Reputation: 1069
Internal HTTP request between two VMs in Azure - is it secure by default or do I need to send HTTPS requests?
I was able to find that Google Cloud makes sure that any requests which move out of its physical environment undergo mandatory encryption, refer to (pg6 under heading Virtual Machine to Virtual Machine of) this link
Do Azure (and AWS) follow a similar procedure? I would appreciate if someone can point me to an official link. I was not able to find it in Azure docs.
Thanks
Upvotes: 1
Views: 812
Answers (1)
Reputation: 28284
Azure supports various encryption models, including server-side encryption, client-side encryption, Azure disk encryption and so on. Read Azure encryption overview.
For data in transit, you will see that Azure always encrypt traffic between your cloud-hosted resources and external networks or the public internet.
Data in transit is data moving between resources on the internal, between datacenters or external networks, or over the internet.
Data in transit is usually encrypted by requiring SSL/TLS protocols for network traffic. Always encrypt traffic between your cloud-hosted resources and external networks or the public internet. PaaS resources typically enforce SSL/TLS encryption by default. Your cloud adoption teams and workload owners should consider enforcing encryption for traffic between IaaS resources hosted inside your virtual networks.
Azure VM in Azure is not an individual resource. It must be deployed in an Azure virtual network, which is the fundamental building block for your private network in Azure. VNet enables Azure VMs, to securely communicate with each other, the internet, and on-premises networks. You also could secure VNet using the network security group. So, the internal traffic between two VMs in a VNet is secure. If the VMs in different VNets, you cloud peer two VNets with each other. The traffic between VMs in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between VMs in the same VNet, through private IP addresses only.
Even the traffic in an Azure VNet is secure but the HTTP request is not secure by default. HTTP requests and responses are sent in plaintext, which means that anyone can read them. HTTPS corrects this problem by using TLS/SSL encryption. You could also consider using HTTPS requests.
Hope this could help you.
Upvotes: 1
Related Questions
- HTTPS/SSL certificate in Azure VM endpoints
- How to configure HTTPs support for application running on Azure VM
- How to use Azure's Encryption at Rest via REST API
- ssl secure when i add HTTP(S) on azure?
- Azure: Is it possible to use HTTPS on non-ms VMs?
- How does SSL work in Windows Azure Virtual Machine?
- HTTPS on Azure Virtual Machine
- Types of communication between azure virtual machines (IaaS)
- Do Azure websites support https with node.js?
- How secure are Windows Azure internal endpoints?