Introducing virtual networking and subnet delegation
As we saw in the previous section, identity management is a good method for restricting access to ADX clusters. We can control access at both the management and data plane levels, but our cluster is still available on the public internet. Anyone who knows the name of our cluster could potentially connect by guessing usernames and passwords.
Like a lot of Azure resources, such as storage accounts and Azure SQL, they are accessible on the internet by default. The problem with this default deployment is that we cannot restrict inbound and outbound traffic. Azure supports advanced deployments that allow us to deploy resources within a virtual network. Virtual networks let us create private networks on Azure to isolate and restrict access to our resources, such as virtual machines, ADX clusters, and so on.
Deploying our ADX cluster in a virtual network gives us more control over inbound and outbound traffic. We can use NSGs to...