Difference between recovery service vault using public access and private access

Question

Difference between recovery service vault using public access and private access

Martin Thong 60

I tried using creating a recovery service vault using both methods, public and private access with no private endpoints. I can restore the same way in the portal. How can I demonstrate the difference in access type?

Tech-Hyd-1989 5,816 Reputation points

2023-04-20T07:05:18.0333333+00:00
Hello Martin Thong

To demonstrate the difference in access types for a Recovery Service Vault (RSV), you can follow the steps below:

Create a new RSV in the Azure portal using the Private access type.

Navigate to the Access control (IAM) tab for the RSV and add a new role assignment for a user or group that has access to the subscription but not to the virtual network where the RSV is located. Assign the "Contributor" role to this user or group.

Try to restore a backup from the RSV using the Azure portal. You should not be able to restore the backup as the user or group you assigned the "Contributor" role to does not have access to the virtual network where the RSV is located.

Delete the RSV that was created in step 1.

Create a new RSV in the Azure portal using the Public access type.

Repeat steps 2 and 3. You should be able to restore the backup as the RSV can be accessed publicly and does not require access to the virtual network.

By demonstrating the difference between the two access types in this way, you can show the importance of using private access for RSVs that contain sensitive data and should only be accessible from within a specific virtual network.

Please accept answer if the above information is helpful for the benefit of the community.

1 answer

Your answer

Tech-Hyd-1989 5,816 Reputation points

2023-04-20T07:05:18.0333333+00:00

Hello Martin Thong

To demonstrate the difference in access types for a Recovery Service Vault (RSV), you can follow the steps below:

Create a new RSV in the Azure portal using the Private access type.

Navigate to the Access control (IAM) tab for the RSV and add a new role assignment for a user or group that has access to the subscription but not to the virtual network where the RSV is located. Assign the "Contributor" role to this user or group.

Try to restore a backup from the RSV using the Azure portal. You should not be able to restore the backup as the user or group you assigned the "Contributor" role to does not have access to the virtual network where the RSV is located.

Delete the RSV that was created in step 1.

Create a new RSV in the Azure portal using the Public access type.

Repeat steps 2 and 3. You should be able to restore the backup as the RSV can be accessed publicly and does not require access to the virtual network.

By demonstrating the difference between the two access types in this way, you can show the importance of using private access for RSVs that contain sensitive data and should only be accessible from within a specific virtual network.

Please accept answer if the above information is helpful for the benefit of the community.

Answer 1

Hello Martin Thong

To demonstrate the difference in access types for a Recovery Service Vault (RSV), you can follow the steps below:

Create a new RSV in the Azure portal using the Private access type.
Navigate to the Access control (IAM) tab for the RSV and add a new role assignment for a user or group that has access to the subscription but not to the virtual network where the RSV is located. Assign the "Contributor" role to this user or group.
Try to restore a backup from the RSV using the Azure portal. You should not be able to restore the backup as the user or group you assigned the "Contributor" role to does not have access to the virtual network where the RSV is located.
Delete the RSV that was created in step 1.
Create a new RSV in the Azure portal using the Public access type.
Repeat steps 2 and 3. You should be able to restore the backup as the RSV can be accessed publicly and does not require access to the virtual network. By demonstrating the difference between the two access types in this way, you can show the importance of using private access for RSVs that contain sensitive data and should only be accessible from within a specific virtual network.

Please accept answer and upvote if the above information is helpful for the benefit of the community.

SadiqhAhmed-MSFT 49,331 Reputation points Microsoft Employee Moderator

2023-04-24T14:18:26.35+00:00

@Martin Thong Have you had a chance to see the previous response? If the suggestions were helpful, click “Accept Answer” and Up-Vote. Feel free to reach out to us if you've additional questions in this regard.

Share via

Difference between recovery service vault using public access and private access

1 answer

Your answer