Scribd
Upload
571 views25 pages

Az Project 104

Bluetim, a multinational manufacturer, wants to migrate its on-premises infrastructure supporting a dealer portal to Microsoft Azure for improved availability, scalability, and reliability. The portal faces performance issues due to excessive user traffic. Bluetim requires high availability across regions for disaster recovery. The Azure migration will involve setting up VMs, storage, load balancing, and monitoring across Central US and South India regions. Network and security configurations like VNet peering and firewalls must be established to connect resources securely across regions.

Uploaded by

Raashid Shahab
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
571 views25 pages

Az Project 104

Bluetim, a multinational manufacturer, wants to migrate its on-premises infrastructure supporting a dealer portal to Microsoft Azure for improved availability, scalability, and reliability. The portal faces performance issues due to excessive user traffic. Bluetim requires high availability across regions for disaster recovery. The Azure migration will involve setting up VMs, storage, load balancing, and monitoring across Central US and South India regions. Network and security configurations like VNet peering and firewalls must be established to connect resources securely across regions.

Uploaded by

Raashid Shahab
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Microsoft Azure Administrator Certification Project (AZ-104)

Lysa Ali
Bluetim company ltd
multinational electric manufacturer
Bluetim has various products like automatic sensors, semiconductors, switches, magnetic sensors, optical sensors and temperature sensors etc
All these products are shipped to various dealers in USA, UK, India and other countries

They have a Web base portal as frontend of application, and SQL backend databases for the dealers
the portal is accessed by many dealers in many countries
current infrastructure supports: User Administration, Networking, Storage, Load Balancers, High Availability, Traffic Management, Monitoring, Security & e-mail services

Dealers facing performance and technical issues accessing the site


dependant on robust IT based electric systems, dealer system is very critical
Bluetim decided to migrate to Azure Cloud from on-premises infrastructure. For HIGH Availability, Scalability, Durability, Reliability & Backup and Recovery

Due to the worldly operations and increase in number of users, this company is facing major challenges like:
website goes down due to excessive user traffic indicating High CPU usage in on-premises server/machine where the current application is deployed and security of the data that dealers access on-site

Customers facing performance problems like report generation, data read/write, lock contention with current databases*

Users request across these applications MUST be secure and available on demand
Bluetim requires its data to be replicated across its secondary datacentre for disaster recovery and failover during planned/unplanned maintenance
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Tech requirements
1. User Management / Azure Active Directory (AAD) Setup
Bluetim wants to migrate ALL on-site infrastructure to Az AD (skip for later)

2. Az Vnet setup
vnet needs to be set up in Az with required subnets, IPs, NSGs etc (ME & w/tutor)

3. Dealer website
Dealer application will be deployed in cloud and hosted in 2 different datacentres: central US and South India
applications and database will be deployed in Az VMs in 2 different datacentres in case of failure/unplanned events (Availability zones/sets)
(Please note: Dealer website can be created using a simple html tag and deployed in two different Azure datacentre VMs)
dummy resources? STATIC WEB APP!

4. VMs
2 VMs need to be made, and dealer site made needs to deploy in those VMs hosted in 2 DIFFERENT Azure datacentres on 2 different hardware racks.
(Availability ZONES)
(required availability sets need to be configured with fault domains and update domains) (ME)

5. Cloud storage
Organization sometimes shares the documents with dealers. (file shares/blob storage)
any electrical materials/handbook documents the dealer requires should be uploaded in Azure and managed, so the data replicates in multiple geographies during failover/downtime (w/tutor)

Dealers can easily use blob URLs and download the material handbook documents after following the authentication steps.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali

6. Load balancing
Bluetim wants the entire solution to have High Availability, and to increase availability of the application and required database
incoming load from various users of the website must be routed across all VM accordingly, to avoid traffic congestion with Az Load Balancers

VMs where the applications are hosted need to be monitored with some kind of monitoring solution (Health Probe) in case of any issues, the faulty VM needs to be repaired and redeployed

7. User traffic management


as the dealer app is internet-facing application, traffic management is KEY
Dealer request will first be received by Azure Traffic Manager, (Firewall subnet and NIC rules) and based on the user geography, they’ll be routed to the site hosted in the nearest Az datacentre.
With this approach, load will be balanced across 2 VMs.

8. Security & connections


for apps/data to connect to on-site/non-cloud environments, HYBRID connections need to configure
the VMs hosted in 2 Az regions (CENTRAL USA and SOUTH India) MUST connect to each other using Vnet Peering to allow resource sharing

9. Monitoring*
Bluetim wants dealer applications, infrastructure and resources to be regularly monitored in cloud for performance and availability

Monitoring solutions like Azure Monitor or Log Analytics* should be used to collect granular performance and utilization of data, activity and diagnostics logs, and notifications from hosted
infrastructure in a regular manner
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Virtual Machines

VM1 for front end/web applications, gateway subnet, firewall, health probe, traffic manager.

VM 2 will have a load balancer, storage account, key vault, OS guest diagnostics,

https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
https://azure.microsoft.com/en-us/global-infrastructure/geographies/?v=17.42n#choose-your-region

alily
cookies12!!!
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Central US VM 1
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
South India VM 1

Has similar config to US VM

VMs have machine scale set issues

I would like for all my VMs to have Load Balancer.


