Azure ARM architecture pattern: a DMZ design with a firewall appliance

9th of March, 2018 / / No Comments

Im in the process of putting together a new Azure design for a client. As always in Azure, the network components form the core of the design. There was a couple of key requirements that needed to be addressed that the existing environment had outgrown: lack of any layer 7 edge heightened security controls and a lack of a DMZ.

I was going through some designs that I’ve previously done and was checking the Microsoft literature on what some fresh design patterns might look like, in case anythings changed in recent times.… [Keep reading] “Azure ARM architecture pattern: a DMZ design with a firewall appliance”

Azure Application Security Groups

21st of November, 2017 / / 3 Comments

Azure Application Security Groups (ASG) are a new feature, currently in Preview, that allows for configuring network security using an application-centric approach within Network Security Groups (NSG). This approach allows for the grouping of Virtual Machines logicaly, irrespective of their IP address or subnet assignment within a VNet.

They work by assigning the network interfaces of virtual machines, as members of the ASG. ASGs are then used within NSGs as either a source or destination of a rule, and this provides additional options and flexibility for controlling network flows of resources within a subnet.[Keep reading] “Azure Application Security Groups”

Enabling and Scripting Azure Virtual Machine Just-In-Time Access

24th of July, 2017 / / No Comments

Last week (19 July 2017) one of Microsoft’s Azure Security Center’s latest features went from Private Preview to Public Preview. The feature is Azure Just in time Virtual Machine Access.

What is Just in time Virtual Machine access ?

Essentially JIT VM Access is a wrapper for automating an Azure Network Security Group rule set for access to an Azure VM(s) for a temporal period on a set of network ports restricted to a source IP/Network.… [Keep reading] “Enabling and Scripting Azure Virtual Machine Just-In-Time Access”

Secure Azure Virtual Network and create DMZ on Azure VNET using Network Security Groups (NSG)

7th of November, 2014 / / 20 Comments

At TechEd Europe 2014, Microsoft announced the General Availability of Network Security Groups (NSGs) which add security feature to Azure’s Virtual Networking capability. Network Security Groups provides Access Control on Azure Virtual Network and the feature that is very compelling from security point of view. NSG is one of the feature Enterprise customers have been waiting for.

What are Network Security Groups and how to use them?

Network Security Groups allow us to control traffic (ingress and egress) on our Azure VNET using rules we define and provide segmentation within VNET by applying Network Security Groups to our subnet as well as Access Control to VMs.… [Keep reading] “Secure Azure Virtual Network and create DMZ on Azure VNET using Network Security Groups (NSG)”