Traffic through Microsoft Backbone Network

Question

Hello Experts,

I have following query.

Would like to know how to get a evidence or is there any logs generated & that we need to capture; when traffic initiated by VM (with private IP) tries to access Storage account 'service endpoint' then traffic traverse through Microsoft backbone network, However if Customer is asking for evidence or logs then whether we need to raise ticket with Microsoft or is there any other way or solution to provide the evidence.

Accepted Answer

Hi Raviraj,

I understand that you need this evidence of only internal communication to be compliant with your customer security . Here some options:

Let me start with the easy way to do it by taking the screenshot before and after enable the Storage service Endpoint on the proper virtual network: VM>Networking >Network settings > Network interfaceName > Help > Effective Routes. You will notice that is added new routes to the effective routes to send the traffice by azure backbone instead of use public IP.
Besides the first option you can provide evidence of this by logs , you can use Azure Monitor Logs and Azure Storage Analytics logging. In this case you need first to enable the diagnostic setting on VM and storage and query the logs according to check the network callers ips for example.
Finally if you require to insolated completely the traffice beetween the VM and Storage account , I recommend you to use Azure Private Link (Private endpoint) on your storage account to enable a communication by the private IPs defined on yout own vnet.

References:

If the information helped address your question, please Accept the answer.

Luis

Share via

Traffic through Microsoft Backbone Network

0 additional answers

Your answer