Network security

Protect data with network technologies that block intrusions and attacks

Protecting the security and confidentiality of network traffic, whether in the cloud or on-premises, is a critical part of any data protection strategy. Securing the network infrastructure helps prevent attacks, block malware, and protect your data from unauthorized access, interrupted access, or loss.

In the public cloud, the isolation of customer infrastructure is fundamental to maintaining security. Azure, on which most cloud services based on Microsoft technology are built, accomplishes this primarily through a distributed virtual firewall, partitioned local area networks (LANs), and physical separation of back-end servers from public-facing interfaces. Customers can deploy multiple logically isolated private networks, and each virtual network is isolated from the other virtual networks. For on-premises customers, Windows Server 2016 includes firewall, threat analytics, and numerous network security features.

Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet networking provide the infrastructure necessary to securely connect services and clients to one another and to connect on-site datacenters with Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services. The Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services network infrastructure blocks undesirable traffic to and within datacenters, using a variety of technologies such as firewalls, partitioned local area networks (LANs), and the physical separation of back-end servers from public-facing interfaces.

Secure identity

21Vianet‘s cloud services that are built on Azure use Microsoft Entra ID for identity management, authentication, and access control. For on-premises customers, Windows Server 2016 uses Active Directory Domain Services (AD DS).

Microsoft Entra ID and AD DS help ensure that only authorized users can access your network environment, data, and applications, and provide Azure Multi-Factor Authentication for highly secure sign in. With Multi-Factor Authentication, you can require users to verify their sign-in with a mobile application, phone call, or text message.

Secure infrastructure

21Vianet uses several network security technologies to protect your cloud services and Customer Data, and block attacks.

  • Firewalls help protect network perimeters, subnets, and local machines (including virtual machines). Perimeter firewalls filter packets coming into the network. If malicious traffic has managed to bypass network-level controls, operating system firewalls provide another layer of protection by allowing or denying packets coming into the local system.
  • Intrusion detection systems/intrusion prevention systems detect and identify suspicious or undesirable activities that indicate intrusion, proactively drop packets that are determined to be undesirable, and disconnect unauthorized connections.
  • Partitioned LANs enable you to separate traffic by segmenting your virtual networks and control how traffic passes between different IP subnets.
  • Multi-tier topology enables you to allocate subnets and designate separate address spaces for different elements of your workload. These logical groupings and topologies mean you can define different access policies based on workload types.
  • Traffic isolation helps ensure that your virtual machines (VMs) and communications remain private within a virtual network.
  • Cross-premises connectivity enables you to establish connections between a virtual network and multiple on-premises sites, or other virtual networks in Azure, by using VPN gateways or third-party virtual appliances.
  • Access Control Lists are rules that you can create at different levels of granularity, including network interfaces, individual VMs, or virtual subnets. You can then control access by allowing or denying communications between workloads within a virtual network, from systems on your on-premises networks, or direct Internet communications.
  • Azure Security Center provides a centralized portal from which you can secure resources you place in Azure. When you enable Azure Security Center for your subscription or Resource Group, Azure Security Center provides recommendations and alerts for network security issues, with a centralized portal from which you can help secure your Azure deployments and prevent, detect, and respond to threats. It uses behavioral analytics and machine learning for effective threat detection and helps you build an attack timeline for faster remediation.

Secure apps and data

Microsoft Dynamics 365 and Microsoft Power Platform online services Operated by 21Vianet

Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet protects inbound network traffic via an Azure Application Gateway software load balancer. This Application Gateway is protected via SSL/TLS and enforces TLS 1.2 to protect customer sessions against man-in-the-middle attacks.

Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet implements Azure Network Security Groups to protect customer assets from external access.

Identity and access control patterns in Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet are entirely in the your control, with full Microsoft Entra ID integration.