私有Azure云服务? [英] Private Azure Cloud Service?
问题描述
在微服务架构中,拥有数十个内部"服务是很常见的,即那些只能由体系结构中的其他服务调用并且不能公开访问的服务.
In a microservice architecture it's quite common to have tens of "internal" services, i.e. those services that are only intended to be called by other services in the architecture and not publicly accessible.
我们对Azure云服务(Web和工作角色)以及它们带来的所有不错的PAAS部署优势感到非常满意.我们希望开发一些内部微服务作为Azure云服务,但是同时通过确保它们只能被同一Azure虚拟网络中的其他计算机访问,从而避免向它们添加自定义应用程序安全代码(OAuth等).
We're very happy with Azure Cloud Services (web and worker roles) and all the nice PAAS deployment benefits they bring. We'd like to develop several internal microservices as Azure Cloud Services but at the same time avoid having to add custom application security code to them (OAuth etc.) by ensuring they can only be accessed by other machines in the same Azure Virtual Network.
实现此目标有哪些选择?反正有什么办法阻止向Azure云服务分配公共VIP地址/站点URL(* .cloudapp.net)?
What are the options for achieving this? Is there anyway to stop an Azure Cloud Service being assigned a Public VIP Address / Site URL (*.cloudapp.net)?
我们知道的一个选项是使用IIS ipSecurity元素将服务锁定到定义的内部IP地址范围,但想知道是否还有更好的选择?
One option we're aware of is using the IIS ipSecurity element to lock down the services to a defined range of internal IP addresses but wondering if there are any better alternatives?
推荐答案
查看内部端点.它们使您的服务无需通过公共互联网就可以在内部进行通信,从而使您没有任何公共端点.
Look into Internal Endpoints. They allow your services to communicate internally without going thru public internet and thus allow you to not have any public endpoints
https://msdn.microsoft.com/en-us/library/azure/hh180158.aspx
HTH
这篇关于私有Azure云服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
