Application Security Groups
- It is logical grouping Network Interfaces
- While creating NSG , we can use ASG as Source or Destination, Which gives us control over traffic to allow or deny it
- Lets assume we have 10 vms in a VNET scattered across different subnets, out of which
- 3 are web
- 2 are app
- 3 are db
- 2 are cache servers
- To solve restricted communication between applications, we create 4 asgs and bind them to network interfaces
- Now change the NSGs to control the vms communication with asg’s in the place of IP address ranges.
Network Appliance
- Any special Network behavior like proxy, internet security, scans etc can be added to azure vnet by adding network appliances. (Check in the Azure Marketplace)
- Now so far we never had a situation to control the routes because we were used system defined routing
- It allows communication within subnets
- It allows the traffic to be forwarded to internet or recieved from internet
- We need to look at azure routing or Route Tables.
- Some of the cases where network appliances are used are
- Firewall (External Firewalls)
- Proxy Servers
- Traffic Filtering
Create a Network as shown below
- Using Portal
- Using CLI
- Using Powershell