Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azure focused 87th Devclub.lv

•

0 gostou•2,972 visualizações

Erwin Staal from 4DotNet will share experience on “Network security with Azure PaaS services“. He will share some of the things he learned while implementing network security at his current client. We will start with a short introduction to the basics of networking in Azure. He will present to you some best practices and tell you about some of the limitations you need to know before getting started. We will talk about how you for example can lock-down your API or SQL-server. To do that we will use relatively new Azure offerings like Service endpoints, Private endpoints, and VPN connections. Erwin is a .NET Software Engineer and DevOps Consultant at 4DotNet. He’s helping clients with ASP.NET Core, Docker and Kubernetes and as a DevOps Consultant he helps companies with the implementation of DevOps and Continuous Delivery.

Tecnologia

@erwin_staal
Networking on
Azure PaaS
Erwin Staal | @erwin_staal

@erwin_staal
Azure Architect
DevOps Consultant
@erwin_staal
ErwinStaal

@erwin_staal
VNetbasics
• RFC1918 Subnets
• 10.0.0.0 – 10.255.255.255 (10/8 prefix)
• 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
• 192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
• Smallest: /29 -> 3 hosts
• 5 IP-addresses are reserved by Azure
• x.x.x.0: Network address
• x.x.x.1: Reserved by Azure for the default gateway
• x.x.x.2, x.x.x.3: Reserved by Azure to map the Azure DNS IPs to the VNet space
• x.x.x.255: Network broadcast address

@erwin_staal
• Access Azure PaaS Services over a private endpoint
• No public IP anymore on PaaS service
• Traffic remains on the Microsoft network
• Integration with on-premises and peered networks
PrivateLink

@erwin_staal
PrivateLink
Azure Storage All public regions GA
Azure Data Lake Storage Gen2 All public regions GA
Azure SQL Database All public regions GA
Azure Synapse Analytics All public regions GA
Azure Cosmos DB All public regions GA
Azure Database for PostgreSQL - Single server All public regions GA
Azure Database for MySQL All public regions GA
Azure Database for MariaDB All public regions GA
Azure Key Vault All public regions GA
Azure Kubernetes Service - Kubernetes API All public regions GA
Azure Search All public regions GA
Azure Container Registry All public regions GA
Azure App Configuration All public regions Preview
Azure Backup All public regions GA
Azure Event Hub All public regions GA
Azure Service Bus All public regions GA
Azure Relay All public regions Preview
Azure Event Grid All public regions GA
Azure Web Apps All public regions Preview

@erwin_staal
• Lets your App Service join a vnet(subnet) for egress
• Allows you to access resources in your vnet in the same region
• Require a Standard or PremiumV2 App Service Plan
• You can block outbound traffic with an NSG
• App Settings for additional config
AppServiceVNetIntegration

@erwin_staal
• Provides secure and direct connection to Azure services
• Traffic from your VNet to the Azure service remains on the Microsoft network
• Lock down access to e.g. a Web App to specific VNet
• Public IP is still being used
ServiceEndpoint

@erwin_staal
• Azure Storage
• Azure SQL Database
• Azure SQL Data Warehouse
• Azure Database for PostgreSQL server
• Azure Database for MySQL server
• Azure Database for MariaDB
• Azure Cosmos DB
• Azure Key Vault
• Azure Service Bus
• Azure Event Hubs
• Azure Data Lake Store Gen 1
• Azure App Service
• Public Preview: Azure Container Registry
ServiceEndpoint

@erwin_staal
• Define a priority ordered allow/deny list that controls network access to your app
• IP addresses or Azure Virtual Network subnets
AccessRetrictiononWebApps

@erwin_staal
• Virtual network gateway used to send encrypted traffic between
• Azure virtual network and an on-premises location
• Azure virtual networks over the Microsoft network
• Site-to-Site and Multi-Site
• VNet-to-VNet connections
• ExpressRoute
• Point-to-Site VPN
• Certificate
• Azure AD
• RADIUS
• OpenVPN
VNetVPNGateway

Mais conteúdo relacionado

Mais procurados

ExpertsLive NL 2018 - A deepdive into Azure Networking

Karim Vaes

Understanding Azure Networking Services

InCycleSoftware

Azure Hub spoke v1.0

Sayed Ashraf Kazi

Are you looking to deploy a more complex structure of resources in Azure, all secured and segregated by precise boundaries while closely communicating with each other? Following the arrival of the advanced IaaS networking features in Azure (network security groups, routing, multi-NIC, â€¦) and their maturation in the last months, here is the moment for you to find a modern architectural vision of networking in Azure, with focus on multi-VNET / VPN topologies, and based on ARM deployment model.

