本文阐述了 Azure 中继中内置的安全控制。This article documents the security controls built into Azure Relay.
安全控制是促使 Azure 服务能够防范、检测和响应安全漏洞的一种服务质量或功能。A security control is a quality or feature of an Azure service that contributes to the service's ability to prevent, detect, and respond to security vulnerabilities.
对于每项控制,我们使用“Yes”或“No”来指示它当前是否用于该服务,对于不适用于该服务的控制为“N/A”。For each control, we use "Yes" or "No" to indicate whether it is currently in place for the service, "N/A" for a control that is not applicable to the service.我们还可能会提供有关属性的更多信息的注释或链接。We might also provide a note or links to more information about an attribute.
网络Network
安全控制Security control
Yes/NoYes/No
注释Notes
文档Documentation
服务终结点支持Service endpoint support
否No
网络隔离和防火墙支持Network isolation and firewalling support
服务器端静态加密:Azure 托管的密钥Server-side encryption at rest: Azure-managed keys
空值N/A
中继是一个 Web 套接字,不保存数据。Relay is a web socket and does not persist data.
服务器端静态加密:客户管理的密钥 (BYOK)Server-side encryption at rest: customer-managed keys (BYOK)
否No
仅使用 Azure TLS 证书。Uses Azure TLS certs only.
列级加密(Azure 数据服务)Column level encryption (Azure Data Services)
空值N/A
传输中加密(例如 ExpressRoute 加密、VNet 中加密,以及 VNet-VNet 加密)Encryption in transit (such as ExpressRoute encryption, in VNet encryption, and VNet-VNet encryption)
是Yes
服务需要 TLS。Service requires TLS.
加密的 API 调用API calls encrypted
是Yes
HTTPS。HTTPS.
配置管理Configuration management
安全控制Security control
Yes/NoYes/No
注释Notes
文档Documentation
配置管理支持(配置的版本控制等)Configuration management support (versioning of configuration, etc.)
