Skip to content

Commit 3f1787a

Browse files
committed
Resolve PR warnings.
1 parent 198f1ee commit 3f1787a

File tree

1 file changed

+21
-21
lines changed

1 file changed

+21
-21
lines changed

articles/batch/network-security-perimeter.md

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -8,55 +8,55 @@ ms.custom: references_regions
88

99
# Network Security Perimeter
1010

11-
The [network security perimeter (NSP)](../private-link/network-security-perimeter-concepts.md) provided by Azure networking serves as a comprehensive tool for customers to ensure optimal security when utilizing PaaS resources. It allows customers to establish logical boundaries for network isolation and collectively manage public access controls for numerous PaaS resources.
11+
The [network security perimeter (NSP)](/azure/private-link/network-security-perimeter-concepts.md) provided by Azure networking serves as a comprehensive tool for customers to ensure optimal security when utilizing PaaS resources. It allows customers to establish logical boundaries for network isolation and collectively manage public access controls for numerous PaaS resources.
1212

1313
With a network security perimeter:
1414
- PaaS resources associated with a specific perimeter are, by default, only able to communicate with other PaaS resources within the same perimeter.
1515
- By utilizing explicit access rules, exceptions can be made for external inbound and outbound communication.
16-
- [Diagnostic Logs](../private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
16+
- [Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md) are enabled for PaaS resources within perimeter for Audit and Compliance.
1717

1818
> [!IMPORTANT]
19-
> Private link with the [private endpoint](../private-link/private-endpoint-overview.md) will not be governed by network security perimeter rules.
19+
> Private link with the [private endpoint](/azure/private-link/private-endpoint-overview.md) will not be governed by network security perimeter rules.
2020
21-
# Network Security Perimeter Scenarios in Batch service
21+
## Network Security Perimeter Scenarios in Batch service
2222

2323
Azure Batch service is designed to support various scenarios that necessitate access to other PaaS resources:
2424

2525
- **Application packages**: This requires communication with Azure Storage. For additional details, please refer to [batch-application-packages](./batch-application-packages.md).
2626
- **Customer-managed Keys**: This requires communication with Azure KeyVault. For additional details, please refer to [batch-customer-managed-key](./batch-customer-managed-key.md).
2727

28-
By onboarding network security perimeter, network administrators can establish a network isolation boundary for their PaaS services. This allows for the configuration of public access controls for multiple PaaS resources through a uniform API and a consistent user experience.
28+
By onboarding network security perimeter, network administrators can establish a network isolation boundary for their PaaS services. This allows for the configuration of public access controls for multiple PaaS resources through a uniform API and a consistent user experience.For the PaaS communications supported by Batch as mentioned above, Azure storage and Azure KeyVault have onboared network secruity perimeter, see [Network security perimeter in Azure Storage](/azure/storage/common/storage-network-security?tabs=azure-portal#network-security-perimeter-preview) and (Network security perimeter in Azure Key Vault)(/azure/key-vault/general/network-security#network-security-perimeter-preview)
2929

30-
For the PaaS communications supported by Batch as mentioned above, network security perimeter provides several methods to enable Batch to interact with other PaaS services:
31-
- Associate the target PaaS resource with the same perimeter as the Batch account and assign the necessary RBAC permissions to the Managed Identity used across these resources.
32-
- Create the profile with appropriate inbound access rules (e.g., whitelist the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile will be used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
30+
Network security perimeter provides several methods to enable Batch to interact with other PaaS services if the target PaaS service is in network security perimeter:
31+
- Associate the Batch account with the same perimeter as the target resource and assign the necessary RBAC permissions to the Managed Identity used across these resources.
32+
- Create the profile with appropriate inbound access rules (e.g. creating an inbound access rule for the Batch account's fully qualified domain name) and apply it to the target PaaS resource. This profile will be used to evaluate inbound traffic (sent from Batch) from outside the perimeter traffic.
3333

3434
Please note that Batch users can also use the network security perimeter to secure inbound traffic, not just the outbound traffic scenarios outlined above.
3535

3636
> [!NOTE]
3737
> Nodes within Batch pools are not regulated by network security perimeters. To ensure network isolation for the pool, you may still need to create a **nodeManagement** private endpoint for [the Batch pool without public ip addresses](./simplified-node-communication-pool-no-public-ip.md).
3838
> To enable a node to access Azure Storage and other PaaS resources associated with a network security perimeter, ensure that relevant access rules are added to the target PaaS resource's profile. This will grant the node the necessary permissions to visit.
3939
40-
# Configure Network Security Perimeter for Azure Batch account
40+
## Configure Network Security Perimeter for Azure Batch account
4141

