DEV Community

Cover image for Configuring Secure Access to Workloads with Azure Virtual Networking Services
PETER Samuel
PETER Samuel

Posted on

Configuring Secure Access to Workloads with Azure Virtual Networking Services

#azure #cloudsecurity #devops #webdev

Applying NSGs, ASGs, and VMs to enforce secure communication between application tiers in Azure.

Project Overview

In this project, I built on top of my hub-and-spoke architecture by configuring network security controls within my Azure environment. The goal was to simulate a secure workload deployment where frontend web servers and backend databases can communicate safely, while still restricting unnecessary traffic.

This was my 19th Azure project, and it focused on Application Security Groups (ASGs) and Network Security Groups (NSGs).

Objectives

Deploy VMs in the frontend and backend subnets of app-vnet.

Create and associate an Application Security Group (ASG) for frontend servers.

Create and associate a Network Security Group (NSG) for the backend subnet.

Configure inbound rules to allow secure SSH traffic from the frontend ASG to backend servers.

Architecture Diagram

Create an Application Security Group (ASG)

Name: app-frontend-asg

Region: East US

Resource Group: RG1

Associated it with VM1 (frontend web server).

Create and Associate a Network Security Group (NSG)

Name: app-vnet-nsg

Associated with backend subnet of app-vnet.

Add Inbound Security Rule

Rule to allow SSH traffic from frontend ASG to backend servers.

**Property **Value
**Source **Any
**Destination **ASG (app-frontend-asg)
**Service **SSH
**Action **Allow
**Priority **100
**Name **AllowSSH

Key Takeaways

ASGs simplify security by grouping VMs logically instead of by IP.

NSGs filter inbound and outbound traffic at subnet and NIC levels.

Subnet separation (frontend/backend) provides a strong security layer.

Using ASG + NSG together creates scalable and easy-to-manage security policies.

Next Steps

Add Azure Firewall for centralized control.

Configure UDRs to route traffic through the firewall.

Deploy a sample web app and database for end-to-end testing.

Closing Thoughts

This project deepened my understanding of network isolation and security in Azure. Configuring NSGs and ASGs is one of the most practical skills for both certification prep and real-world deployments.

I would like to hear from others:
How do you usually design network security in Azure?

Azure #CloudSecurity #Networking #DevOps #LearnInPublic #CloudEngineering

Top comments (0)