Associate an ASG to a NIC

5.1 Network Security Groups (NSGs) and ASGs

📘Microsoft Azure Networking Solutions (AZ-700)

1. What is a NIC in Azure?

  • NIC stands for Network Interface Card.
  • In Azure, a NIC is a virtual network interface attached to a virtual machine (VM).
  • It’s like the “network port” through which a VM connects to an Azure Virtual Network (VNet).
  • Every NIC can have:
    • An IP address (private and optional public)
    • A security association (via NSGs)
    • Association with Application Security Groups (ASGs)

2. What is an ASG?

  • ASG stands for Application Security Group.
  • ASGs let you group VMs logically by application or function instead of by IP addresses.
  • Example of ASGs in an IT environment:
    • WebServers-ASG → all VMs running the web layer
    • DBServers-ASG → all VMs running databases
    • API-ASG → VMs hosting APIs

Why use ASGs?

  • Simplifies NSG rules.
  • You can write rules like:
    • “Allow HTTP traffic from WebServers-ASG to API-ASG”
  • No need to track individual IP addresses; ASG membership automatically applies rules.

3. Why Associate an ASG to a NIC?

  • To link the NIC of a VM to a specific ASG.
  • This allows NSG rules referencing that ASG to automatically apply to the VM.
  • Think of it as “registering a VM to a security group” so it inherits the rules.

4. Steps to Associate an ASG to a NIC

Option 1: Using Azure Portal

  1. Navigate to the VM’s NIC
    • In Azure Portal → Virtual Machines → Select your VM → Networking → NIC name.
  2. Check the “IP configurations”
    • You’ll see your NIC’s network settings.
  3. Assign ASG
    • Under IP configurationApplication Security Groups → Click + Associate → Select the ASG (e.g., WebServers-ASG) → Save.

Option 2: Using Azure PowerShell

# Example: Associate a NIC to an ASG
$nic = Get-AzNetworkInterface -Name "MyNIC" -ResourceGroupName "MyResourceGroup"
$asg = Get-AzApplicationSecurityGroup -Name "WebServers-ASG" -ResourceGroupName "MyResourceGroup"$nic.IpConfigurations[0].ApplicationSecurityGroups = $asg
Set-AzNetworkInterface -NetworkInterface $nic

Option 3: Using Azure CLI

# Example: Associate a NIC to an ASG
az network nic ip-config update \
  --name ipconfig1 \
  --nic-name MyNIC \
  --resource-group MyResourceGroup \
  --application-security-groups WebServers-ASG

5. Key Points for the Exam

  1. ASGs can only be associated to NICs, not directly to VMs.
  2. A NIC can belong to multiple ASGs.
  3. When you add a NIC to an ASG, NSG rules referencing the ASG automatically apply.
  4. Removing a NIC from an ASG means it no longer follows the rules targeting that ASG.
  5. ASGs simplify rule management because you don’t need to update IP addresses when VMs scale up or down.

6. Visual Flow (for understanding)

VM -> NIC -> Associate with ASG -> NSG rules targeting ASG applied
  • VM has NIC
  • NIC is linked to ASG
  • NSG contains rules referencing ASG
  • Traffic allowed or denied based on ASG membership

7. Exam Tips

  • Always remember: ASG = Logical grouping of NICs.
  • NSG rules can reference ASG names instead of IP addresses.
  • Focus on the association at the NIC level, not the VM.
  • Multiple NICs can belong to different ASGs, giving granular control.

Summary: Associating an ASG to a NIC allows you to control traffic efficiently in Azure. It decouples IP addresses from security rules, simplifies management for large deployments, and ensures NSG rules are applied dynamically to all VMs in the ASG.

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by