简体繁体 English

Azure 存储 Vnet 规则与添加 Vnet

[英]Azure Storage Vnet rule vs Adding a Vnet

原文 2021-03-24 07:45:34 6 1 azure/ azure-storage/ azure-virtual-network

We have made our azure storage private by adding a Vnet and restricting public access.通过添加 Vnet 并限制公共访问，我们将 azure 存储设为私有。 We also have a policy that checks Vnet rules.我们还有一个检查 Vnet 规则的策略。 The policy says it is non-complaint.该政策说它是不投诉的。 So what is the difference between Vnet rule and adding a Vnet to the storage account networking?那么 Vnet 规则和将 Vnet 添加到存储帐户网络之间有什么区别？

1 个解决方案

Storage accounts have a public endpoint that is accessible through the internet.存储帐户具有可通过 Internet 访问的公共终结点。 You can also create Private Endpoints for your storage accoun t, which assigns a private IP address from your VNet to the storage account and secures all traffic between your VNet and the storage account over a private link.您还可以为您的存储帐户创建专用终结点，这会将您的 VNet 中的专用 IP 地址分配给存储帐户，并通过专用链接保护您的 VNet 和存储帐户之间的所有流量。

When you add a VNet to a storage account networking, it means that only applications requesting data over the specified set of networks can access the storage account.将 VNet 添加到存储帐户网络时，这意味着只有通过指定网络集请求数据的应用程序才能访问存储帐户。 This provides access control for the public endpoint of your storage account.这为您的存储帐户的公共终结点提供访问控制。 The storage account actually is not private because when you grant access from a VNet, it enables a service endpoint for Azure Storage within the VNet.存储帐户实际上不是私有的，因为当您从 VNet 授予访问权限时，它会为 VNet 中的 Azure 存储启用服务终结点。 The service endpoint routes traffic from the VNet through an optimal path to the Azure Storage service.服务终结点通过最佳路径将来自 VNet 的流量路由到 Azure 存储服务。 The identities of the subnet and the virtual network are also transmitted with each request.子网和虚拟网络的身份也随每个请求一起传输。

With service endpoints, the source IP addresses of the virtual machines in the subnet for service traffic switches from using public IPv4 addresses to using private IPv4 addresses.使用服务端点，子网中虚拟机的源 IP 地址用于服务流量从使用公共 IPv4 地址切换到使用私有 IPv4 地址。