Azure Networking: Innovative Features and Multi-VNet Topologies

Marius Zaharia

Azure vnet

zekeLabs Technologies

Networking deep dive

Jeroen Niesen

In this session, we will learn to create a Point-to-Site VPN connection using VPN Gateway. We will see how the Virtual Network Gateways are created in Azure, and what are the scenarios where Point-to-Site VPNs are useful This is the extension to the previous session, which was Part 02 of the Azure Virtual Network series. 1. Part 01 - https://www.youtube.com/watch?v=JPdo8... 2. Part 02 - https://www.youtube.com/watch?v=wQeg_...

Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...

Neeraj Kumar

MongoDB World 2018: Enterprise Security in the Cloud

MongoDB

Azure networking update 201908

Jay Kim

Secure Cloud Networking – Beyond Cloud Boundaries. When you are learning cloud, networking examples are just complicated enough to get you exposed to the networking fundamentals of that cloud. Real-life is quite a bit different. Matt Kazmar, Rod Stuhlmuller, Corbin Louks and Mark Cunningham from Aviatrix walks us through the complications of cloud networking, especially those encountered beyond one cloud.

GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries

James Anderson

Azure SDN stack offers comprehensive network virtualization functions to virtual machines running in Microsoft Azure. It provides the ability to host VMs in an isolated private network (Virtual Networks), high performance load balancing (SLB), scalable network ACLs (Network Security Groups), custom route tables (User defined Routes) and private connectivity to on-premises (Express Route). In this talk, Mario Lopez and Narayan Annamalai talk about Microsoft’s latest open source CNI plugin that will impart and integrate the rich SDN stack to containers running in Azure.

Build 2017 - P4045 - Azure VNet for Containers

Windows Developer

Citrix Cloud XL - Running Ctirix in Public Cloud

Marius Sandbu

Digitally Transform (And Keep) Your On-Premises File Servers

Aidan Finn

Azure Network and Infrastructure

Phi Huynh

Techniques for scaling application with security and visibility in cloud

Akshay Mathur

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Tom Kerkhove

Managing your secrets in a cloud environment

Taswar Bhatti

Mirantis OpenStack 4.0 Overview

Mirantis

Introduction to AWS VPC & Networking

Michael Pearce

Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...

Duc Lai Trung Minh

Mais procurados (20)

ExpertsLive NL 2018 - A deepdive into Azure Networking

Understanding Azure Networking Services

Azure Hub spoke v1.0

Azure Networking: Innovative Features and Multi-VNet Topologies

Azure vnet

Networking deep dive

Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...

MongoDB World 2018: Enterprise Security in the Cloud

Azure networking update 201908

GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries

Build 2017 - P4045 - Azure VNet for Containers

Citrix Cloud XL - Running Ctirix in Public Cloud

Digitally Transform (And Keep) Your On-Premises File Servers

Azure Network and Infrastructure

Techniques for scaling application with security and visibility in cloud

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Managing your secrets in a cloud environment

Mirantis OpenStack 4.0 Overview

Introduction to AWS VPC & Networking

Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...

Semelhante a Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azure focused 87th Devclub.lv

10052016115136.pptx

dixitgangaiah

Brk30176 enterprise class networking in azure

Abou CONDE

Building Intelligent Cloud with Microsoft Azure

WinWire Technologies Inc

A10 Lightning Application Delivery System (ADS) supports hybrid environments by providing secure application services and advanced analytics across the entire deployment – from traditional on-premise data centers, to public and/or private clouds, or any combination thereof. A10 Lightning employs a controller-based architecture that can self-managed on-premise or in a private cloud, or utilized as a SaaS offering managed by A10, to enable management of heterogeneous workloads across physical hardware-based environments, as well as public, private, and hybrid clouds. This presentation talks about our journey from a VM based Controller to a Kubernetes based Controller

Kubernetes as Orchestrator for A10 Lightning Controller

Akshay Mathur

Azure is now the clear #2 in public cloud behind AWS. While some cloud users are evaluating Azure vs. AWS, many enterprises are planning to use both cloud providers. But there are some notable differences between how the two clouds operate and the best practices for deploying workloads in each. The Azure vs. AWS Best Practices: What You Need to Know webinar will cover: Recent and coming enhancements for Azure. Azure vs. AWS differences for compute, networking, and storage. Best practices for cloud deployments in Azure and AWS. How to use both Azure and AWS.

Azure vs AWS Best Practices: What You Need to Know

RightScale

The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.

Getting Started on AWS

Amazon Web Services

ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS

European Collaboration Summit

Perth Azure Usergroup Build 2018 updates

Nirmal Thewarathanthri

Network security is back! Whether you are using Azure Kubernetes Services, IaaS virtual machines, App Services, or any other PaaS feature, securing your application or data is critical to the business. Azure security is constantly evolving and how we did things even one year ago isn't necessarily the best way anymore. Learn about Azure network security, design patterns, learn what is new, and even to see some things that are coming soon.

Securely Publishing Azure Services

BizTalk360

A Deepdive into Azure Networking

Karim Vaes

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.

High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...

Amazon Web Services

TenT-Day04.pptx

JohanMyburgh15

TenT-Day04.pptx

Johan Myburgh

Azure Networking (1).pptx

Razith2

Building Hybrid Cloud Apps with Azure and Azure stack

WinWire Technologies Inc

Demystifying azure networking for on premises-azure databases

Mohamed Wali

Implementing SharePoint on Azure, Lessons Learnt from a Real World Project

K.Mohamed Faizal

Companies are struggling to understand the various cloud deployment options and how they will effectively manage their environment. As organizations transition to using cloud solutions for part or all of their database configurations, the IT teams need to understand what choices they must make for ensuring they can meet business expectations for performance, security, and availability. IDERA’s Rob Reinauer shares insights into managing SQL Server environments from cloud to ground so that you can make confident decisions for your database deployments and mitigate the added data risks cloud environments can introduce.

IDERA Slides: Managing the Transition to Hybrid Cloud

DATAVERSITY

Microsoft Azure : Hey ITPRo's Meet Azure .. .again!

Mike Martin

by Kristof Rennen, Mike Martin IaaS in the public cloud, the final frontier. These are the voyages of the Enterprise IT team, it's mission: to be scalable and agile as possible. To achieve their mission goal they can use the new features of Microsoft Azure: •Azure Files •Azure RemoteApp •the new VNET features and it's big brother ExpressRoute •and much much more don't forget: Azure goes to Infinity and … beyond!

azure track -03- it pros meet azure - again

ITProceed

Semelhante a Network security with Azure PaaS services by Erwin Staal from 4DotNet at Azure focused 87th Devclub.lv (20)

10052016115136.pptx

Brk30176 enterprise class networking in azure

Building Intelligent Cloud with Microsoft Azure

Kubernetes as Orchestrator for A10 Lightning Controller

Azure vs AWS Best Practices: What You Need to Know

Getting Started on AWS

ECS19 - Mustafa Toroman, Sasa Kranjac - SOUP TO NUTS: MICROSOFT AZURE POWERCLASS

Perth Azure Usergroup Build 2018 updates

Securely Publishing Azure Services

A Deepdive into Azure Networking

High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...

TenT-Day04.pptx

Azure Networking (1).pptx

Building Hybrid Cloud Apps with Azure and Azure stack

Demystifying azure networking for on premises-azure databases

Implementing SharePoint on Azure, Lessons Learnt from a Real World Project

IDERA Slides: Managing the Transition to Hybrid Cloud

Microsoft Azure : Hey ITPRo's Meet Azure .. .again!

azure track -03- it pros meet azure - again

Mais de DevClub_lv

Fine-tuning Large Language Models by Dmitry Balabka

DevClub_lv

It is a talk regarding how AWS is utilized to manage around 200 services, 4+ million users and 20+ teams in Posti Group. The speaker will demonstrate how Posti is maintaining and controlling the ‘Infrastructure side’ of a variety of different cross-functional teams, with a unified approach. The presentation will focus on the approach, tools and tech with some concrete examples. It should be fairly comprehendible even for non-hands on IT professionals, however aimed at Software engineers, Infra and DevOps engineers and IT leaders.

"Infrastructure and AWS at Scale: The story of Posti" by Goran Gjorgievski @ ...

