Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Network Access Restrictions #14

Open
garretwyman opened this issue Jul 29, 2024 · 2 comments
Open

Allow Network Access Restrictions #14

garretwyman opened this issue Jul 29, 2024 · 2 comments

Comments

@garretwyman
Copy link

This is a feature request to setup App Service like access restrictions to the Azure Managed Grafana with options to:

  1. Enable from all networks (no restrictions / full public access)
  2. Enabled from select virtual networks and IP addresses
  3. Disable public access

This is already being done with Azure App Services that looks like this:
image

This will add more security to the Azure Managed Grafana instance.

@weng5e
Copy link
Member

weng5e commented Aug 15, 2024

Thanks for your feedback and interest! However, we will not add support for such experiences due to they are previous generations of Azure network isolation solutions. To ensure azure products are providing an uniform experience, there is an Azure wide policy for newer azure products to implement the same set of network features. e.g. "Enabled from select virtual networks" is a feature called service endpoint. Azure private endpoint is a newer generation network solution providing similar features as the previous generation product of service endpoint. Azure Managed Grafana has private endpoint support.

@garretwyman
Copy link
Author

@weng5e Thanks for the reply. The big difference I see between "service endpoint" and "private endpoint" is in order to access the private endpoint from VPN/On-prem it would require some sort of VPN/Express route, where service endpoint is still accessed publicly, but allows restrictions to that public endpoint. We don't have an express route, so the private IP is not accessible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants