Security with Azure and NGINX

NGINX Management with NGINX Controller

NGINX Controller is a separate and optional product from NGINX, Inc. that manages the NGINX data plane and the entire lifecycle of NGINX Plus under these configurations:

  • Load Balancer
  • API Gateway
  • Proxy in a service mesh environment

This optional and separate NGINX product is fully functional within Azure and provides an additional or exclusive way to manage NGINX without the use of Azure Security Center, Azure Monitor or the Azure Portal or PowerShell.


Monitoring NGINX in Azure

Azure Security Center with NGINX

Azure Security Center (ASC) is a service that comes in a free tier with limited functionality and a fee-based standard tier with a complete set of security capabilities for organizations that need enhanced functionality. The free tier monitors compute, network, storage, and application resources in Azure. It also provides security policy, security assessment, security recommendations, and the ability to connect with other security partner solutions. The standard tier includes all the capabilities of the free tier for on-prem environments (private cloud) as well as other public clouds such as AWS and Google Cloud Platform (GCP). The standard tier also includes many more security features along with the following critical security controls:

  • Built-in and custom alerts
  • Security event collection and advanced search
  • Just-in-time VM access
  • Application white listing


NGINX Plus and Microsoft Azure Load Balancers

Microsoft Azure have three options for load balancing:

  • NGINX Plus,
  • the Azure load balancing services, or
  • NGINX Plus in conjunction with the Azure load balancing services.

The following aims to give you enough information to decide which best works for you and shows you how using NGINX Plus with Azure Load Balancer can give you a highly available HTTP load balancer with rich Layer 7 functionality.


Installing NGINX via ARM and PowerShell

Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. You can use its access control, auditing, and tagging features to secure and organize your resources after deployment.

There are no prebuilt ARM templates or PowerShell scripts available from NGINX currently. However, there is nothing preventing the creation of an ARM template and PowerShell script based on your custom deployment requirements for Azure using your custom VM images previously created.

The following provides an example of creating an Ubuntu 16.04 LTS marketplace image from Canonical along with the NGINX web server using the Azure Cloud Shell and the Azure PowerShell module.