DevClub_lv

Erik Kaju from Wise will give a talk “From 50 to 500 product engineers – data-driven approach to building impactful and efficient product teams”. Product engineering is data-driven. It is best to avoid personal opinions and back actions with data. Sharing data transparently and making it broadly accessible within the whole company helps to scale and build faster. Data-driven practices are useful beyond just product development. Over the years, we have been systematic and methodological in how we scale the company and track its health. This is a story of Wise growing from a regular-sized with 50 engineers to one with 500. While our headcount has grown tenfold, the speed of our releasing and ability to deliver complex projects has risen significantly. It is crucial for the scale-up to not slow down. And that is only possible with effective and unhampered teams. Join Erik for fresh insights that will inspire you to grow your teams, track their health and experiment with team metrics. (Language – English) Erik is Director of Engineering at Wise.

From 50 to 500 product engineers – data-driven approach to building impactful...

DevClub_lv

Why is it so complex to accept a payment? by Dmitry Buzdin from A-Heads Consu...

DevClub_lv

Jurijs Čudnovskis from “Craftsmans Passion” will give a talk “Do we need DDD?“. While helping to build and scale multiple IT companies and during tons of interviews I’ve seen a lot of misunderstanding of Domain Driven Design. I would like to share with you my experience based point of view on why and how DDD can help you and your company to build better, more flexible and scalable software and solve real business needs. The talk will be not so much about technical aspect of DDD, but about core ideas behind with some real world examples. :) (Language – English) For more than 10 years Jurijs is helping multiple organizations to build their products and grow their companies. His passion is to find easiest solution for complex business problems and build excelent business oriented IT teams.

Do we need DDD? by Jurijs Čudnovskis from “Craftsmans Passion” at Fintech foc...

DevClub_lv

SRE (service reliability engineer) on big DevOps platform running on the clou...

DevClub_lv

In this talk, we will discuss what is IOT, what is the market and growth of IOT, security in IOT, and factor for the growth of IOT, how the invention of eSIM giving a boost in IOT, and need of cloud and steps for the codification of IOT with Azure. (Language – English) Narendra is a Technical Architect at Cognizant, other than coding his hobbies includes Travelling, reading technical books & watching thriller/sci-fi series.

Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...

DevClub_lv

Maintaining multiple code bases for the same application is often a pain in the neck for mobile developers. In the recent years, different frameworks have appeared in the market that aim to reduce the workload of developers by offering them a write-once-run-everywhere approach. In this session, Wei-Meng will take a quick look at the different frameworks available – Xamarin, React Native, and Flutter. He will focus on using Flutter and see how it makes your life as a mobile developer easier. (Language – English) Wei-Meng Lee is a technologist and founder of Developer Learning Solutions (http://www.learn2develop.net).

Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...

DevClub_lv

Change is inevitable. So is legacy. And too often, we as developers (who love to solve problems by coding) fall into the trap of believing the only way to fix it is by rewriting everything again and again. But how can we design an application architecture that is more resilient to change in the first place? How can we defend against entropy in a system where people are pushing changes every day? In this talk we’ll define what architecture means for the frontend, dispel some commonly-held myths, and look at specific tools and techniques on a scale from micro to macro that you can use today to keep your app from turning into that infamous ball of mud.

Building resilient frontend architecture by Monica Lent at FrontCon 2019

DevClub_lv

JavaScript can be a passive-aggressive and fickle language that can frustrate you at every turn. It lets you do things like declare variables anywhere, but doesn’t tell you that it will hoist them while you’re not looking. Learn how JavaScript organizes data by using key-based dictionaries and how it handles functions behind the scenes. Additionally, you'll learn how JavaScript uses arrow functions, closures, prototypes and inheritance, equality, and more. In this session, you'll learn little known facts about JavaScript, as well as frequently experienced JavaScript headaches and mistakes, and ways to avoid them. Learn these key facets of JavaScript and take your knowledge to the next level!

Things that every JavaScript developer should know by Rachel Appel at FrontCo...

DevClub_lv

Front-end developers have grown accustomed to protecting themselves from attackers seeking to exploit vectors such as cross-site scripting and malicious input, but the prevalence of reusable micro-libraries in the Node.js ecosystem makes JavaScript developers particularly susceptible to software supply chain attacks. In this session Mitch will share his perspective on helping to protect Microsoft and its customers from these supply chain attacks and what it is like being the vendor of an artifact management service which often plays the middleman between target and victim. Learn how Microsoft tackles the problem of securely taking dependencies on open source software and what problems scanning tools can and can’t solve and thoughts on how we as an industry could start to tackle the problem for 0-day malicious packages.

