Network Security & Azure ML
Rainer Stropek | @rstropek
Introduction
Rainer Stropek
- Passionate software developers for 25+ years
- Microsoft MVP, Regional Director
- Trainer, Teacher, Mentor
- 💕 community
Azure ML
Azure AD
Storage
Data Lake
Key Vault
Demo
Time!
Azure ML - "Zero Trust" Mode
- ml-public Resource Group
- Access via public Internet (Portal)
- ML Studio (Jupyter)
- Storage (Notebook in Files)
- Data Lake
- Key Vault (demo-secret)
- Azure ML compute (with/without SSL)
- Access via ssh over public Internet
ssh -i keypair.pub 20.82.39.0 -p 50001
- Access via ssh over public Internet
- Notebook
- DNS
- Register Data Store (with/without SP)
- Access ADLS (with/without SP)
VNet
Jumphost
(Bastion)
Demo
Time!
Azure ML - "Isolated" Mode
- ml-private Resource Group
- Simulate creation of Azure ML with PE
- VNet
- VNet and subnets
- Private endpoints
- Private Endpoints
- Key Vault, ADLS
- Show that access over public Internet does not work (Azure ML, ADLS)
- Jumphost, Bastion
- DNS
- Notebook
- DNS
- Register Data Store (with/without SP)
- Access ADLS (with/without SP)
Summary
- Azure PaaS and Serverless offerings are ready for Zero Trust Networking
- Perimeter security isn't a must
- Network (micro) segmentation is possible
- Private Endpoints are your friends
- Higher complexity
- Needs project- and org-specific evaluation
Thank you!
Rainer Stropek | @rstropek
Network Security and Azure ML
By Rainer Stropek
Network Security and Azure ML
- 527