简体   繁体   English

如何保护部署到虚拟网络的Azure角色的安全?

[英]How to secure an Azure role deployed to a virtual network?

I am trying to place a web role behind a proxy. 我正在尝试将Web角色放在代理后面。 I have the proxy as web role (Proxy Role), and also another web role (Secured Role) that the proxy is to secure. 我有代理作为Web角色(代理角色),还有代理要保护的另一个Web角色(安全角色)。 The proxy is to accept incoming traffic, authenticate it and then either block it or pass it to the web role. 代理将接受传入流量,对其进行身份验证,然后阻止它或将其传递给Web角色。 The roles are deployed to a single virtual network. 角色被部署到单个虚拟网络。

One option is to only open internal endpoints on the Secured Role and deploy together with the Proxy Role which would have a input endpoint (as described here ). 一种选择是在担保角色只开放内部端点和与将有一个输入端点代理角色一起部署(如描述在这里 )。 In this way, the Proxy Role is publicly accessible and the Secured Role is not. 这样,可以公开访问代理角色,而不能访问安全角色。 The Proxy Role however can pass authenticated traffic to an internal endpoint on the Secured Role. 但是,代理角色可以将经过身份验证的流量传递到安全角色上的内部端点。

The problems with this option are: 此选项的问题是:

  • Only works for roles. 仅适用于角色。
  • The roles have to be deployed together. 这些角色必须一起部署。
  • The internal endpoints on the Secured Role aren't load balanced. 安全角色上的内部端点未达到负载平衡。

What initially seemed like another option is to have multiple subnets within the virtual network where these roles are deployed. 最初看来,另一种选择是在虚拟网络中具有多个部署了这些角色的子网。 The Proxy Role will be in one subnet and the Secured Role will be in another subnet. 代理角色将在一个子网中,安全角色将在另一个子网中。 Then, access to the subnet where the Secured Role is placed would be secured with ACLs. 然后,将使用ACL保护对放置安全角色的子网的访问。 The problem is that ACLs are only for virtual machines not roles as described here . 问题在于,ACL仅适用于虚拟机,而不适用于此处所述的角色。

Yet another option is to have two virtual networks, one for the Proxy Role and one for the Secured Role. 还有一个选择是拥有两个虚拟网络,一个用于代理角色,一个用于安全角色。 However, it isn't possible to ensure that the virtual network containing the secured role is only accessible by the virtual network containing the Proxy role. 但是,无法确保包含安全角色的虚拟网络只能由包含代理角色的虚拟网络访问。 The virtual network gateway concepts seems to only be applicable to on-premise to cloud communication, not communication between virtual networks. 虚拟网络网关概念似乎仅适用于本地到云的通信,不适用于虚拟网络之间的通信。

Have you looked at the Azure Service Bus? 您是否看过Azure服务总线?

Keep your apps connected across private and public cloud environments Windows Azure Service Bus provides the messaging channel for connecting your cloud applications to your on-premises applications, services and systems. 保持应用程序在私有和公共云环境之间的连接Windows Azure Service Bus提供了消息传递通道,用于将云应用程序连接到本地应用程序,服务和系统。

http://www.windowsazure.com/en-us/services/messaging/ http://www.windowsazure.com/en-us/services/messaging/

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure WebJobs有多安全? - How secure are Azure WebJobs? 从 Azure 虚拟机中的 SQL 数据库在线安全连接到 PowerBI - Secure Connection to PowerBI Online from a SQL Database in Azure Virtual Machine 如何在 Azure 门户上的虚拟网络中启用虚拟机保护? - How do I enable Vm protection in my virtual network on Azure Portal? 如何为安全的登录表单实现虚拟键盘? - How to implement virtual keyboard for secure Login form? Azure SQL连接的安全性如何? - How secure is Azure SQL connection? 如何保护数据并更新部署到另一个实体的应用程序中的数据? - how to secure data and update data in an application deployed to another entity? Azure API 管理 - 如何保护订阅密钥 - Azure API Management - How to secure Subscription key 如何使用Azure和Github保护SMTP信息? - How to secure smtp info with Azure and Github? Apache:如何将虚拟目录限制为本地网络 - Apache: how to limit virtual dir to local network 可以使用ARM模板部署在Azure虚拟机上启用安全启动吗? - Can secure boot be enabled on Azure virtual machines using ARM template deployment?
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM