7c59.png
In order to access the Storage Account File Service (And all other services like blob) I created a Virtual Machine inside the Virtual Network and opened the Portal from it. Now I can access the Storage Account services.
img_5a0dad1f43286.png
Of course we can add our Public IP and access the Storage Account configuration, make the required changes and then remove it.
img_5a0dae33b3ec4.png
Also we can add / remove existing and new networks
img_5a0dae189e2a6.png
[/url]share_save_171_16.png
The post Use Service Endpoints to protect an Azure Storage Account inside an Azure Azure Virtual Network appeared first on Apostolidis IT Corner.



Source

 Share

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...