Microsoft Azure Network Security Group (NSG) Example

Here is a quick example of using Network Security Group (NSG) within Microsoft Azure to protect your workload.  In terms of design perspective you would setup a Virtual Network and then attach a large address space.  This would then be carved into smaller subnets for various workload like Internet facing traffic, middle-tier applications and back-end applications.  To control the traffic flow and enable security you can apply multiple NSG’s.  The effect would be as per diagram.

 

Note: Always check https://azure.microsoft.com for up to date information

 

Example of DIP, PIP, ILPIP and VIP on Microsoft Azure

Here is a quick example of how the IP addressing works both on the Azure Service Manager (ASM) Classic Portal (https://manage.windowsazure.com) and the Azure Resource Manager (ARM) Portal (https://portal.azure.com)

DIP = Dynamic IP Address,  IP address given to each virtual machine.  This can be set to static “DHCP reservation” (don’t configure this address within the virtual machine itself as you will loose access)

PIP or ILPIP= Instance Level Public IP is directly attached to a VM.  Example of use: Passive FTP server that needs large amount of ports open.

VIP = Public facing Virtual IP assigned to a cloud service from a Pool of IP’s managed by Microsoft (assignment -geo-political region)

EP = End Point

Note: Always check https://azure.microsoft.com for up to date information