DEV Community

Discussion on: Using Azure private links and private DNS zones with globally distributed resources

Collapse
jjuelke profile image
Jochen Juelke

woooww, you blog blasted my brain! ;) thanks kai for sharing this real life insights and learnings in enterprise-scale challenges with azure. one questions came to my mind on reading: Does access/management to the secured resources via portal.azure.com still work in this scenario with service/private links ootb across the network boundaries? Or do you have even no more need to use portal.azure.com (eg. use the portal-storage explorer to check blobs in storage..) for administration in this scenario?

Collapse
kaiwalter profile image
Kai Walter Author

Thanks JJ!
Indeed implementing access management - if you refer to IAM - is one of the next things I will add to this setup - so right now I cannot tell. Right now devs do not have access to this environment anyway and admins would use jump VMs - for Portal, PowerShell and CLI.
Also we use a script which an admin can use to link his/her own VM to the enviroment. Storage Explorer, Data Explorer, etc. I do not want to be available in publicy accessible Azure Portal.

Collapse
kaiwalter profile image
Kai Walter Author

added another post how I added IAM to the solution : dev.to/kaiwalter/getting-started-w...

for me these are totally independent - with IAM you restrict people being able to create or modify Azure resources and with private link you restrict access to the resources data (SQL, CosmosDB,Storage,ACR) or functionality (AKS,ACR,ServiceBus)