You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/dedicated-data-endpoints.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,13 +9,13 @@ ms.date: 12/22/2022
9
9
---
10
10
# Azure Container Registry mitigating data exfiltration with dedicated data endpoints
11
11
12
-
Azure Container Registry introduces dedicated data endpoints, by enabling tightly scoped client firewall rules to specific registries, minimizing data exfiltration concerns.
12
+
Azure Container Registry introduces dedicated data endpoints. The feature enables tightly scoped client firewall rules to specific registries, minimizing data exfiltration concerns.
13
13
14
14
Dedicated data endpoints feature is available in **Premium** service tier. For pricing information, see[container-registry-pricing.](https://azure.microsoft.com/pricing/details/container-registry/)
15
15
16
16
Pulling content from a registry involves two endpoints:
17
17
18
-
*Registry endpoint*, often referred to as the login URL, used for authentication and content discovery. A command like docker pull`contoso.azurecr.io/hello-world` makes a REST request which authenticates and negotiates the layers which represent the requested artifact.
18
+
*Registry endpoint*, often referred to as the login URL, used for authentication and content discovery. A command like docker pulls`contoso.azurecr.io/hello-world` makes a REST request, which authenticates and negotiates the layers, which represent the requested artifact.
@@ -24,7 +24,7 @@ Pulling content from a registry involves two endpoints:
24
24
25
25
## Registry managed storage accounts
26
26
27
-
Azure Container Registry is a multi-tenant service. The registry service manages the data endpoint storage accounts. The benefits of the managed storage accounts, include load balancing, contentious content splitting, multiple copies for higher concurrent content delivery, and also multi-region support with [geo-replication.](container-registry-geo-replication.md).
27
+
Azure Container Registry is a multi-tenant service. The registry service manages the data endpoint storage accounts. The benefits of the managed storage accounts, include load balancing, contentious content splitting, multiple copies for higher concurrent content delivery, and multi-region support with [geo-replication.](container-registry-geo-replication.md).
## Client firewall rules and data exfiltration risks
45
45
46
-
Client firewall rules limits access to specific resources and applies while connecting to a registry from on-prem hosts, IoT devices, custom build agents, or when the Private Link support is not an option.
46
+
Client firewall rules limits access to specific resources. The firewall rules apply while connecting to a registry from on-prem hosts, IoT devices, custom build agents. The rules also apply when the Private Link support isn't an option.
47
47
48
48
49
49
:::image type="content" source="./media/dedicated-data-endpoints/client-firewall-0.png" alt-text="Diagram to illustrate client firewall rules.":::
@@ -59,7 +59,7 @@ So, to address the data-exfiltration concerns, Azure Container Registry is makin
59
59
60
60
## Dedicated data endpoints
61
61
62
-
By enabling dedicated data endpoints, layers are retrieved from the Azure Container Registry service, with fully qualified domain names representing the registry domain.
62
+
Dedicated data endpoints, help retrieve layers from the Azure Container Registry service, with fully qualified domain names representing the registry domain.
63
63
64
64
As any registry may become geo-replicated, a regional pattern is used: `[registry].[region].data.azurecr.io`.
0 commit comments