Azure Storage Vnet rule vs Adding a Vnet
Question
We have made our azure storage private by adding a Vnet and restricting public access. We also have a policy that checks Vnet rules. The policy says it is non-complaint. So what is the difference between Vnet rule and adding a Vnet to the storage account networking?
1 answers
solution1
0 2021-03-25 07:36:06
Storage accounts have a public endpoint that is accessible through the internet. You can also create Private Endpoints for your storage accoun t, which assigns a private IP address from your VNet to the storage account and secures all traffic between your VNet and the storage account over a private link.
When you add a VNet to a storage account networking, it means that only applications requesting data over the specified set of networks can access the storage account. This provides access control for the public endpoint of your storage account. The storage account actually is not private because when you grant access from a VNet, it enables a service endpoint for Azure Storage within the VNet. The service endpoint routes traffic from the VNet through an optimal path to the Azure Storage service. The identities of the subnet and the virtual network are also transmitted with each request.
With service endpoints, the source IP addresses of the virtual machines in the subnet for service traffic switches from using public IPv4 addresses to using private IPv4 addresses.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.