Microsoft has expanded the SDN functionality of Windows Admin Center (WAC) 2211. New capabilities should better protect the Azure Stack HCI service from outside threats.
The SDN functionality provides protection for Azure Stack HCI. New default networking capabilities in Azure Stack were high on customers’ wish lists, Microsoft said.
Default Network Policies in existing Network Security Groups (NSGs) are now unified on Azure Stack HCI. Policies are enabled by default when users upgrade their environment to Azure Stack HCI 22H2.
Default Network Policies help users prevent lateral attacks. Examples of rules include ‘open some ports’, ‘use existing NSG’ and ‘no protection’. The first option allows users to select different inbound ports and full outbound access from virtual machines (VMs).
Microsoft also introduced self-defined security tags for network microsegmentation. This eliminates the need for users to tag ranges of IP addresses for NSG control. Now, they can create their own tags to classify VMs and assign NSGs based on these tags.
Kerberos support was added as well. Kerberos clusters allow a higher level of security when accessing and updating SDN resources. With this, network controllers, load balancers and gateways can be deployed followed by Kerberos for an additional network authentication layer. This layer does not affect the management of the VMs or SDN features.