/ / / How to Implement Virtual Networking in Azure

Thursday, July 15, 2021

thumbnail

How to Implement Virtual Networking in Azure

Objectives

In this article, you will:

  • Task 1: Create and configure a virtual network
  • Task 2: Deploy virtual machines into the virtual network
  • Task 3: Configure private and public IP addresses of Azure VMs
  • Task 4: Configure network security groups
  • Task 5: Configure Azure DNS for internal name resolution
  • Task 6: Configure Azure DNS for external name resolution

Task 1: Create and configure a virtual network

In this task, you will create a virtual network with multiple subnets by using the Azure portal

  1. Sign in to the https://portal.azure.com.

  2. In the Azure portal, search for and select Virtual networks, and, on the Virtual networks blade, click + Add.

  3. Create a virtual network with the following settings (leave others with their default values):

    SettingValue
    Subscriptionthe name of the Azure subscription you will be using in this lab
    Resource Groupthe name of a new resource group az104-04-rg1
    Nameaz104-04-vnet1
    Regionthe name of any Azure region available in the subscription you will use in this lab

  4. Click Next : IP Addresses and enter the following values

    SettingValue
    IPv4 address space10.40.0.0/20

  5. Click + Add subnet enter the following values then click Add

    SettingValue
    Subnet namesubnet0
    Subnet address range10.40.0.0/24

  6. Accept the defaults and click Review and Create. Let validation occur, and hit Create again to submit your deployment.

    Note: Wait for the virtual network to be provisioned. This should take less than a minute.

  7. Click on Go to resource

  8. On the az104-04-vnet1 virtual network blade, click Subnets and then click + Subnet.

  9. Create a subnet with the following settings (leave others with their default values):

    SettingValue
    Namesubnet1
    Address range (CIDR block)10.40.1.0/24
    Network security groupNone
    Route tableNone

  10. Click Save

Task 2: Deploy virtual machines into the virtual network

In this task, you will deploy Azure virtual machines into different subnets of the virtual network by using an ARM template

  1. In the Azure portal, open the Azure Cloud Shell by clicking on the icon in the top right of the Azure Portal.

  2. If prompted to select either Bash or PowerShell, select PowerShell.

    If this is the first time you are starting Cloud Shell and you are presented with the You have no storage mounted message, select the subscription you are using in this lab, and click Create storage.

  3. In the toolbar of the Cloud Shell pane, click the Upload/Download files icon, in the drop-down menu, click Upload and upload the files \Allfiles\Labs\04\az104-04-vms-loop-template.json and \Allfiles\Labs\04\az104-04-vms-loop-parameters.json into the Cloud Shell home directory.

    You might need to upload each file separately.

  4. From the Cloud Shell pane, run the following to deploy two virtual machines by using the template and parameter files you uploaded:

    powershell
    $rgName = 'az104-04-rg1'

New-AzResourceGroupDeployment `
  -ResourceGroupName $rgName `
  -TemplateFile $HOME/az104-04-vms-loop-template.json `
  -TemplateParameterFile $HOME/az104-04-vms-loop-parameters.json

    This method of deploying ARM templates uses Azure PowerShell. You can perform the same task by running the equivalent Azure CLI command az deployment create (for more information, refer to Deploy resources with Resource Manager templates and Azure CLI.

    Wait for the deployment to complete before proceeding to the next task. This should take about 2 minutes.

  5. Close the Cloud Shell pane.

Task 3: Configure private and public IP addresses of Azure VMs

In this task, you will configure static assignment of public and private IP addresses assigned to network interfaces of Azure virtual machines.

Private and public IP addresses are actually assigned to the network interfaces, which, in turn are attached to Azure virtual machines, however, it is fairly common to refer to IP addresses assigned to Azure VMs instead.

  1. In the Azure portal, search for and select Resource groups, and, on the Resource groups blade, click az104-04-rg1.

  2. On the az104-04-rg1 resource group blade, in the list of its resources, click az104-04-vnet1.

  3. On the az104-04-vnet1 virtual network blade, review the Connected devices section and verify that there are two network interfaces az104-04-nic0 and az104-04-nic1 attached to the virtual network.

  4. Click az104-04-nic0 and, on the az104-04-nic0 blade, click IP configurations.

    Verify that ipconfig1 is currently set up with a dynamic private IP address.

  5. In the list IP configurations, click ipconfig1.

  6. On the ipconfig1 blade, in the Public IP address settings section, select Associate, click + Create new, specify the following settings, and click OK:

    SettingValue
    Nameaz104-04-pip0
    SKUStandard

  7. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP address set to 10.40.0.4.

  8. Back on the ipconfig1 blade, save the changes. Make sure to wait for the save operation to complete before you proceed to the next step.

  9. Navigate back to the az104-04-vnet1 blade

  10. Click az104-04-nic1 and, on the az104-04-nic1 blade, click IP configurations.

    Verify that ipconfig1 is currently set up with a dynamic private IP address.

  11. In the list IP configurations, click ipconfig1.

  12. On the ipconfig1 blade, in the Public IP address settings section, select Associate, click + Create new, specify the following settings, and click OK:

    SettingValue
    Nameaz104-04-pip1
    SKUStandard

  13. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP address set to 10.40.1.4.

  14. Back on the ipconfig1 blade, save the changes.

  15. Navigate back to the az104-04-rg1 resource group blade, in the list of its resources, click az104-04-vm0, and from the az104-04-vm0 virtual machine blade, note the public IP address entry.

  16. Navigate back to the az104-04-rg1 resource group blade, in the list of its resources, click az104-04-vm1, and from the az104-04-vm1 virtual machine blade, note the public IP address entry.

    You will need both IP addresses in the last task of this lab.

Task 4: Configure network security groups

In this task, you will configure network security groups in order to allow for restricted connectivity to Azure virtual machines.

  1. In the Azure portal, navigate back to the az104-04-rg1 resource group blade, and in the list of its resources, click az104-04-vm0.

  2. On the az104-04-vm0 overview blade, click Connect, click RDP in the drop-down menu, on the Connect with RDP blade, click Download RDP File using the Public IP address and follow the prompts to start the Remote Desktop session.

  3. Note that the connection attempt fails.

    This is expected, because public IP addresses of the Standard SKU, by default, require that the network interfaces to which they are assigned are protected by a network security group. In order to allow Remote Desktop connections, you will create a network security group explicitly allowing inbound RDP traffic from Internet and assign it to network interfaces of both virtual machines.

  4. In the Azure portal, search for and select Network security groups, and, on the Network security groups blade, click + Add.

  5. Create a network security group with the following settings (leave others with their default values):

    SettingValue
    Subscriptionthe name of the Azure subscription you are using in this lab
    Resource Groupaz104-04-rg1
    Nameaz104-04-nsg01
    Regionthe name of the Azure region where you deployed all other resources in this lab

  6. Click Review and Create. Let validation occur, and hit Create to submit your deployment.

    Wait for the deployment to complete. This should take about 2 minutes.

  7. On the deployment blade, click Go to resource to open the az104-04-nsg01 network security group blade.

  8. On the az104-04-nsg01 network security group blade, in the Settings section, click Inbound security rules.

  9. Add an inbound rule with the following settings (leave others with their default values):

    SettingValue
    SourceAny
    Source port ranges*
    DestinationAny
    ServiceRDP
    ActionAllow
    Priority300
    NameAllowRDPInBound

  10. On the az104-04-nsg01 network security group blade, in the Settings section, click Network interfaces and then click + Associate.

  11. Associate the az104-04-nsg01 network security group with the az104-04-nic0 and az104-04-nic1 network interfaces.

    It may take up to 5 minutes for the rules from the newly created Network Security Group to be applied to the Network Interface Card.

  12. Navigate back to the az104-04-vm0 virtual machine blade.

    In the subsequent steps, you will verify that you can successfully connect to the target virtual machine and sign in by using the Student username and Pa55w.rd1234 password.

  13. On the az104-04-vm0 blade, click Connect, click RDP, on the Connect with RDP blade, click Download RDP File using the Public IP address and follow the prompts to start the Remote Desktop session.

    This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.

    You can ignore any warning prompts when connecting to the target virtual machines.

  14. When prompted, sign in by using the Student username and Pa55w.rd1234 password.

    Leave the Remote Desktop session open. You will need it in the next task.

Task 5: Configure Azure DNS for internal name resolution

In this task, you will configure DNS name resolution within a virtual network by using Azure private DNS zones.

  1. In the Azure portal, search for and select Private DNS zones and, on the Private DNS zones blade, click + Add.

  2. Create a private DNS zone with the following settings (leave others with their default values):

    SettingValue
    Subscriptionthe name of the Azure subscription you are using in this lab
    Resource Groupaz104-04-rg1
    Namecontoso.org

  3. Click Review and Create. Let validation occur, and hit Create again to submit your deployment.

    Wait for the private DNS zone to be created. This should take about 2 minutes.

