限制对我的 ServiceFabric 集群的访问,只允许一个 IP(API 管理)
Restrict access to my ServiceFabric cluster, only allowing one IP (API Management)
我们正在提高我们最近开发的软件(运行 在 Service Fabric 上)的安全性,并希望所有流量都经过 API 管理。在 SFcluster 的负载平衡器中,您可以限制端口级别的访问,但我在哪里可以限制 IP 地址级别的集群访问?我们只想允许来自 API Management 的传入流量,并阻止其他所有内容,因此将所有 IP 地址列入黑名单,但 API Managemnet IP。
谢谢!
您可以为此使用 Network Security Group。
A network security group (NSG) contains a list of security rules that
allow or deny network traffic to resources connected to Azure Virtual
Networks (VNet). NSGs can be associated to subnets, individual VMs
(classic), or individual network interfaces (NIC) attached to VMs
(Resource Manager). When an NSG is associated to a subnet, the rules
apply to all resources connected to the subnet. Traffic can further be
restricted by also associating an NSG to a VM or NIC.
This quick start template 描述了如何部署一个。
有关网络的更多信息 here。
我们正在提高我们最近开发的软件(运行 在 Service Fabric 上)的安全性,并希望所有流量都经过 API 管理。在 SFcluster 的负载平衡器中,您可以限制端口级别的访问,但我在哪里可以限制 IP 地址级别的集群访问?我们只想允许来自 API Management 的传入流量,并阻止其他所有内容,因此将所有 IP 地址列入黑名单,但 API Managemnet IP。
谢谢!
您可以为此使用 Network Security Group。
A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager). When an NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can further be restricted by also associating an NSG to a VM or NIC.
This quick start template 描述了如何部署一个。 有关网络的更多信息 here。