You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/batch/network-security-perimeter.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,26 +12,26 @@ The [network security perimeter (NSP)](/azure/private-link/network-security-peri
12
12
13
13
With a network security perimeter:
14
14
- PaaS resources associated with a specific perimeter are, by default, only able to communicate with other PaaS resources within the same perimeter.
15
-
-External inboound and outbound communication can be allowed by explicit access rules.
15
+
-Explicit access rules can actively permit external inbound and outbound communication.
16
16
-[Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
17
17
18
18
> [!IMPORTANT]
19
-
> Network security perimeter rules will not govern the private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md).
19
+
> Network security perimeter rules do not govern the private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md).
20
20
21
21
## Network Security Perimeter Scenarios in Batch service
22
22
23
23
Azure Batch service is designed to support various scenarios that necessitate access to other PaaS resources:
24
24
25
-
-**Application packages**: This requires communication with Azure Storage. For more details refer to[batch-application-packages](./batch-application-packages.md).
26
-
-**Customer-managed Keys**: This requires communication with Azure KeyVault. For more details refer to[batch-customer-managed-key](./batch-customer-managed-key.md).
25
+
- Application packagesrequires communication with Azure Storage. For more information, see[batch-application-packages](./batch-application-packages.md).
26
+
- Customermanaged key requires communication with Azure KeyVault. For more information, see[batch-customer-managed-key](./batch-customer-managed-key.md).
27
27
28
-
Using network security perimeter, network administrators can create a network isolation boundary for their PaaS services. This security perimeter permits the setting up of public access controls for various PaaS resources, providing a consistent user experience and a uniform API. Regarding the PaaS communications supported by Batch, Azure Storage and Azure KeyVault have incorporated network security perimeters. For more information, please refer to the [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and [Network security perimeter in Azure Key Vault](/azure/key-vault/general/network-security#network-security-perimeter-preview).
28
+
Network administrators can use the network security perimeter feature to create an isolation boundary for their PaaS services. This security perimeter permits the setting up of public access controls for various PaaS resources, providing a consistent user experience and a uniform API. Setting up network security perimeter for PaaS communications supported by Batch, refer to the [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and [Network security perimeter in Azure Key Vault](/azure/key-vault/general/network-security#network-security-perimeter-preview) for more details.
29
29
30
30
Network security perimeter provides several methods to enable Batch to interact with other PaaS services if the target PaaS service is in network security perimeter:
31
31
- Associate the Batch account with the same perimeter as the target resource and assign the necessary permissions to the Managed Identity used across these resources.
32
32
- Create the profile with appropriate inbound access rules (for example, creating an inbound access rule for the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile is used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
33
33
34
-
Note that Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios with Azure Storage and Azure Key Vault.
34
+
Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios with Azure Storage and Azure Key Vault.
35
35
36
36
> [!NOTE]
37
37
> Network security perimeters do not regulate nodes within Batch pools. To ensure network isolation for the pool, you may still need to create a **nodeManagement** private endpoint for [the Batch pool without public ip addresses](./simplified-node-communication-pool-no-public-ip.md).
@@ -44,7 +44,7 @@ Note that Batch users can also use the network security perimeter to secure inbo
44
44
1. Set up your Batch account by using a user-assigned managed identity.
45
45
2. It's optional but recommended to change the public network access of your Batch account to `SecuredByPerimeter`.
46
46
47
-
This guarantees that both inbound and outbound connectivity of the resource is restricted to those resources within the same perimeter, and the related perimeter profile determines the access rules that govern public access.
47
+
This public network access value guarantees that the resource's inbound and outbound connectivity is restricted to resources within the same perimeter. The associated perimeter profile sets the rules that control public access.
48
48
49
49
This Batch account modification can be made using the [Batch management Account API](/rest/api/batchmanagement/batch-account/update?#publicnetworkaccesstype) or [SDK BatchPublicNetworkAccess Enum value](/dotnet/api/azure.resourcemanager.batch.models.batchpublicnetworkaccess).
50
50
@@ -57,7 +57,7 @@ Create your own network security perimeter resource using [Azure portal](/azure/
57
57
### Associate Batch account with the Network Security Perimeter
58
58
59
59
#### Using Azure portal
60
-
1. Navigate to your network security perimeter resource in the Azure portal, where you should establish a profile for your Batch account to associate with. If you have not created the profile, go to **Settings** -> **Profiles** to create a network security perimeter profile initially.
60
+
1. Navigate to your network security perimeter resource in the Azure portal, where you should establish a profile for your Batch account to associate with. If you do not create the profile, go to **Settings** -> **Profiles** to create a network security perimeter profile initially.
0 commit comments