Azure Classroomnotes 04/Aug/2022

Network Security Groups

  • This is used to filter the network traffic.
  • It processes the security rules based on priority
  • Consider the following inbound security rules in the NSG
# Priority Protocol Source Source Port Destination Destination Port Action
300 TCP * * * 80 Allow
320 TCP * * * 443 Allow
  • Now consider the following nsg attached to network interface of the virtual machine
  • Use case 1: User from source is try to establish ssh connection:
    • The connection will be denied as the security rules have no rule matching 22 port
  • Use case 2: A virtual machine from the same vnet is trying to connect to the vm with the above rules:
    • Default Security rules allow all traffic from with in vnet.

Scenario – Simple Ntier-Architecture

  • Consider the following ntier architecture
  • Lets create a NSG for vms in
    • Web subnet which should allow all the traffic
      • on port 80 and 22 from anywhere
      • on any port with in the vnet
    • Db & business subnet which allows all the traffic with in the vnet.
  • We need to create 3 subnets in a vnet
  • In Each subnet create a vm and attach the suitable nsg
  • Web NSG
  • privatensg: create a nsg and don’t change any rules stick to default nsg security rules
  • Lets create a vnet with 3 subnets
  • Lets create the following vms ubuntu 20.04 in
    • db
    • business
    • web
  • To connect to db server / business server you need to first ssh into web server and then ssh from web into business/db server.
  • Any server which is connected to public network and helps you connecting to the private machines/vm is generally referred as
    • jump box
    • bastion host

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner