eGuides

The DevOps Guide to Azure Costs

Issue link: https://resources.cloudbolt.io/i/1435563

Contents of this Issue

Navigation

Page 69 of 69

CloudBolt software CloudBolt Software is the enterprise cloud management leader. Our comprehensive solutions for IT automation, orchestration, self-service IT, cost optimization, and security help enterprises simplify complexity and achieve rapid time-to-value anywhere on their hybrid cloud, multicloud journey. Our award-winning cloud management platform and infrastructure integration services are deployed and loved by enterprises worldwide. Backed by Insight Partners, CloudBolt Software has been named one of the fastest-growing private companies on the Deloitte Fast 500 and Inc. 5000 lists. In addition, CloudBolt is 2020 CODiE award winner for best cloud management and featured in Gartner's Magic Quadrant for Cloud Management Platforms. W W W . C L O U D B O L T . I O I N F O @ C L O U D B O L T . I O 7 0 3 . 6 6 5 . 1 0 6 0 J O I N T H E C O N V E R S A T I O N 69 CloudBolt Industry Insights Report: The DevOps Guide to Azure Costs When you need to manage multiple objects, you can leverage virtual network service tags. These Azure resources represent a group of IP address prefixes that relate to a particular Azure service. For example, "VirtualNetwork" represents the entire VNet address range, and "Internet" indicates all external IP addresses that are publicly routable. Therefore, using the tags in your source and destination fields enhances the readability of your NSG rules. Use Tags to Improve Readability Although Azure NSGs offer adequate security, they do have some limitations. Microsoft offers Azure Firewall, a highly available, managed service providing additional security features relevant to some use cases. The table below details the functionality available for both security products. Azure NSG Shortcomings and Limitations Feature Azure NSG Azure Firewall Filters traffic on Layer 3 (network) and Layer 4 (session). OSI Layers Filters traffic on Layer3 (network), Layer 4 (session), and Layer 7 (application). Yes Protocol-based traffic filtering Yes Yes Service Tag support Yes No Fully Qualified Domain Name (FQDN) Tag support Yes – With Azure Firewall, you can tag a group of fully qualified domain names, like Windows Updates or Microsoft 365 services. No Source Network Address Translation (SNAT) Yes – Azure Firewall allows you to configure a public IP to mask an internal IP. No Destination Network Address Translation (DNAT) Yes – Azure Firewall supports DNAT, which you can use to translate incoming traffic to the private IP address of your virtual network. Yes – However, Flow Logs with Traffic Analysis is not enabled by default. Integrated with Azure Monitor Yes – However, diagnostic logging is not enabled by default. No Threat Intelligence Yes – Azure Firewall gives you the ability to block traffic based on Microsoft threat analytics data.

Articles in this issue

Links on this page

view archives of eGuides - The DevOps Guide to Azure Costs