Azure — Application Security Group (ASG) Overview
Introduction to Application Security Group (ASG) in Azure — What is ASG?
TL;DR:
Application Security Groups helps to manage the security of Virtual Machines by grouping them according the applications that runs on them. It is a feature that allows the application-centric use of Network Security Groups.
This approach allows for the grouping of Virtual Machines logically, irrespective of their IP address or subnet assignment within a Virtual Network.
What is ASG?
Normally when you deploy a network security group (NSG) it is either assigned to a NIC or a subnet (preferred). If you deploy that NSG to a subnet then the rules apply to all of the NICs, or virtual machines, in that subnet. This is OK when you’re deploying a new system where you can easily place virtual machines into subnets, and treat each subnet as its own security zone. But in the real world, things aren’t always that clean, and you might need something that allows a more dynamic or flexible means of assigning rules to some machines in a subnet.
ASGs are used within a NSG to apply a network security rule to a specific workload or group of VMs — defined by ASG worked as being the “network object” & explicit IP addresses are added to this object. This provides…