Shulou(Shulou.com)06/03 Report--

I talked to you about how to monitor the workload running in Azure, but as we all know, in order to ensure the normal operation of the system, we should not only monitor the load of the system in real time, but also ensure the security of the system. So let's take a look at how to use the instant VM access (Just in Time VM Access) feature provided by the Azure Security Center to protect Azure VM.

Even though VM access is a feature in the Azure Security Center, with instant VM access, we can lock down VM at the network level by blocking inbound traffic to specific ports, thus reducing the exposure to VM while maintaining the ability to access VM remotely when needed. Instant access was available in the Azure Security Center standard and only supports VM deployed over ARM. From a technical point of view, instant VM access blocks access to the configured port by adding some inbound denial rules to VM's NSG. When access is requested, a new lower limited level allow rule is added to the NSG, so access is granted at a given time and a given source IP.

When the allowed time range has elapsed, immediate VM access automatically deletes the allow rule and activates the deny rule here.

Having said that, let's take a look at how to use instant VM access to protect our Azure VM.

Navigate to the Azure Security Center-click "instant VM access":

Click "recommend":

Select the VM we need, and then click "enable instant access":

To enable this feature, we must configure ports for instant VM access, where Azure gives some recommended ports, and we can also design some access rules ourselves:

As far as our lab is concerned, I will configure the required ports myself. First we delete all recommended ports, and then click "Add":

Here we can configure the time allowed for each visit.

After the configuration is complete, we can see the virtual machine that we have configured on the Configured tab:

Now we can try to use the RDP protocol to create a drawing with our target virtual machine, but we cannot access the virtual machine because port 3389 deny rules are configured on NSG:

If we want to allow users access, we can select the virtual machine we need to access in the Azure Security Center and click "request access":

Then we need to open the port and set the allowed source IP range and the allowed access time range:

Once configured, we can establish a session using the RDP protocol and the target VM within the range of addresses we allow:

Here we show you how to use instant VM access to protect our Azure VM. In fact, this is a very good feature, it allows or denies access to VM in Azure, which can make our server more secure.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.