Azure 应用服务隔离和安全

Question

我有多个 App Services 托管在一个 App Service plan（基本小型）上，它基本上是一个完全托管的虚拟机，所有资源都为我保留。这些都是 Asp.Net 个应用程序。

因为我还有大量资源可用，所以我正在考虑将我的 WordPress 应用程序迁移到 Azure（每个应用程序都迁移到同一个 App Service plan.

中的新 App Service

不幸的是，WordPress 有时会被感染。如果没有适当隔离，感染也可以传播到其他网站（受感染的网站可能会更改其他网站的文件）。

所以我的问题是：

如果我的一个 WordPress 网站被感染，来自不同 App Services 的其他网站也会受到感染，但同一个 App Service plan 也处于危险之中？

Answer 1

这个问题的答案在很大程度上取决于您如何信任 Microsoft 及其声明。

All Azure Web Apps (as well as Mobile App/Services, WebJobs and Functions) run in a secure environment called a sandbox. Each app runs inside its own sandbox, isolating its execution from other instances on the same machine as well as providing an additional degree of security and privacy which would otherwise not be available. The sandbox mechanism aims to ensure that each app running on a machine will have a minimum guaranteed level of service; furthermore, the runtime limits enforced by the sandbox protects apps from being adversely affected by other resource-intensive apps which may be running on the same machine.

所以它应该是安全的。

https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox