Hey everyone! I'm managing some VMs across 10-20 different on-premise subnets from various office locations. I need to set up access to these VMs on specific ports while ensuring that everything else is locked down. I considered adding all these subnets to a Network Security Group (NSG), but I worry it will become messy and hard to read for anyone who needs to edit it later. Is there a better way to handle this situation? Would something other than NSGs work more effectively? It would be ideal if I could tag all the office subnets and reuse them, allowing easy edits if new offices are added in the future.
3 Answers
Have you considered using Infrastructure as Code (IaC)? It streamlines how you manage your network security settings. It would make it way easier to handle all these configurations, especially if your infrastructure changes frequently.
You might want to look into the Virtual Network Manager feature in Azure. It can help arrange your network configurations more efficiently. You can learn more about it [here](https://learn.microsoft.com/en-us/azure/virtual-network-manager/overview).
Using a firewall with IP groups is a popular and effective solution for managing access rights. You can define groups of IP addresses that can access your VMs without the clutter of individual subnet entries in your NSGs. Check out the details [here](https://learn.microsoft.com/en-us/azure/firewall/ip-groups). This method simplifies management while enhancing security.
Yes, IaC really simplifies the whole process and gives you better version control on your configurations.