azure:az-500:platform_protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:platform_protection [2022/06/27 20:04] – [Application Gateway] mmuzeazure:az-500:platform_protection [2022/07/22 00:42] (current) mmuze
Line 66: Line 66:
 ====== Front Door ====== ====== Front Door ======
   * **Front Door** is a global layer 7 load-balancer service   * **Front Door** is a global layer 7 load-balancer service
 +  * [[https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq]]
   * The Premium v2 sku supports **Private Endpoints** for the origin servers   * The Premium v2 sku supports **Private Endpoints** for the origin servers
 +
 +=== Application Gateway vs Front Door ===
 +
 +> While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a non-regional service whereas Application Gateway is a regional service.
 +
  
 ====== Network Security Groups (NSGs) ====== ====== Network Security Groups (NSGs) ======
Line 86: Line 92:
       * The Service Endpoint route takes a higher precedence than the default route.       * The Service Endpoint route takes a higher precedence than the default route.
  
 +{{ :azure:az-500:service-endpoints.png |}}
 ===== Private Endpoint ===== ===== Private Endpoint =====
   * **Private Endpoint** allows you to connect your virtual network to services in Azure without a public IP address at the source or destination.   * **Private Endpoint** allows you to connect your virtual network to services in Azure without a public IP address at the source or destination.
   * The key difference between Private Link and Service Endpoints is that with Private Link you are injecting the multi-tenant PaaS resource into your virtual network.   * The key difference between Private Link and Service Endpoints is that with Private Link you are injecting the multi-tenant PaaS resource into your virtual network.
-  * With Service Endpoints, traffic still left you Vnet and hit the public endpoint of the PaaS resource, with Private Link the PaaS resource sits within your Vnet and gets a private IP on your Vnet. When you send traffic to the PaaS resource, it does not leave the virtual network.+  * With Service Endpoints, traffic still leaves your Vnet and hits the public endpoint of the PaaS resource, with Private Link the PaaS resource sits within your Vnet and gets a private IP on your Vnet. When you send traffic to the PaaS resource, it does not leave the virtual network.
  
 {{ :azure:az-500:private-endpoint.png }} {{ :azure:az-500:private-endpoint.png }}
Line 98: Line 105:
  
 This is sometimes referred to as back hauling. This is sometimes referred to as back hauling.
 +
 +====== Disk Encryption ======
 +  * Windows uses BitLock for disk encryption
 +  * Linux uses DM-Crypt for disk encryption
 +  * Disks are stored as page blobs in storage accounts
 +  * Customer managed keys can be used and kept in Azure Key Vault
 +
 +====== Container Security ======
 +  * ACR = Azure Container Registry
 +  * [[https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles|ACR Roles]]
 +
  
  • azure/az-500/platform_protection.1656360273.txt.gz
  • Last modified: 2022/06/27 20:04
  • by mmuze