In the Trenches During a Software Supply Chain Attack by Mitch Denny at Front...

DevClub_lv

Software Decision Making in Terms of Uncertainty by Ziv Levy at FrontCon 2019

DevClub_lv

V8 is complicated. Things change way too fast and it’s really hard to keep track of what’s the fastest way of doing every specific action. But not anymore. Join me, a V8 contributor, on a journey through the compilation pipeline of V8 and understand how it all works under the hood. We’ll take the example of a popular JavaScript builtin method and find that what does and does not trigger de-optimization. By the end of the talk, you will have a fairly decent idea of how builtins are written inside the V8 compilation pipeline, and how to make sure you always take the fast path, no matter what.

V8 by example: A journey through the compilation pipeline by Ujjwas Sharma at...

DevClub_lv

The main topic of this talk is a short introduction to Storybook.js, JavaScript library that allows us to create independent and interactive UX components from already existing ones, developed in frameworks such as Angular, React or Vue. Reusing the components, we create an isolated environment that can be shared within the organization and enable a collaboration between designers and developers on a whole new level. Different use-cases will be described using Angular as a framework of choice with practical examples.

Bridging the gap between UX and development - A Storybook by Marko Letic at F...

DevClub_lv

This talk will cover the whole UX development process and many choices that we as a team did, to get where we are now. When you think about frontend, it’s not just a developers who writes Javascript. If you want to make it right, you need UX researchers, UX designers, UI designers, Visual Designers, Technical writers and, of course, UX developers. I would like to talk about each roll in short and how they help and why you should have all of them to achieve best results. After that I want to go into more technical details on why EmberJs (its not so trendy, right?). How we work with ES6 and why we see future in Typescript. I will structure a talk in terms of a “technical challenge – pros/cons – why we’ve chose A and not B”. For example: We have 16 applications internal and external. Why we have them separate and not a single app. We had ~8-10 internal packages and we’ve merged them into 2. Why we’ve did that and why benefits out-weighted cons? Also, from the talk point, I want to start with a real Cybersecurity case and how how it gets solved

Case-study: Frontend in Cybersecurity by Ruslan Zavacky by FrontCon 2019

DevClub_lv

Page load times can influence conversion rates and store profitability a lot. PWA is a magic keyword that can deliver fast page load times and happy customers that buy a lot. PWA was coming to Magento, there were several competing solutions, but we wanted to be the best and stand out. Being the most certified Magento agency in the world Scandiweb wanted to make something that is both compatible with default Magneto, but also easier to use and faster. So this is a story of looking at competitors and finding our niche as well as building on experience gained by creating solutions for the world’s top brands. The talk will share approaches investigated and selected and look into tips and tricks used to get out most of React, Webpack, Mobx and other cool frontend tools. There is also some GraphQl and aspects of integration with Magento.

Building next generation PWA e-commerce frontend by Raivis Dejus at FrontCon ...

DevClub_lv

Parcel – your next web application bundler? by Janis Koselevs at FrontCon 2019

DevClub_lv

Redux is one of the most popular technologies for the management of shared state across entire React applications, which can be complemented by Redux Observable to describe asynchronous side effects with RxJS. This approach, however, adds cognitive load when balancing the varying concepts across these three libraries. What if we could use RxJS exclusively for managing state in our React apps? This talk will demonstrate this possibility and the benefits it provides.

Managing State in React Apps with RxJS by James Wright at FrontCon 2019

DevClub_lv

AAA 3D GRAPHICS ON THE WEB WITH REACTJS + BABYLONJS + UNITY3D by Denis Radin ...

DevClub_lv

World Health Organization reports, that 97% of JS developers use webpack, but only 2% fully understand how it works. This leads to higher amounts of stress, bigger bundles and 64.26726df1f478a5af4bd6.js. However, understanding the mechanics under the hood together with the extension capabilities proved increasing developers’ happiness by 100%. This talk will briefly reveal the magic behind webpack and showcase how you can easily extend it with your own plugins and loaders. Audience level: intermediate to senior developers using webpack in everyday life.

HOW TO EXTEND WEBPACK WITH YOUR OWN PLUGINS

DevClub_lv

Mais de DevClub_lv (20)