Encryption in transit enabling encryption in transit

This preview shows page 20 - 23 out of 27 pages.

Encryption in transit- Enabling encryption in transit between client and Azure by using secure HTTPS protocolfor communication over the public internet and using SMB 3.0protocol for file shares.Storage Account SecurityWhile creating a storage account, you have the privilege to select the deployment modeli.e.Classic or Resource Manager.In the classic model, all or nothing has access to resources. So Resource Manager model is recommended to create a storage accountbecause, in this, we can restrict the access as per your need. Controlling it on a more individual level using Role-BasedAccess Control (RBAC).For example:You can give specific users access to the storage account keys, and restricting others just to read the data.Role Based Access Control (RBAC)Each Azure subscription includes an Azure Active Directory (AD)to it. Only the users, applications and groups from that AD can have access to the resources that useresource manager deployment model.
This type of security is known as Role Based Access Control (RBAC).RBAC can be accessed using Azure Portal or CLI or PowerShell and REST APIs.Roles for StorageVarious roles can be used for accessing the storage account and data they are:Owner– They have the ultimate access.Contributor- With this access role, a user can have control over access keys. Thus they can have access to data stored, but they can't assign access to others.Reader- They can read the properties of the storage account, but they can't access it.Storage Account contributor- Users with this role have an undisputed access to all in a storage Account.User Access Administrator- They can manage access to the storage account.Virtual Machine Contributor- They can manage virtual machines but not to the linked storage account to the VM. But can list the storage account keys, so people having this role can update the data.These are not the only roles present you can define your roles depending on the use case.Working with RolesFollowing are the key points to remember when working with roles:Assigning access to the user, group or application is basically assigning a role to the account.Depending on the role assigned, the user will have Actions and Not Actions that he can perform and he is bound to them.You can define custom roles if your needs are not met by the Azure defined roles.The user must be set up in your Azure Active Directory (AD) before you can assign a role to them.A report can be generated of who assigned/removed what kind of role to/from whom.Data Access SecurityData in the Storage account can be accessed securely using two ways:Access KeysShared Access Signature (SAS).Let's learn what they are in the following tasks.
Access KeysIn the previous tasks, we have used Access keyswhile making requests to the storage account.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture