Комментарии:
This is an incredibly well done video that clearly explains the feature, use case and even where the feature can't be used and what could be used instead. I'm now a subscriber and will be looking forward to more of your videos in the future!
ОтветитьHow can the VM make outbound connection to internet, when the NSG is only allowing outbound traffic to storage account
Ответить@cloud-monk this is a great video. Wondering if you are still active? Regarding the exfiltration service policy, if I have multiple Azure subscriptions, will the service policy work if the storage exists in a different subscription? In the example you showed, the service policy allows for single storage account or all storage accounts or storage accounts related to a resource group. Appreciate your feedback.
ОтветитьWhat a video, excellent work anand , keep your great working coming , thanks a ton for making this video
sharing.
Excellent explanation! Thank you so much!
ОтветитьThis is really good. My only suggestion is to remove the music in the background. You have a clear way of explaining and the music is distracting
Ответитьtoo deep for me to understand
ОтветитьGood.. I have a doubt with service endpoint, can we not directly allow subnet in the firewall. Then any requests which is getting into storage account will have access from the subnet
ОтветитьI must say Anand since the time you have stopped making videos Azure has become complex for us. please get back soon. your Fan !
ОтветитьReally nice video...keep up the good work!
ОтветитьExcept for private link / private endpoint, according to MS document, you can also use NAT IP addresses to access service endpoints (for Azure Storage) from on premise network.
ОтветитьThank You for your precious 5 mins video..
Ответитьwell done! The explanation is simply straightforward! Subscribed!
ОтветитьLove you monk. :)
Ответитьthank you
ОтветитьI'm thinking "how would I explain service endpoint to my grandma" - and I see this. Brilliant video - simple, crisp and beautifully narrated !
ОтветитьDon't have word to praise you buddy. Totally awesome... Thanks a lot.
ОтветитьJust loved the simplicity!!!
ОтветитьHow does the VM make outbound connections to the internet after you add a rule to allow 443 to Storage.EastUS? The next rule denies all outbound to the Internet. So if they traffic isn't 443, or isn't destined for Storage.EastUS it will be denied.
Ответитьgood one
ОтветитьI LOVE ridiculously simple! It is so effective and efficient to teach after building a foundation of understanding the "why". Great job Anand, thank you!
ОтветитьWhy route the traffic from the webserver through on-premise in the first place? Why not create another subnet, with a public internet facing firewall and have it route through that?
ОтветитьGood quality stuff, thanks
ОтветитьAs you stated, a video explained in plain English with a wonderful use case demo. The question I have is what service would I used if I want to limit access to the storage account from the subnet in the VNET and also allow public access locked down via ACL? Would that be where private endpoint/link is used? To clarify, is Service endpoint only used when you want to eliminate public access to the storage account?
Thx again!
Great explanation.
ОтветитьWhat is private endpoint?
ОтветитьHow is a service-endpoint-policy tied to a specific service-endpoint ?
ОтветитьSuper ..
ОтветитьAmazing Videos Sir and thanks a lot for providing the same to us ok n free. Sir Could you please create some detailed videos on RBAC, Azure Internet Net and Troubleshooting. By troubleshoot i mean if i am not able to communicate to some virtual machines or any services or any outside network, how to troubleshoot using Azure tools. It would be a great help sir 🙂. pl. Stay Safe..!!
ОтветитьThank you so much! Amazing explanation!
ОтветитьOnce Service Endpoints are enabled, is it must to add an NSG Outbound entry to destination "Storage.Region" if I have an outbound block to any destinations in my NSG? My NSG currently blocks all outbound traffic and then allows outbound traffic only to a set of known Private IP subnets. Also, what about some storage accounts which get created when enabling certain services in Azure (eg. boot diagnostics). How would I know where the data is coming from to these Storage Accounts? Simply put, my situation is, I have several storage accounts that are created in the past, and now I need to limit access to them from my Vnets without hitting the public internet. I am afraid that enabling service accounts might disrupt something as I am not very sure what writes data to those storage accounts as some of them were created by a previous Azure Administrator who worked with the company before I joined.
Ответитьjust amazing explanation!!
ОтветитьI will subscribe your channel .. your are 👌👌👌👌👌👌👌👌👌👌👌👌👌👌👌👌👌👌👌
ОтветитьExcellent video - thank you
ОтветитьExcellent! Congratulations for this amazing explanation!
ОтветитьThe background music made me feel like in kindergarden :D,I really needed simple explanation. thank you:D
ОтветитьWow!!!!
ОтветитьGreat vid, was very easy to follow, appreciate you taking the time to put this together.
The only question I had was when you gave the example of egress traffic you specified in the outbound rules to allow storage traffic which you said traversed the Azure backbone network but then mentioned other traffic leaving the VM for the internet. In your outbound ACL it looked like you had that locked down so I was wondering how that would be possible, wouldn't the ACL stop any other traffic egressing to the inet from the VM?
This is one of most simple and helpful video to learn! Thank you!!
ОтветитьThis is an awesome explanation. Thank you so much for this.
ОтветитьNo words for this amazing stuff. I was just wondering if you conduct online trainings too. Pls reply. Thnks
Ответитьcan you make a video on the forced tunneling route to route all azure internet request to go through on-prem?
ОтветитьThanks. Great video. My question is do you need to link the endpoint service policy to the subnet or end point service? If not, how does the endpoint service policy know which subnet to apply?
Ответитьvery well explained . best part is the used case which for newbee's like me at times is difficult to comprehend .
ОтветитьGreat content.very well explained....keep going...u r the gem in teaching
Ответить