Understanding security in your MDWH
When you are using Azure services, there are always two aspects regarding security. You can set up access control where you grant or revoke Role-Based Access Control (RBAC) roles or Access Control Lists (ACLs).
We have touched on these concepts already in Chapter 3, Understanding the Data Lake Storage Layer, and in other chapters too when we have set up services and their connections.
The other perspective in the security topic is networking, such as when you want to hide your services completely from the outside world and the so-called public internet. You can peer your on-premise network to Azure Virtual Network. Typically, you will set up a so-called landing zone from where you will route traffic to the target services, such as your data lake, for example, or your Azure Synapse workspace with its computes.
Additionally, you will then implement IP firewall rules for the services that you are securing.
