Support for Network Security Perimeter (NSP)

[arjankohli]

I would love the ability to define an IP Whitelist firewall rule on my configuration services.

This would benefit customers that are running in hybrid multi-cloud + on-prem environments, where traffic to the configuration service needs to originate from outside Azure data-centers.

Azure Key Vault already supports this functionality, but protecting configuration services in the same manner creates defense in depth.

Many corporate environments have a strong desire to protect all configuration (not just vaulted secrets), because compromising and changing non-sensitive configuration can modify application behavior and create a denial of service.

[jhzhu89]

Hi @arjankohli

Network Security Perimeter (NSP) is the right path forward, and we’ll be adding NSP support on our side as well. You can find a good overview here:

https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts

[zhenlan]

@arjankohli I updated the title of this issue and use it to track our support for NSP in the roadmap.