9.

Create a subnet with the following settings (leave others with their default values):

Setting Value
Name subnet1
Address range (CIDR block) 10.40.1.0/24
Network security group None
Route table None

10. Click Save

Task 2: Deploy virtual machines into the virtual network

In this task, you will deploy Azure virtual machines into different subnets of the virtual
network by using an ARM template

1. In the Azure portal, open the Azure Cloud Shell by clicking on the icon in the top
right of the Azure Portal.

2. If prompted to select either Bash or PowerShell, select PowerShell.

If this is the first time you are starting Cloud Shell and you are presented with
the You have no storage mounted message, select the subscription you are
using in this lab, and click Create storage.

3. In the toolbar of the Cloud Shell pane, click the Upload/Download files icon, in
the drop-down menu, click Upload. Upload F:\Allfiles\Labs\04\az104-04-vms-loop-
template.json and F:\Allfiles\Labs\04\az104-04-vms-loop-parameters.json into the
Cloud Shell home directory.

You must upload each file separately. After uploading, use dir to ensure both
files were successfully uploaded.

4. From the Cloud Shell pane, run the following to deploy two virtual machines by
using the template and parameter files:

You will be prompted to provide an Admin password.

powershell
$rgName = 'az104-04-rg1'

New-AzResourceGroupDeployment `
-ResourceGroupName $rgName `
-TemplateFile $HOME/az104-04-vms-loop-template.json `
-TemplateParameterFile $HOME/az104-04-vms-loop-parameters.json
 This method of deploying ARM templates uses Azure PowerShell. You can
perform the same task by running the equivalent Azure CLI command az
deployment create (for more information, refer to Deploy resources with
Resource Manager templates and Azure CLI.

Wait for the deployment to complete before proceeding to the next task. This
should take about 2 minutes.

If you got an error stating the VM size is not available please ask your
instructor for assistance and try these steps:

1. Click on the {} button in your CloudShell, select the az104-04-vms-

loop-parameters.json from the left hand side bar and take a note of the
vmSize parameter value.
2. Check the location in which the 'az104-04-rg1' resource group is
deployed. You can run az group show -n az104-04-rg1 --query
location in your CloudShell to get it.
3. Run az vm list-skus --location <Replace with your
location> -o table --query "[?
contains(name,'Standard_D2s')].name" in your CloudShell. If
there are no listed SKUs (i.e. there are no results), then you cannot
deploy any D2S virtual machines in that region. You will need to find a
region that will allow you to deploy D2S virtual machines. Once you
have chosen a suitable location, delete the AZ104-04-rg1 resource
group and restart the lab.
4. Replace the value of vmSize parameter with one of the values returned
by the command you just run.
5. Now redeploy your templates by running the New-
AzResourceGroupDeployment command again. You can press the up
button a few times which would bring the last executed command.

5. Close the Cloud Shell pane.

Task 3: Configure private and public IP addresses of Azure VMs

In this task, you will configure static assignment of public and private IP addresses assigned
to network interfaces of Azure virtual machines.

Private and public IP addresses are actually assigned to the network interfaces, which, in turn
are attached to Azure virtual machines, however, it is fairly common to refer to IP addresses
assigned to Azure VMs instead.

1. In the Azure portal, search for and select Resource groups, and, on the Resource
groups blade, click az104-04-rg1.

2. On the az104-04-rg1 resource group blade, in the list of its resources, click
az104-04-vnet1.
3. On the az104-04-vnet1 virtual network blade, review the Connected devices
section and verify that there are two network interfaces az104-04-nic0 and az104-04-
nic1 attached to the virtual network.

4. Click az104-04-nic0 and, on the az104-04-nic0 blade, click IP configurations.

Verify that ipconfig1 is currently set up with a dynamic private IP address.

5. In the list IP configurations, click ipconfig1.

6. On the ipconfig1 blade, in the Public IP address settings section, select

Associate, click + Create new, specify the following settings, and click OK:

Setting Value
Name az104-04-pip0
SKU Standard

7. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP
address set to 10.40.0.4.

8. Back on the ipconfig1 blade, save the changes. Make sure to wait for the save
operation to complete before you proceed to the next step.