  4. Click Go to resource to open the contoso.org DNS private zone blade.

  5. On the contoso.org private DNS zone blade, in the Settings section, click Virtual network links

  6. Click + Add to create a virtual network link with the following settings (leave others with their default values):

    SettingValue
    Link nameaz104-04-vnet1-link
    Subscriptionthe name of the Azure subscription you are using in this lab
    Virtual networkaz104-04-vnet1
    Enable auto registrationenabled

  7. Click OK.

    Note: Wait for the virtual network link to be created. This should take less than 1 minute.

  8. On the contoso.org private DNS zone blade, in the sidebar, click Overview

  9. Verify that the DNS records for az104-04-vm0 and az104-04-vm1 appear in the list of record sets as Auto registered.

    Note: You might need to wait a few minutes and refresh the page if the record sets are not listed.

  10. Switch to the Remote Desktop session to az104-04-vm0, right-click the Start button and, in the right-click menu, click Windows PowerShell (Admin).

  11. In the Windows PowerShell console window, run the following to test internal name resolution in the newly created private DNS zone:

    powershell
    nslookup az104-04-vm0.contoso.org
nslookup az104-04-vm1.contoso.org

  12. Verify that the output of the command includes the private IP address of az104-04-vm1 (10.40.1.4).

Task 6: Configure Azure DNS for external name resolution

In this task, you will configure external DNS name resolution by using Azure public DNS zones.

  1. In the web browser on the SEA-DEV lab system, open a new tab and navigate to <https://www.godaddy.com/domains/domain-name-search>.

  2. Use the domain name search to identify a domain name which is not in use.

  3. In the Azure portal, search for and select DNS zones and, on the DNS zones blade, click + Add.

  4. Create a DNS zone with the following settings (leave others with their default values):

    SettingValue
    Subscriptionthe name of the Azure subscription you are using in this lab
    Resource Groupaz104-04-rg1
    Namethe DNS domain name you identified earlier in this task

  5. Click Review and Create. Let validation occur, and hit Create again to submit your deployment.

    Wait for the DNS zone to be created. This should take about 2 minutes.

  6. Click Go to resource to open the blade of the newly created DNS zone.

  7. On the DNS zone blade, click + Record set.

  8. Add a record set with the following settings (leave others with their default values):

    SettingValue
    Nameaz104-04-vm0
    TypeA
    Alias record setNo
    TTL1
    TTL unitHours
    IP addressthe public IP address of az104-04-vm0 which you identified in the third exercise of this lab

  9. Click OK

  10. On the DNS zone blade, click + Record set.

  11. Add a record set with the following settings (leave others with their default values):

    SettingValue
    Nameaz104-04-vm1
    TypeA
    Alias record setNo
    TTL1
    TTL unitHours
    IP addressthe public IP address of az104-04-vm1 which you identified in the third exercise of this lab

  12. Click OK

  13. On the DNS zone blade, note the name of the Name server 1 entry.

  14. In the Azure portal, open the PowerShell session in Cloud Shell by clicking on the icon in the top right of the Azure Portal.

  15. From the Cloud Shell pane, run the following to test external name resolution of the az104-04-vm0 DNS record set in the the newly created DNS zone (replace the placeholder [Name server 1] with the name of Name server 1 you noted earlier in this task and the [domain name] placeholder with the name of the DNS domain you created earlier in this task):

    powershell
    nslookup az104-04-vm0.[domain name] [Name server 1]

  16. Verify that the output of the command includes the public IP address of az104-04-vm0.

  17. From the Cloud Shell pane, run the following to test external name resolution of the az104-04-vm1 DNS record set in the the newly created DNS zone (replace the placeholder [Name server 1] with the name of Name server 1 you noted earlier in this task and the [domain name] placeholder with the name of the DNS domain you created earlier in this task):

    powershell
    nslookup az104-04-vm1.[domain name] [Name server 1]

  18. Verify that the output of the command includes the public IP address of az104-04-vm1.

Clean up resources

Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges.

  1. In the Azure portal, open the PowerShell session within the Cloud Shell pane.

  2. List all resource groups created throughout the labs of this module by running the following command:

    powershell
    Get-AzResourceGroup -Name 'az104-04*'

  3. Delete all resource groups you created throughout the labs of this module by running the following command:

    powershell
    Get-AzResourceGroup -Name 'az104-04*' | Remove-AzResourceGroup -Force -AsJob

    The command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed.

Review

In this lab, you have:

  • Created and configured a virtual network
  • Deployed virtual machines into the virtual network
  • Configured private and public IP addresses of Azure VMs
  • Configured network security groups
  • Configured Azure DNS for internal name resolution
  • Configured Azure DNS for external name resolution

Tags : ,

Subscribe by Email

Follow Updates Articles from This Blog via Email

at

No Comments

Powered by Blogger.