Networking
Connection to the hub is the pre-requisite for getting access to the on-prem network.
The hub itself has the following address space 10.0.0.0/16.
Upon request, we will peer a VNet in your subscription with the hub.
All Firewall related logs are in the Log Anlytics Workspace
/subscriptions/e4a6af88-cd23-4785-acd6-d7221f755be7/resourceGroups/law-rg-likvid-foundation/providers/Microsoft.OperationalInsights/workspaces/log-analytics-workspace
Hub and spoke vnet-peering
| name | address_space | description |
|---|---|---|
| glaskugel | 10.1.0.0/24 | Project Palantíri, stackholder Saruman |
| glaskugel | 10.2.1.0/24 | Project Palantíri dev, stackholder Saruman |
Subnets
| name | prefixes |
|---|---|
| Management | 10.0.192.0/18 |
| GatewaySubnet | 10.0.64.0/18 |
Firewall deployment is not enabled.
Network Security Group Management
| Name | Direction | Access | Protocol | Source Port Range | Destination Port Range | Source Address Prefix | Destination Address Prefix |
|---|---|---|---|---|---|---|---|
| allow-ssh | Inbound | Allow | Tcp | * | 22 | VirtualNetwork | VirtualNetwork |
| allow-rdp | Inbound | Allow | Tcp | * | 3389 | VirtualNetwork | VirtualNetwork |
Access to the central Network Hub is granted on a need-to-know basis to Auditors and Cloud Foundation Team members. The following Entra ID groups control access and are used to implement Privileged Access Management.
| group | description |
|---|---|
| cloudfoundation-network-admins | Privileged Cloud Foundation group. Members have access to Azure network resources Logs. |
Compliance Statements
no compliance statements provided