几个VM和NSG [英] Several VM's and NSG

问题描述

您好，

我有一个VNET和一个与子网关联的NSG。我有几个运行SQL，SharePoint等应用程序的虚拟机，以及需要打开特定端口以实现正确应用程序功能的虚拟机。这保证了创建多个NSG。
我理解一种方法是为每个具有多个NSG的应用层提供多个子网。但这可能会在政府的噩梦中结束。这种用例的最佳做法是什么？

I have a VNET and an NSG associated with the subnets in it. I have several VMs running applications such as SQL, SharePoint, and ones that require specific ports to be opened for proper application functionality. This warrants multiple NSGs to be created. I understand one way is to have multiple subnets for each application tier with multiple NSGs. But this may end in an administration nightmare. What is the best practice in such use cases?

谢谢

TIA TP

推荐答案

虽然这里没有对错的答案，听起来您还需要将应用程序安全组与NSG一起使用。  ASG允许您将常见应用程序（例如所有Web服务器）组合在一起，然后您可以为
这些ASG添加NSG规则以简化操作。

Although there is no right and wrong answer here, it sounds like you need to also use Application Security Groups with the NSG.  ASG's allow you to group together common applications (so all web servers for example) and you can then add NSG rules for those ASGs to simplify things.

每个服务器只有1个子网为了这个目的似乎有点矫枉过正，所以我不会这样做。 但是不要忘记您也可以为vNET中的单个服务器添加NSG规则，因此您不需要将所有NSG规则应用于整个子网。

1 subnet per server just for this purpose seems overkill so I wouldn't do that.  But don't forget that you can add NSG rules for a single server in the vNET also and so you dont need to apply all NSG rules to the subnet as a whole.

所以混合NSG应用于混合ASG的子网级别也应该允许你在这里做大部分事情。 然后，如果您想要某些服务器的单独规则，那么您可以直接为服务器分配规则。

So a mix of NSGs being applied to the subnet level with ASGs in the mix too should allow you to do most things here.  Then if you want individual rules for some servers then you can assign the rule the server directly.

谢谢，

Matt

这篇关于几个VM和NSG的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！