堆栈内存溢出
  简体   繁体   English

vnet 中的多个子网需要通过专用终结点/服务终结点访问同一存储帐户

[英]Multiple subnets in vnet needing access to same storage account via Private Endpoint/Service Endpoint

 原文  2022-10-01 21:21:19       azure/ endpoint

问题描述


Would this understanding be correct? 这种理解是否正确?
In order to achieve the objective of connecting multiple subnets in a vnet to a single storage account using: 为了实现将 vnet 中的多个子网连接到单个存储帐户的目标,使用:
1.Service Endpoint - requires a service endpoint to be created in each subnet 1.Service Endpoint——需要在每个子网中创建一个服务端点
2.Private Endpoint - single private endpoint in the vnet is sufficient for all subnets of this vnet(and same private endpoint works across peered vnets too,unlike service endpoints). 2.私有端点——vnet 中的单个私有端点足以满足此 vnet 的所有子网(并且与服务端点不同,同一私有端点也可以跨对等 vnet 工作)。

专用端点和多个 subnets_peering

在此处输入图像描述 Regards,问候,
Aditya Garg阿迪亚加格

1 个解决方案

解决方案1
 0  2022-12-16 11:20:39

That understanding is correct.这种理解是正确的。 Service endpoints are created on the subnet level and need to be specified there, like in that Terraform example here:服务端点是在子网级别创建的,需要在那里指定,就像这里的 Terraform 示例一样:

resource "azurerm_subnet" "database-subnet" {
  name = "database-subnet"
  address_prefixes = ["10.0.2.0/24"]
  resource_group_name = var.resourcegroup_name
  virtual_network_name = azurerm_virtual_network.vnet1.name
  service_endpoints = [ "Microsoft.Sql" ]
}

A private endpoint on the other hand gives you an IP in your own vnet representing a specific instance of a PaaS-Service (like a specific database within the Azure SQL Database service).另一方面,专用端点在您自己的 vnet 中为您提供一个 IP,代表 PaaS 服务的特定实例(如 Azure SQL 数据库服务中的特定数据库)。 That internal IP is reachable from all your subnets.该内部 IP 可从您的所有子网访问。 Intra-Subnet routing is done by default in Azure, so there's no need to set up some sort of custom / user defined routing.默认情况下,子网内路由在 Azure 中完成,因此无需设置某种自定义/用户定义的路由。

When using service endpoints together with network security groups (nsg) on the subnet(s), one has to make sure to best use "service tags" within the nsg rules, since otherwise the system can break when PaaS-Services change their IP-ranges which might have been used in the nsg rules.当在子网上将服务端点与网络安全组 (nsg) 一起使用时,必须确保在 nsg 规则中最好地使用“服务标签”,否则当 PaaS 服务更改其 IP 时系统可能会中断- nsg 规则中可能使用的范围。 So service tags are used instead of IP ranges in that scenario.因此在该场景中使用服务标签而不是 IP 范围。

And of course like briefly mentioned in one of the answers in the linked question, there are further differences between the two options.当然,就像在链接问题的一个答案中简要提到的那样,这两个选项之间还有更多区别。 I only like to mention the pricing very quickly: Service endpoints are completely free of charge, whereas service endpoints have a pricing per hour + per data volume being send through them.我只想很快提到定价:服务端点是完全免费的,而服务端点按小时 + 通过它们发送的数据量定价。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将带有私有终结点的 Azure 数据工厂连接到具有同一 VNet 中的另一个私有终结点的存储帐户 - Connect Azure Data Factory with Private Endpoint to Storage Account with another Private Endpoint in the same VNet 使用专用端点时使用专用 IP 访问存储帐户 - Access storage account using private IP when using private endpoint App Service VNet与Azure存储服务端点集成 - App Service VNet Integration with Azure Storage Service Endpoint Function 具有 Vnet 集成和专用端点的应用程序 -> 服务器响应:服务不可用 - Function App with Vnet integration and Private Endpoint -> Server Response: Service Unavailable 使用 Terrafrom 的同一 VNet 中的多个子网 - Multiple subnets in same VNet with Terrafrom Azure 具有存储服务端点策略的 VNET 中的批处理 - Azure Batch within a VNET that has a Service endpoint policy for Storage Azure CDN 与存储帐户专用终结点 - Azure CDN with storage account private endpoint Azure 如何在 VNET 内部通过私有 IP 调用 Azure 私有终结点(Azure 私有链接服务) - Azure How can I call Azure Private Endpoint (Azure Private Link service) by private IP inside of VNET “KeyVaultAuthenticationFailure”当存储帐户尝试使用专用端点访问 Key Vault 中的客户托管密钥时(使用 Terraform) - "KeyVaultAuthenticationFailure" when Storage Account attempts to Access Customer Managed Key in Key Vault with Private Endpoint (Using Terraform) 将文件共享添加到具有专用终结点的存储帐户时出错 - Error adding files shares to a storage account with a private endpoint
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM