You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/control-plane-security.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,25 +14,25 @@ Learn about the different control plane security features in Azure NetApp Files
14
14
15
15
## Control plane security concepts
16
16
17
-
Azure NetApp Files operates within the Azure control plane, utilizing Azure Resource Manager (ARM) to manage resources efficiently. This integration allows for centralized management of all Azure resources, including Azure NetApp Files, through interfaces including APIs, PowerShell, CLI, or the Azure portal. By leveraging ARM, users can automate and script tasks, enhancing operational efficiency and reducing the likelihood of manual errors.
17
+
Azure NetApp Files operates within the Azure control plane, utilizing Azure Resource Manager (ARM) to manage resources efficiently. This integration allows for centralized management of all Azure resources, including Azure NetApp Files, through interfaces including APIs, PowerShell, CLI, or the Azure portal. With ARM, you can automate and script tasks, enhancing operational efficiency and reducing the likelihood of manual errors.
18
18
19
19
The control plane also integrates with Azure’s security features, such as [identity and access management (IAM)](/entra/fundamentals/introduction-identity-access-management), to enforce access controls and compliance requirements. This integration ensures that only authorized users can access and manage resources, maintaining a secure environment.
20
20
21
21
The control plane also provides tools for monitoring and auditing resource usage and changes, helping maintain visibility and compliance across the Azure environment. This comprehensive integration within the Azure control plane ensures that Azure NetApp Files can be managed effectively, securely, and consistently, providing a robust solution for data management and storage needs.
22
22
23
23
## Identity and access management
24
24
25
-
A set of operations and services used to manage and control access to Azure NetApp Files resources. Utilize either built-in or custom role-based access control (RBAC) roles to ensure each user receives only the necessary access. Tailor individual permissions to create a custom RBAC role that suits both users and administrators.
25
+
A set of operations and services used to manage and control access to Azure NetApp Files resources. Utilize either built-in or custom role-based access control (RBAC) roles to ensure each user receives only the necessary access. Tailor individual permissions to create a custom RBAC role that suits both users and administrators.
26
26
27
27
- Use either [built-in](../role-based-access-control/built-in-roles.md) or [custom RBAC](../role-based-access-control/custom-roles.md) roles to ensure only required access is given to each user.
28
28
- Use [individual permissions](../role-based-access-control/permissions/storage.md#microsoftnetapp) to create an appropriate custom RBAC role for users and administrators.
29
29
30
30
## Encryption key management
31
31
32
-
Managing Microsoft platform-managed keys or customer-managed keys involves control plane operations that affect the following:
32
+
Managing Microsoft platform-managed keys or customer-managed keys involves control plane operations that affect:
33
33
34
34
-**Key management:** The control plane allows you to manage the lifecycle of your encryption keys, including creation, rotation, and deletion. This ensures that you have full control over your data encryption keys.
35
-
-**Access control:** Through the control plane, you can define and enforce access policies using Azure RBAC. This ensures that only authorized users and services can access or manage your keys.
35
+
-**Access control:** Through the control plane, you can define and enforce access policies using Azure RBAC, ensuring only authorized users and services can access or manage your keys.
36
36
-**Integration with Azure Key Vault:** The control plane facilitates the integration of Azure NetApp Files with Azure Key Vault, where your customer-managed keys are stored. This integration ensures secure key storage and management.
37
37
-**Encryption operations:** For encryption and decryption operations, the control plane handles Azure Key Vault requests to unwrap the account encryption key so your data is securely encrypted and decrypted as needed.
38
38
-**Auditing and monitoring:** The control plane provides capabilities for auditing and monitoring key usage. This helps you track who accessed your keys and when, enhancing security and compliance.
@@ -42,8 +42,8 @@ For more information, see [Configure customer-managed keys](configure-customer-m
42
42
43
43
Managing network security groups (NSGs) in Azure NetApp Files relies on the control plane to oversee and secure network traffic. The effects are as follows:
44
44
45
-
-**Traffic management:** The control plane allows you to define and enforce NSG rules, which control the flow of network traffic to and from your Azure NetApp Files. This ensures that only authorized traffic is allowed, enhancing security.
46
-
-**Configuration and deployment:** Through the control plane, you can configure NSGs on the subnets where your Azure NetApp Files volumes are deployed. This includes setting up rules for inbound and outbound traffic based on IP addresses, ports, and protocols.
45
+
-**Traffic management:** The control plane allows you to define and enforce NSG rules, which control the flow of network traffic to and from your Azure NetApp Files. Controlling network trafic ensures that only authorized traffic is allowed, enhancing security.
46
+
-**Configuration and deployment:** Through the control plane, you can configure NSGs on the subnets where your Azure NetApp Files volumes are deployed, including establishing rules for inbound and outbound traffic based on IP addresses, ports, and protocols.
47
47
-**Integration with Azure Services:** The control plane facilitates the integration of NSGs with other Azure services, such as Azure Virtual Network and Azure Key Vault. This integration helps maintain a secure and compliant environment.
48
48
-**Monitoring and auditing:** The control plane provides tools for monitoring and auditing network traffic. You can track which rules are being applied and adjust them as needed to ensure optimal security and performance.
49
49
-**Policy Enforcement:** By using the control plane, you can enforce network policies across your Azure environment. This includes applying custom policies to meet specific security requirements and ensuring consistent policy enforcement.
@@ -58,7 +58,7 @@ For more information, see [Guidelines for Azure NetApp Files network planning](a
58
58
59
59
## Resource lock management
60
60
61
-
Resource locking at the control plane layer ensures that your Azure NetApp Files resources are protected from accidental or malicious deletions and modifications. Locking is particularly important for maintaining the integrity and stability of your storage environment.
61
+
Resource locking at the control plane layer ensures that your Azure NetApp Files resources are protected from accidental or malicious deletions and modifications. Locking is important for maintaining the integrity and stability of your storage environment.
62
62
63
63
[Resource locking](../azure-resource-manager/management/lock-resources.md) protects subscriptions, resource groups, or resources from accidental or malicious user deletions and modifications. The lock overrides any user permissions. Unlike RBAC, management locks apply a restriction across _all_ users and roles. Take careful consideration when locking any necessary resources to prevent changes after all configuration is in place.
64
64
@@ -70,7 +70,7 @@ Monitoring, auditing and logging are critical for maintaining security and compl
70
70
71
71
- Azure Activity log:
72
72
-**Function:** Provides insights into subscription-level events, such as resource modifications or virtual machine startups. These insights aid in tracking changes and identifying unauthorized activities. To understand how Activity log works, see [Azure Activity log](../azure-monitor/essentials/activity-log.md).
73
-
-**Use case:** Useful for auditing and compliance, ensuring that all actions within your Azure NetApp Files environment are logged and traceable.
73
+
-**Use case:** Useful for auditing and compliance, ensuring that all actions within your Azure NetApp Files environment are logged and traceable.
74
74
- Azure NetApp Files metrics:
75
75
-**Function:** Azure NetApp Files offers metrics on allocated storage, actual storage usage, volume I/OPS, and latency. These metrics help you understand usage patterns and volume performance. For more information, see [Metrics for Azure NetApp Files](azure-netapp-files-metrics.md).
76
76
- **Use case:** Metrics are essential for performance tuning and capacity planning, allowing you to optimize your storage resources effectively.
@@ -88,11 +88,11 @@ When you use Azure Policy, the control plane ensures that your policies are enfo
88
88
### Azure Policy integration
89
89
90
90
***Enforcing standards:**
91
-
-**Custom policies:** You can create custom Azure Policy definitions tailored to your specific needs for Azure NetApp Files. These policies can enforce rules such as ensuring certain configurations, restricting the use of insecure protocols, or mandating encryption. For more information about custom policy definitions, see [Built-in policy definitions for Azure NetApp Files](azure-policy-definitions.md#custom-policy-definitions).
91
+
-**Custom policies:** You can create custom Azure Policy definitions tailored to your specific needs for Azure NetApp Files. These policies can enforce rules such as ensuring certain configurations, restricting the use of insecure protocols, or mandating encryption. For more information about custom policy definitions, see [Built-in policy definitions for Azure NetApp Files](azure-policy-definitions.md#custom-policy-definitions).
92
92
-**Built-in policies:** Azure provides built-in policy definitions that you can use to enforce common standards. For example, you can restrict the creation of unsecure volumes or audit existing volumes to ensure they meet your security requirements. For more information about built-in policies, see [Custom policy definitions for Azure NetApp Files](azure-policy-definitions.md#built-in-policy-definitions).
93
93
***Policy evaluation:**
94
94
***Continuous assessment:** The control plane continuously evaluates your resources against the defined policies. If a resource doesn't comply, the control plane can take actions such as denying resource creation, auditing it, or applying specific configurations.
95
-
-**Real-time enforcement:** Policies are enforced in real-time, ensuring any non-compliant actions are immediately addressed to maintain the integrity and security of your environment.
95
+
-**Real-time enforcement:** Policies are enforced in real-time, ensuring any noncompliant actions are immediately addressed to maintain the integrity and security of your environment.
0 commit comments