You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-security-overview.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ This article describes the security features in Azure Cognitive Search that prot
18
18
19
19
## Data flow (network traffic patterns)
20
20
21
-
A search service is hosted on Azure and is typically accessed by client applications using public network connections. While that pattern is predominant, it's not the only traffic pattern that you need to care about. Understanding all points of entry and outbound traffic is necessary background for protecting your development and production environments.
21
+
A Cognitive Search service is hosted on Azure and is typically accessed by client applications over public network connections. While that pattern is predominant, it's not the only traffic pattern that you need to care about. Understanding all points of entry as well as outbound traffic is necessary background for securing your development and production environments.
22
22
23
23
Cognitive Search has three basic network traffic patterns:
24
24
@@ -30,7 +30,7 @@ Cognitive Search has three basic network traffic patterns:
30
30
31
31
Inbound requests that target a search service endpoint consist of:
32
32
33
-
+ Creating and managing objects
33
+
+ Creating and managing indexes, indexers, and other objects
34
34
+ Sending requests for indexing, running indexer jobs, executing skills
35
35
+ Querying an index
36
36
@@ -44,12 +44,12 @@ Outbound requests from a search service to other applications are typically made
44
44
45
45
+ Search, on behalf of an indexer, connects to external data sources to read in data for indexing.
46
46
+ Search, on behalf of an indexer, writes to Azure Storage when creating knowledge stores, persisting cached enrichments, and persisting debug sessions.
47
-
+ A custom skill runs external code that's hosted off-service. The request for external processing is sent during skillset execution.
47
+
+ A custom skill connects to an Azure function or app to run external code that's hosted off-service. The request for external processing is sent during skillset execution.
48
48
+ Search connects to Azure Key Vault for a customer-managed key used to encrypt and decrypt sensitive data.
49
49
50
-
Outbound connections can be made using a resource's full access connection string that includes a shared access key or a database login, or a managed identity if you're using Azure Active Directory.
50
+
Outbound connections can be made using a resource's full access connection string that includes a key or a database login, or a managed identity if you're using Azure Active Directory.
51
51
52
-
If your Azure resource is behind a firewall, you'll need to create rules that admit indexer or service requests. For resources protected by Azure Private Link, you can create a shared private link that an indexer uses to make its connection.
52
+
If your Azure resource is behind a firewall, you'll need to create rules that admit search service requests. For resources protected by Azure Private Link, you can create a shared private link that an indexer uses to make its connection.
0 commit comments