9. Navigate back to the az104-04-vnet1 blade

10. Click az104-04-nic1 and, on the az104-04-nic1 blade, click IP configurations.

Verify that ipconfig1 is currently set up with a dynamic private IP address.

11. In the list IP configurations, click ipconfig1.

12. On the ipconfig1 blade, in the Public IP address settings section, select
Associate, click + Create new, specify the following settings, and click OK:

Setting Value
Name az104-04-pip1
SKU Standard

13. On the ipconfig1 blade, set Assignment to Static, leave the default value of IP
address set to 10.40.1.4.
 14. Back on the ipconfig1 blade, save the changes.

15. Navigate back to the az104-04-rg1 resource group blade, in the list of its
resources, click az104-04-vm0, and from the az104-04-vm0 virtual machine blade,
note the public IP address entry.

16. Navigate back to the az104-04-rg1 resource group blade, in the list of its
resources, click az104-04-vm1, and from the az104-04-vm1 virtual machine blade,
note the public IP address entry.

You will need both IP addresses in the last task of this lab.

Task 4: Configure network security groups

In this task, you will configure network security groups in order to allow for restricted
connectivity to Azure virtual machines.

1. In the Azure portal, navigate back to the az104-04-rg1 resource group blade, and
in the list of its resources, click az104-04-vm0.

2. On the az104-04-vm0 overview blade, click Connect, click RDP in the drop-
down menu, on the Connect with RDP blade, click Download RDP File using the
Public IP address and follow the prompts to start the Remote Desktop session.

If you receive an error Failed to start deployment, click the X to close the
Notification and proceed in Step 2 by selecting Download RDP File. This
will not negatively affect lab completion.

3. Note that the connection attempt fails.

This is expected, because public IP addresses of the Standard SKU, by default,

require that the network interfaces to which they are assigned are protected by
a network security group. In order to allow Remote Desktop connections, you
will create a network security group explicitly allowing inbound RDP traffic
from Internet and assign it to network interfaces of both virtual machines.

4. Stop the az104-04-vm0 and az104-04-vm1 virtual machines.

This is done for lab expediency. If the virtual machines are running when a
network security group is attached to their network interface, it can can take
over 30 minutes for the attachment to take effect. Once the network security
 group has been created and attached, the virtual machines will be restarted, and
the attachment will be in effect immediately.

5. In the Azure portal, search for and select Network security groups, and, on the
Network security groups blade, click + Create.

6. Create a network security group with the following settings (leave others with
their default values):

Setting Value
Subscription the name of the Azure subscription you are using in this lab
Resource
az104-04-rg1
Group
Name az104-04-nsg01
the name of the Azure region where you deployed all other resources
Region
in this lab

7. Click Review and Create. Let validation occur, and hit Create to submit your
deployment.

Wait for the deployment to complete. This should take about 2 minutes.

8. On the deployment blade, click Go to resource to open the az104-04-nsg01

network security group blade.

9. On the az104-04-nsg01 network security group blade, in the Settings section,

click Inbound security rules.

10. Add an inbound rule with the following settings (leave others with their default
values):

Setting Value
Source Any
Source port ranges *
Destination Any
Service RDP
Action Allow
Priority 300
Name AllowRDPInBound

11. On the az104-04-nsg01 network security group blade, in the Settings section,
click Network interfaces and then click + Associate.
12. Associate the az104-04-nsg01 network security group with the az104-04-nic0 and
az104-04-nic1 network interfaces.

It may take up to 5 minutes for the rules from the newly created Network
Security Group to be applied to the Network Interface Card.

13. Start the az104-04-vm0 and az104-04-vm1 virtual machines.

14. Navigate back to the az104-04-vm0 virtual machine blade.

In the subsequent steps, you will verify that you can successfully connect to
the target virtual machine.

15. On the az104-04-vm0 blade, click Connect, click RDP, on the Connect with
RDP blade, click Download RDP File using the Public IP address and follow the
prompts to start the Remote Desktop session.

This step refers to connecting via Remote Desktop from a Windows computer.
On a Mac, you can use Remote Desktop Client from the Mac App Store and on
Linux computers you can use an open source RDP client software.

You can ignore any warning prompts when connecting to the target virtual
machines.

16. When prompted, sign in with the user and password in the parameters file.

Leave the Remote Desktop session open. You will need it in the next task.