Jul 30 2021 02:53 AM
Hi,
We have an on-prem backup solution, and we want to leverage Azure Blob storage to store the backups. We would like all data to only traverse our site-to-site VPN into Azure, therefore we don't want the Blob exposed to the internet at all.
Can someone please advise how we can secure the traffic flow, so that the backups only flow:
On-Prem --> S2S VPN --> Blob.
If anyone could help that would be fantastic!
Jul 31 2021 05:35 AM - edited Jul 31 2021 05:37 AM
Solution
You can use private endpoint for the blob so it will be no longer accessible from the internet .
Benefits :
But you need to configure dns resolution to be able to join it through VPN .
It means you should ensure that :
- You have a dedicated subnet for the private endpoint
- This subnet reside in a Vnet accessible through VPN
- This vnet have a custom dns (dns forwarder )
Aug 02 2021 06:53 AM
Jul 31 2021 05:35 AM - edited Jul 31 2021 05:37 AM
Solution
You can use private endpoint for the blob so it will be no longer accessible from the internet .
Benefits :
But you need to configure dns resolution to be able to join it through VPN .
It means you should ensure that :
- You have a dedicated subnet for the private endpoint
- This subnet reside in a Vnet accessible through VPN
- This vnet have a custom dns (dns forwarder )