4 Securing compute resources in Azure: Azure Bastion, Kubernetes, and Azure App Service

 

This chapter covers

  • Azure Bastion
  • Securing Kubernetes clusters
  • What makes container security different
  • Securing Azure App Service

Compute resources are a foundational building block of any public cloud environment. Thus, securing the compute resources in Azure on top of which your applications and digital services run helps avoid unintended disruption to your business by making your services more resilient against cyberattacks—because if you don’t secure compute resources from bad actors, you might have no business at all.

4.1 Azure compute resources

Public cloud environments consist of various building blocks that you can use to build applications and digital services in Azure, such as Azure storage, backup, and recovery services (figure 4.1). They run digital services vital to organizations and their businesses by powering your application code; without them, your applications wouldn’t run.

Thus, you need to consider how to protect your resources from bad actors as well as from people inside your organization who might expose the services through misconfigurations (or misuse). Understanding how to implement security for compute resources in Azure matters greatly. This chapter teaches you how to differentiate between the various Azure security services that can be used to secure compute resources and implement them effectively.

4.2 Azure Bastion

4.2.1 Basic vs. Standard SKU

4.2.2 Azure Bastion in action

4.2.3 Connecting to Azure Bastion using your browser and Azure portal

4.2.4 Connecting to Azure Bastion using the native RDP or SSH client

4.3 Securing Kubernetes clusters

4.3.1 What are containers?

4.3.2 What is a container registry?

4.3.3 What is Kubernetes?

4.3.4 How does Kubernetes work?

4.3.5 Managed vs. unmanaged Kubernetes

4.4 What makes container security different?

4.4.1 Typical challenges when securing Kubernetes clusters