42-
## Prerequiste
42+
### Prerequiste
4343

4444
1. Set up your Batch account by using a user-assigned managed identity.
4545
2. It's optional but recommended to change the public network access of your Batch account to `SecuredByPerimeter`.
4646

4747
This guarantees that both inbound and outbound connectivity of the resource is restricted to those within the same perimeter, and public access is governed by the access rules determined by the related perimeter profile.
4848

49-
This Batch account modification can be made using the [Batch management Account API](https://learn.microsoft.com/en-us/rest/api/batchmanagement/batch-account/update?view=rest-batchmanagement-2024-07-01&tabs=HTTP#publicnetworkaccesstype).
49+
This Batch account modification can be made using the [Batch management Account API](/rest/api/batchmanagement/batch-account/update?#publicnetworkaccesstype) or [SDK BatchPublicNetworkAccess Enum value](/dotnet/api/azure.resourcemanager.batch.models.batchpublicnetworkaccess).
5050

5151
3. Make sure your Batch account operates only with the simplified node communication pool.
5252

53-
## Create a Network Security Perimeter
53+
### Create a Network Security Perimeter
5454

55-
Create your own network security perimeter resource using [Azure portal](../private-link/create-network-security-perimeter-portal.md) or [PowerShell](../private-link/create-network-security-perimeter-powershell.md) or [Azure CLI](../private-link/create-network-security-perimeter-cli.md).
55+
Create your own network security perimeter resource using [Azure portal](/azure/private-link/create-network-security-perimeter-portal.md) or [PowerShell](/azure/private-link/create-network-security-perimeter-powershell.md) or [Azure CLI](/azure/private-link/create-network-security-perimeter-cli.md).
5656

57-
## Associate Batch account with the Network Security Perimeter
57+
### Associate Batch account with the Network Security Perimeter
5858

59-
### Using Azure Portal
59+
#### Using Azure Portal
6060
1. Navigate to your network security perimeter in the Azure portal, where you should have established a profile for your Batch account to associate with. If you haven't done so yet, please proceed to **Settings** -> **Profiles** to create a network security perimeter profile initially.
6161

6262
![Profiles](./media/network-security-perimeter/create-profile.png)
@@ -69,7 +69,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
6969

7070
![Associate Profile](./media/network-security-perimeter/associate-profile.png)
7171

72-
### Using PowerShell
72+
#### Using PowerShell
7373
1. Create a new profile for your network security perimeter
7474

7575
```azurepowershell-interactive
@@ -101,7 +101,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
101101
New-AzNetworkSecurityPerimeterAssociation @nspAssociation | format-list
102102
```
103103
104-
### Using Azure CLI
104+
#### Using Azure CLI
105105
106106
1. Create a new profile for your network security perimeter with the following command:
107107
@@ -145,7 +145,7 @@ Create your own network security perimeter resource using [Azure portal](../priv
145145
## Next steps
146146
147147
- Learn more about [security best practices in Azure Batch](security-best-practices.md).
148-
- Learn more about [Network Security Perimeter Concepts](../private-link/network-security-perimeter-concepts.md).
149-
- Learn more about [Network Security Perimeter Diagnostic Logs](../private-link/network-security-perimeter-diagnostic-logs.md).
150-
- Learn more about [Network Security Perimeter Role Based Access Control](../private-link/network-security-perimeter-role-based-access-control-requirements.md).
151-
- Learn more about [Network Security Perimeter Transition](../private-link/network-security-perimeter-transition.md).
148+
- Learn more about [Network Security Perimeter Concepts](/azure/private-link/network-security-perimeter-concepts.md).
149+
- Learn more about [Network Security Perimeter Diagnostic Logs](/azure/private-link/network-security-perimeter-diagnostic-logs.md).
150+
- Learn more about [Network Security Perimeter Role Based Access Control](/azure/private-link/network-security-perimeter-role-based-access-control-requirements.md).
151+
- Learn more about [Network Security Perimeter Transition](/azure/private-link/network-security-perimeter-transition.md).

0 commit comments

Comments
 (0)