Hello and welcome back to Cyber Aires. Microsoft Azure Administrator A Z 103 course. I'm your instructor, Will Carlson. And this is Episode 37 about service in points.
Now, we've talked about service in points from a storage perspective in a previous episode, but today we're gonna talk still about a storage service in point, but we're gonna talk about it from the perspective, in the angle of networking. So we're going to step through the configuration a little bit differently. Did we Then we did in the previous episode
to drill home a couple of really important points
about service 10 points
to get started. We're gonna come in here to Azure Portal and we're gonna go down to virtual networks.
And the important fact to start out with here is that we're going to be configuring service in points and service in points are associate ID with sub nets. That's an important point. Good testable material for a Z one of three
to configure a service in point on a sub net. We're gonna click into the sub net blade.
We're gonna come down here to service in points.
Setting one up is very straightforward.
we're gonna come in here and select the service that we want to set up the service in 0.4. In this case, still Microsoft Storage.
We don't have any in point policies not relevant at this point in time, honestly. And then we're going to select the sub nets that we want to configure this service in 0.0.0.4.
Now, as your is going to remind us that as soon as we do this, we're going to lock down all public access to whatever storage accounts that we hook this service in point up to again service in points, stop all public traffic
In the storage video we talked about, we went through how to re allow that public traffic v i. P filtering. We'll talk about that again briefly when we get to that stage of the set up here in this video is well but definitely no service in points are meant to secure traffic between azure resource is as soon as you turn one on,
it's going to block public traffic to that particular resource.
This also means that all of our on premise traffic to this sub net are going to be blocked as well and needs to be permitted again with those I pee filtering rules.
One last point here about service in points before we move forward is that the service in point and the virtual network itself can both be in the same or different subscriptions. It works. Either way,
we're gonna come down here and select add toe, add that service in point.
And while that's finishing deployment, we're gonna go ahead and come back in here to a storage account
because all we've managed to do so far is create the service end point on a particular sub net. But we haven't associated that work with any resource is here in Azure. So we're going to come into a storage account, will pick the we'll see about that storage account,
and then we're gonna come down to firewalls and virtual networks. Now, at this point, the way we worked on this in the storage video and the way we're setting it up now have converged and the process is largely the same.
We're gonna go ahead and select on selected networks only,
and then we're gonna come down and add an existing virtual network.
The virtual network will chooses the same backup V net that we just configure the service in point on
and will select our default sub net. Now, if you'll remember back to the storage video where we did the similar configuration as you're warned us that a service in point had not be configured and that if we went ahead and selected add the service, 10 point would be created. So Azure does a little bit of the legwork for us when we set it up this way.
But I wanted to walk through this particular set up method just to drive home the fact that a service in point
is set up on a sub net and has to be associated with an azure resource after that.
This is also where we would go in and re set up and allow our public traffic to this storage account as soon as we if in the event we set up this service in point and it gets blocked, we could put a range of I P addresses in here a single I p address, and we can also go ahead and allow traffic from our current public I P address
back into this storage account.
One final reminder here about service in points is that what it effectively does is it takes traffic to the storage account that was going over the public Internet. Yes, even though we're sending traffic from an azure V M to an azure storage account, it's still technically traverse is the public Internet
unless we enable a service in point as soon as we do that, the traffic is locked into the azure backbone network that enhances security, and it also decreases. Leighton, See, Was there all winds here for storage in particular.
So in today's video, we did a little bit honestly, rehashing a concept that we had already covered in a previous episode. But we did it from a different angle to drive home the fact that a service in point is configured on a sub net, and then it is associated with the resource here in Azure
coming up. We're going to talk a little bit about some of the magic that azure gus for us in setting up D. N s in every one of the virtual networks that we set up.
And then we're also gonna step through a number of the customization and manual things that we can do to configure and control public D. N s And even now, finally, an azure private D. N s as well. Thanks for joining me for this episode. And I hope to see you in the episode coming up on D. N s.