News

Microsoft Certified Azure Administrator Associate Exam (AZ-104) Lab Preparation #4.3: Storage Account and Service Endpoints

stp2y0 Comments
Microsoft Certified Azure Administrator Associate Exam (AZ-104) Lab Preparation #4.3: Storage Account and Service Endpoints




Introduction

To pass the AZ-104 exam, you must complete several live online lab tests. This article will guide you through connecting to a blob storage service via a service endpoint. We will continue from our previous lab tutorial, building on the foundational knowledge you’ve already acquired.



Virtual Network Service Endpoints

Virtual Network (VNet) service endpoints provide secure and direct connectivity to Azure services over an optimized route on the Azure backbone network. By enabling service endpoints, you can secure your critical Azure service resources to only your virtual networks, enhancing both security and performance. For more information, refer to the Azure Virtual Network Service Endpoints Overview.



Steps

Step 1
Navigate to the “Virtual network” of RGroup1.

Step 2
Click on Service endpoints, then click Add.

Image description

Image description

Step 3
In the “Add service endpoints” dialog:
Select “Microsoft.Storage” as the Service.
Select “default” for Subnets.
Click “Add”.

Image description

Step 4
Navigate to Storage accounts and select “davidaystorageaccount”. Then, click on Networking.

Image description

Step 5
Under “Public network access,” select “Enabled from selected virtual networks and IP addresses”.

Click “+ Add existing virtual network” and select “VM1-vnet” for Virtual networks.

Click “Add your client IP address (‘xxx.xxx.xxx.xxx’)” for the firewall if necessary.

Image description

Click “Save”.

Image description



Testing

Access https://davidaystorageaccount.blob.core.windows.net/folder1/hello_david.jpg from your local PC.
Result: AuthorizationFailure

Image description

Access https://davidaystorageaccount.blob.core.windows.net/folder1/hello_david.jpg from VM1 which is inside “VM1-vnet”.

Result: OK

Image description



Conclusion

By following these steps, you have successfully configured a service endpoint for your Azure Storage account. This setup ensures that only requests originating from your specified virtual network can access the storage resources, enhancing security. The testing results confirm the effectiveness of this configuration: access from your local machine was denied, while access from the designated virtual machine was successful. This practical experience is essential for your preparation for the AZ-104 exam, reinforcing the importance of understanding Azure networking and security features. Continue practicing these labs to solidify your knowledge and improve your confidence in managing Azure resources.



Source link
lol

By stp2y

Leave a Reply

Your email address will not be published. Required fields are marked *

No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.