question

AndreBruges-8545 avatar image
0 Votes"
AndreBruges-8545 asked Grmacjon-MSFT commented

Azure App Service migration assistant​ and Migration to Azure VDI security

Hello everyone,

Ive been studying some migration tools, that provided by Azure and i have doubts about the security of Azure App Service migration assistant​ and Migration to Azure VDI.

Ive seen the migration of VM's are incrypted by Migration appliance but i couldnt if Azure App Service migration assistant​ and Migration to Azure VDI encryipt traffic
in transit to Azure.

Can someone explain to me if those services encryipt the traffic or if i need to perform some configurations to guarantee this extra layer of security.

Thanks in advance :)

azure-webapps-migration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grmacjon-MSFT avatar image
0 Votes"
Grmacjon-MSFT answered Grmacjon-MSFT commented

Hi @AndreBruges-8545,

Apologies for the delayed response. In general, Azure offers many mechanisms for keeping data private as it moves from one location to another. Azure App Service applications support both non-encrypted HTTP requests, and encrypted HTTPS requests.

Based on this Azure encryption overview documentation :

"Whenever Azure Customer traffic moves between datacenters-- outside physical boundaries not controlled by Microsoft (or on behalf of Microsoft)-- a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards (also known as MACsec) is applied from point-to-point across the underlying network hardware. The packets are encrypted and decrypted on the devices before being sent, preventing physical “man-in-the-middle” or snooping/wiretapping attacks. Because this technology is integrated on the network hardware itself, it provides line rate encryption on the network hardware with no measurable link latency increase. This MACsec encryption is on by default for all Azure traffic traveling within a region or between regions, and no action is required on customers’ part to enable."

To learn more please read these documents:
Azure security baseline for Windows Virtual Desktop
Security best practices


Hope that helps. Please let us know if you have further questions

Thanks,
Grace


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello thanks for your answer.

I couldn't understand if by using app service migration assistant my data will be encrypted in transit.

Thanks in advance :)

0 Votes 0 ·

Hello @AndreBruges-8545,


For App Service Migration Assistant all the steps related to migration of data use https connections. However the tooling does not separately encrypt before send/decrypt at destination using a custom scheme.

Thanks,
-Grace

0 Votes 0 ·

Hello @AndreBruges-8545,

Please feel free to "Accept the answer" if the above information helped you.

Best,
Grace

0 Votes 0 ·