As your organization embraces Microsoft Azure, it really is imperative to make sure that your data continues to be secure/protected and you also are minimizing costs. A great way to improve security and minimize expenses is by way of a Microsoft Azure Virtual System (vNet) service endpoint.

Let us explainwhat the Microsoft Azure vNet Assistance Endpoint does first. Quite simply, it enables you to hook up to an Azure provider (ie: Microsoft Storage space, Azure SQL, etc), using the Azure backbone system. Which means that:

 <ul>          <li>     Data/visitors shall not need to traverse on the public internet     </li>     
 <li>     No information egress changes will undoubtedly be incurred     </li>     
 </ul>     

The next diagram highlights the flow of traffic in case a vNet service endpoint isn’t configured:

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="624" height="334" src="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet.png" alt class="wp-image-152013 lazyload" loading="lazy" />          <img width="624" height="334" src="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet.png" alt class="wp-image-152013" data-eio="l" />          </a>          </figure>          </div>     

We can notice from the diagram that information will traverse the egress and internet charges will be incurred.

 <div class="notice-block">      Take note: Please be aware that the illustration is showing Veeam Back-up for Azure, however the same kind of traffic flow will undoubtedly be generated when not really using a support endpoint with:      <ul>          <li>      Whenever a Veeam scale-out back-up repository will be configured in a Microsoft Azure VM and you also are usually offloading to Azure blob      </li>          <li>      A Veeam Backup for Microsoft 365 proxy ip server(s) will be deployed within Microsoft Azure      </li>           </ul>          </div>     

Another logical question is, what goes on whenever a vNet service endpoint is configured?

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet-02.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="624" height="327" src="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet-02.png" alt class="wp-image-152028 lazyload" loading="lazy" />          <img width="624" height="327" src="https://infracom.com.sg/wp-content/uploads/2022/10/increasing-security-azure-vnet-02.png" alt class="wp-image-152028" data-eio="l" />          </a>          </figure>          </div>     

We can note that the vNet services endpoint allows the Azure Virtual device for connecting with Microsoft Azure providers (in the diagram it’ll be the Microsoft Storage space service) as though they were area of the same vNet.

So how exactly does Microsoft Azure attempt? What’s occurring “beneath the hood”? When a assistance endpoint is configured (inside a vNet), the network interface for the virtual device that is connecting compared to that vNet shall possess its routing table updated. We can discover this through the “Effective Routes” interface:

Exemplory case of “Effective Routes” devoid of vNet program endpoint configured:

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-no-vnet-config.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="495" height="365" src="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-no-vnet-config.png" alt class="wp-image-152042 lazyload" loading="lazy" />          <img width="495" height="365" src="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-no-vnet-config.png" alt class="wp-image-152042" data-eio="l" />          </a>          </figure>          </div>     

Exemplory case of “Effective Routes” having the vNet provider endpoint configured:

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-with-vnet-config.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="495" height="365" src="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-with-vnet-config.png" alt class="wp-image-152056 lazyload" loading="lazy" />          <img width="495" height="365" src="https://infracom.com.sg/wp-content/uploads/2022/10/effective-routes-with-vnet-config.png" alt class="wp-image-152056" data-eio="l" />          </a>          </figure>          </div>     

Last but definitely not least… just how do we configure a vNet support endpoint? The initial step is to make sure that the following assets have already been previously created:

 <ul>          <li>     A powered on digital machine linked to a vNet     </li>     
 <li>     A Microsoft Azure storage account
 <ul>          <li>     Please be aware that a storage has been used by us take into account this example, but other services(s) could be configured very much the same     </li>     
 </ul>          </li>     
 </ul>     

The above are manufactured once, we are prepared to shift forward with the next steps:

 <ol>     
 <li>     Put in a service endpoint inside a specific vNet:     </li>     
 </ol>     

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="296" height="322" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet.png" alt class="wp-image-152070 lazyload" loading="lazy" />          <img width="296" height="322" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet.png" alt class="wp-image-152070" data-eio="l" />          </a>          </figure>          </div>     

 <ol>     
 <li>          <span>     Select “Microsoft.Storage space” from the set of services and the correct subnet:     </span>          </li>     
 </ol>     

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-02.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="254" height="156" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-02.png" alt class="wp-image-152084 lazyload" loading="lazy" />          <img width="254" height="156" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-02.png" alt class="wp-image-152084" data-eio="l" />          </a>          </figure>          </div>     

Once added, the next will undoubtedly be displayed under “Program Endpoints”:

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-03.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="624" height="155" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-03.png" alt class="wp-image-152098 lazyload" loading="lazy" />          <img width="624" height="155" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-03.png" alt class="wp-image-152098" data-eio="l" />          </a>          </figure>          </div>     

 <ol>     
 <li>          <span>     Update the Storage Accounts networking to “Allowed from selected virtual systems and IP addresses” and choose the relevant vNet:     </span>          </li>     
 </ol>     

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-04.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="624" height="286" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-04.png" alt class="wp-image-152112 lazyload" loading="lazy" />          <img width="624" height="286" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-04.png" alt class="wp-image-152112" data-eio="l" />          </a>          </figure>          </div>     

 <ol>     
 <li>          <span>     Verify that the “Efficient Routes” have already been updated to add the VirtualNetworkServiceEndpoint path:     </span>          </li>     
 </ol>     

 <div class="wp-block-image">          <figure class="aligncenter size-full">          <a href="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-05.png" data-wpel-link="internal" target="_blank" rel="follow noopener">          <img width="442" height="406" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-05.png" alt class="wp-image-152126 lazyload" loading="lazy" />          <img width="442" height="406" src="https://infracom.com.sg/wp-content/uploads/2022/10/service-endpoint-specific-vnet-05.png" alt class="wp-image-152126" data-eio="l" />          </a>          </figure>          </div>     

It is that easy!

That the vNet assistance endpoint offers been configured now, you may be assured your Veeam backup information will stay within Azure and you will have no unexpected egress fees from Microsoft.