US and India VM1 should have Traffic Manager and Global Peering

VM2 should have LB too, but don’t require specifications for going online
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Vnets

I’m leaving the IP address space blank to use the default IP address spaces recommended by Microsoft. I’m
passing on IPv6 because I don’t need it for this project.

US and Indian Vnets.


currently I am unable to choose a NAT Gateway.
Web Tier subnet will use Azure AD, MS Web and maybe MS Storage

Cannot fully setup the 3 subnets as I don’t know what subnet address ranges I can
use.

Same problem when I want to enable Bastion Host and Firewall as part of Vnet
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
South India Vnet will have same spec as Central US.

Both Vnets are set up. Hopefully I can add to it after launch.

Next step is Vnet Peerings.

UPDATE: I have added a NAT gateway to the South India Vnet.


Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali

I don’t know where to get resource ID, and it’s unclear


which Vnet it’s in reference too

For some reason I can only add one peering from a Vnet, and the other Vnet
cannot establish its own peering back.
So I may have to make a second Vnet as a in-between for Central US and
South India. Either East US, Western Asia/India.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
to ensure that the method I was taught is correct, I’ll try peering East US and West US.

East and West US both have default Azure configurations.

I cannot make a VM for West US for reasons. So I’ll try linking East US with Central US.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
UPDATE 1: I deleted IndiatoUS peering as it was causing confusion with peering.
and now Central US is peered with East US.
However East US cannot peer with Central US?

UPDATE 2: for Vnet peerings to work on both sides, you MUST use the same name.
both Vnets are available and peered to each other.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
I managed to ping across VMs but I had to temporarily
disable the firewall to do so.

I’ll have to check up on their NIC features and configure


security protocols.

UPDATE 1: East US, C.US and S.India have NSGs,


firewall subnets, GW subnets and peerings.

But I don’t think the NSG is configured properly?


What are my next steps?
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
UPDATE 2: I enabled IIS web server roles on my
VMs
also I think I have too many resource groups?

File path for web applications to upload to Azure


network from via Visual Studio.

File path on local network


C:\Users\shah\source\repos

File path in VMs


C:\inetpub\wwwroot

For practice I’m going to make one web application


through Visual Studio, and one web application on the
Azure portal.
And I’m going to do the same for creating the
databases and any other important features for my
Vnets.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali

I made a default web application from Visual Studio to upload onto central US VM.
it is published and works when started.
1. https://docs.microsoft.com/en-gb/azure/app-service/quickstart-dotnetcore?tabs=net60&pivots=development-environment-vs#launch-the-publish-wizard?utm_source=aspnet-start-
page&utm_campaign=vside
2. https://docs.microsoft.com/en-gb/archive/blogs/waws/azure-web-apps-error-403-this-web-app-is-stopped
3. https://www.youtube.com/watch?v=LrNcvyXCp-o
4. https://docs.microsoft.com/en-us/azure/app-service/environment/using
5. https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

On the VMs IIS manager web apps can be uploaded onto Azure and run. (INETMGR)
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
https://www.youtube.com/watch?v=LrNcvyXCp-o
(7:38)

unable to install NuGet applications.


maybe if i deselect Nuget DB will officialise and
connect to Azure?
Yes it does. How important is NuGet anyway?

Web app, SQL server and DB created and uploaded


onto Azure App Services.
Next step: create DB table and populate.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
South India web application

I’m making a static web app because that’s what closest sounding option to web
application is. And it’s in East Asia because that’s the closest region/site/area to South
India.

UPDATE: I made the web app on the India Vnet and then made a similar HTML text
file on the India VM and made a application to access on INETMGR
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Firewall & DNS server & NSG
Before setting up my firewall subnet and configuring the firewall, I assigned a PIP for the
NIC for the VMs in my 3 regions, so that I could enable ICMP in and out of the firewalls
so that I can FINALLY ping from VMs safely.

I would like FORCED TUNNELLING, but I don’t know how to choose the right
specification for the FW subnet as the IPs overlap

Both Central US and South India have Firewall subnets and PIPs, however only South India has a working firewall.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Storage Account

1 storage account made for central US. On NEW Private Endpoint in GWsubnet.
FILE STORAGE

2 need SAS connection string for key vault

3 MS Storage Explorer
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
Application Gateway

For some reason I cannot make a App Gateway for either of my Vnets
due to subnet configuration and firewall rules.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali

Traffic Manager

US TM endpoint - http://23.99.198.40/lysa/
US DNS TM - http://tmtutur.trafficmanager.net

India TM endpoint - http://20.219.121.133/indiasite/


India DNS TM - http://lysatm.trafficmanager.net

I’ve made 2 Traffic managers in both US and Indian regions with endpoints for both region’s web apps so that the networks can communicate with
each other for availability of web apps.
The next step is to configure routing methods.
Microsoft Azure Administrator Certification Project (AZ-104)
Lysa Ali
1. INSTALLING IIS Servers for web apps in VMs
a. Go into VM and add features/services
b. 1 IIS holds 10 websites

c. Open INESTMGR to make web apps and hold in root directory to

2. Deploy website on Az Portal

You might also like