如何从 Azure App Service 安全访问 prem 数据库
How to security access onprem database from Azure AppService
有没有办法从 AppService 安全地访问本地 Sql 服务器?
IT 人员对于允许需要访问我们的本地数据库的应用服务感到紧张。
我不是网络专家,正在努力想出一个解决方案。
我唯一想到的就是创建一个新数据库 (CDS_API)。然后为 AppService 提供一个到该数据库的连接字符串。然后该数据库将有权访问主数据库 (CDS)。
如果 AppService 只有 CDS_API 的执行权限,这对我来说似乎是安全的。我错过了什么吗?
有更好的方法吗?
简单的解决方案是使用 App Service Hybrid Connection
Hybrid Connections can be used to access application resources in any
network that can make outbound calls to Azure over port 443. Hybrid
Connections provides access from your app to a TCP endpoint and does
not enable a new way to access your app. As used in App Service, each
Hybrid Connection correlates to a single TCP host and port
combination. This enables your apps to access resources on any OS,
provided it is a TCP endpoint. The Hybrid Connections feature does not
know or care what the application protocol is, or what you are
accessing. It simply provides network access.
或者,您可以 Integrate your app with an Azure virtual network which is connected securely to your on-prem networks either with a Site-to-Site VPN or over ExpressRoute。
有没有办法从 AppService 安全地访问本地 Sql 服务器?
IT 人员对于允许需要访问我们的本地数据库的应用服务感到紧张。
我不是网络专家,正在努力想出一个解决方案。
我唯一想到的就是创建一个新数据库 (CDS_API)。然后为 AppService 提供一个到该数据库的连接字符串。然后该数据库将有权访问主数据库 (CDS)。
如果 AppService 只有 CDS_API 的执行权限,这对我来说似乎是安全的。我错过了什么吗?
有更好的方法吗?
简单的解决方案是使用 App Service Hybrid Connection
Hybrid Connections can be used to access application resources in any network that can make outbound calls to Azure over port 443. Hybrid Connections provides access from your app to a TCP endpoint and does not enable a new way to access your app. As used in App Service, each Hybrid Connection correlates to a single TCP host and port combination. This enables your apps to access resources on any OS, provided it is a TCP endpoint. The Hybrid Connections feature does not know or care what the application protocol is, or what you are accessing. It simply provides network access.
或者,您可以 Integrate your app with an Azure virtual network which is connected securely to your on-prem networks either with a Site-to-Site VPN or over ExpressRoute。