myDRE & Firewalls

myDRE & Firewalls

Introduction

For domain and URL-whitelisting a Firewall is required. anDREa can provide the following options
  1. Using your own organization's firewall with Bastion Architecture (preferred)
  2. Using your own organization's firewall
  3. Deploying an Azure Firewall in your Shared Resource Subscription

Using your own organization's firewall with Bastion

Technical setup:
  1. In the Shared Resource Subscription
    1. a Gateway will be deployed that connects the Workspaces with the organization's firewall
    2. Bastion will be deployed
  2. Costs approximately (excl. firewall, Gateway only):
    1. Excl firewall, Gateway only: ????
    2. anDREa / myDRE optional services: Bastion
Advantages
  1. No extra costs for the firewall / firewall can be used for other use cases in the organization
  2. Bastion = RDP-over-HTML + no public IP address for VMs
    1. Safer, Windows and Linux (SSH and GUI, no Windows stepping stone)
Disadvantages
  1. Your organization must have an external firewall
  2. Costs of Bastion: anDREa / myDRE optional services: Bastion

Deployment & configuration
  1. Will be done by anDREa for use with myDRE
    1. deploy, initial set of rules, peerings, and RBAC configuration
    2. non myDRE usage of the Firewall is up to the Tenant to configure and maintaing
Maintenance (optionally)
  1. anDREa will provide configuration updates/changes in generic networking terms necessary necessary for myDRE
  2. General maintenance, previous point, can be done by anDREa but requires a contract 
    1. version upgrades, API changes, etc
    2. anDREa will not do changes related to on-premise or cross network connectivity



Using your own organization's firewall

Technical setup:
  1. In the Shared Resource Subscription a Gateway will be deployed that connects the Workspaces with the organization's firewall
  2. Costs approximately (excl. firewall, Gateway only):
    1. ????
Advantages
  1. No extra costs for the firewall / firewall can be used for other use cases in the organization
Disadvantages
  1. Your organization must have an external firewall
Deployment & configuration
  1. anDREa will provide the required configuration values in generic networking terms necessary for myDRE
    1. e.g. application rule to allow traffic to collection of URLs for update management, collection of URLs for Azure Platform diagnostics, Network rules collection, Peering expectations
Maintenance
  1. anDREa will provide configuration updates/changes in generic networking terms necessary for myDRE timely




Deploying an Azure Firewall in your Shared Resource Subscription

Technical setup:
  1. In the Shared Resource Subscription an Azure Firewall will be deployed
  2. Costs approximately
    1. For domain whitelisting (e.g. github.com) only: anDREa / myDRE optional services: domain whitelisting
    2. For URL whitelisting (e.g. github.com/myrepo), only: anDREa / myDRE optional services: URL whitelisting
  1. Or, see https://azure.microsoft.com/en-gb/pricing/details/azure-firewall/#pricing
    1. your contract might have different rates
    2. If your organization has already Azure Firewall Premium, that one can be used. 



Advantages
  1. No extra costs for the firewall / firewall can be used for other use cases in the organization
Disadvantages
  1. The costs
  2. The Firewall cannot be (easily) used for workloads other than myDRE Workspaces




    • Related Articles

    • myDRE - pencilling out the Shared Tenant

      First version: 2021-05-27 Last updated: 2021-05-27 Introduction The following short videos give a quick mental picture of myDRE as a Shared Tenant. The view point taken is that how the enrolment takes place; the technical process on how to make myDRE ...
    • anDREa & myDRE - an Introduction

      Introduction The ultimate proof is in the eating as goes for myDRE. However, you might want to get a taste first. The short videos below give a quick insight. Why myDRE was created Duration: 1:31  (2022-11-15) History of anDREa BV Duration: 4:46 ...
    • myDRE and IAM

      Current implementation Every user will get their own @mydre.org username. Security - every user is subject to the same policies No guest-accounts Minimally every 24h Multi-Factor Authentication (MFA) is required Trusted devices cannot be created ...
    • anDREa & myDRE Information Package

      All the material below is copyrighted by anDREa BV, it is free to be used in connection and only in connection to anDREa B.V. or myDRE. All the content of all the linked presentations, posters, and other material is the same and is subject to ...
    • myDRE as a SaaS

      Introduction myDRE is a product developed and maintained by anDREa BV that allows a Service Provider to offer services to Tenants. Each Tenant is able to self-service create Workspaces for storing and processing data. The Service Provider operates ...