I have a Function App set up in its own virtual network (VNet) primarily for security and isolation. I need to connect this app to another VNet through a private endpoint, but I want to ensure that access is restricted to just one specific Virtual Machine Scale Set (VMSS) in the main VNet. I've created the private endpoint, but I'm considering using Application Security Groups (ASG) and Network Security Groups (NSG) to manage this access. The issue is, the subnet that contains the VMSS also has other VMs and VMSS, making me hesitant to impose NSG rules on it. Should I go ahead and create a separate subnet for the private endpoint in the main VNet?
5 Answers
Absolutely, you should consider a dedicated subnet for the private endpoint. It keeps things cleaner and more manageable, especially if you need tight control over the traffic flows.
It's definitely advisable to have a separate subnet. We had to integrate our app with VNets and found that this approach simplifies our compliance requirements.
Yes, it’s generally cleaner to use a dedicated subnet for the private endpoint. If you’re worried about using your existing subnet, high-priority NSG rules can help manage traffic, but separate subnets reduce the risk of conflict.
Yes, creating a separate subnet for the private endpoint is a good idea. It helps maintain a clean architecture and isolates the traffic effectively.
Subnet isolation isn't strictly for security, but creating separate subnets with specific NSG rules can make managing your network much easier.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures