CloudOps Camp

  1. What is the difference between NSG and ASG? Network Security Group (NSG): Controls inbound and outbound traffic to Azure resources. Applied at subnet or network interface (NIC) level. Rules are based on IP address, port, and protocol. Application Security Group (ASG): Logical group of VMs based on application role. Used in conjunction with NSGs to simplify rule management. Enables defining security rules based on application tags rather than individual IPs. Use Case: In a multi-tier application, ASGs can group front-end, back-end, and database VMs, allowing you to apply security rules cleanly and efficiently. 2. How can you block access to a VM from a subnet? By default, Azure allows traffic between subnets within a VNet due to the built-in NSG rule: AllowVnetInBound (priority 65000). To block access: Create a Deny rule in the NSG with a priority number lower than 65000 . Example: Create a rule with priority 100 to deny traffic from...