TP2- Virtual Networks

Task 1:
1. Open the Azure Cloud Shell by clicking on the icon in the top right of the Azure Portal.
Select PowerShell. (Note that you have to click Create storage, if you are starting Cloud
Shell the first time). Click the Upload files icon to upload the following files into the
Cloud Shell home directory. The Parameters and Template files:
(http://www.imenemami.com/cloud/tp2/vnetvm-parameters.json)
(http://www.imenemami.com/cloud/tp2/vnetvm-template.json)
The two files define the resources you need to deploy to create three virtual machines,
each into a separate virtual network, with two of them in the same Azure region and the
third one in another Azure region. If you want to change the username and/or password,
you can edit the Parameters file you just uploaded.
2. From the Cloud Shell pane, run the following to create the resource group in the North
Europe region, that will be hosting the lab environment.

$location1 = 'northeurope'
$rgName = 'tp2-rg1'

New-AzResourceGroup -Name $rgName -Location $location1

3. Once you have created the resource group, run the following to create three virtual
machines, each into a separate virtual network, with two of them in the same Azure
region and the third one in another Azure region by using the template and parameter
files you uploaded:

$location2 = 'westeurope'

New-AzResourceGroupDeployment `
-ResourceGroupName $rgName `
-TemplateFile $HOME/vnetvm-template.json `
-TemplateParameterFile $HOME/vnetvm-parameters.json `
-location1 $location1 `
-location2 $location2

4. Once deployment is complete, search in the Azure portal for virtual networks you
created in the previous task and click vnet00.
5. On the vnet00 virtual network blade, in the Settings section, click Peerings and then add
a peering with the following settings (leave others with their default values):
• Peering link name: vnet00_to_vnet01
• Traffic to remote virtual network: Allow (default)
• Traffic forwarded from remote virtual network: Block traffic that originates from
outside this virtual network
• Virtual network gateway: None
 • Peering link name (Remote virtual network): vnet01_to_vnet00
• Virtual network deployment model: Resource manager
• I know my resource ID: unselected
• Virtual network: vnet01
• Traffic to remote virtual network: Allow (default)
• Traffic forwarded from remote virtual network: Block traffic that originates from
outside this virtual network
• Virtual network gateway: None

6. Configure peering vnet00_to_vnet02 by running the following PowerShell commands

from Cloud Shell:

$vnet00 = Get-AzVirtualNetwork -Name 'vnet00' -ResourceGroupName $rgname

$vnet02 = Get-AzVirtualNetwork -Name 'vnet02' -ResourceGroupName $rgname

Add-AzVirtualNetworkPeering -Name 'vnet00_to_vnet02' -VirtualNetwork $vnet00 -

RemoteVirtualNetworkId $vnet02.Id

Add-AzVirtualNetworkPeering -Name 'vnet02_to_vnet00' -VirtualNetwork $vnet02 -

RemoteVirtualNetworkId $vnet00.Id

7. Configure peering vnet01_to_vnet02 by running the following PowerShell commands

from Cloud Shell:

$vnet01 = Get-AzVirtualNetwork -Name 'vnet01' -ResourceGroupName $rgname

Add-AzVirtualNetworkPeering -Name 'vnet01_to_vnet02' -VirtualNetwork $vnet01 -

RemoteVirtualNetworkId $vnet02.Id

Add-AzVirtualNetworkPeering -Name 'vnet02_to_vnet01' -VirtualNetwork $vnet02 -

RemoteVirtualNetworkId $vnet01.Id

8. Once the peering’s status is connected (Check the status in Azure portal), go to the vm00
virtual machine resource and connect into it by choosing the RDP option. Sign in by
using the username and the password from your parameters file. Once connected to the
vm00, right-click the Start button and, in the right-click menu, click Windows
PowerShell (Admin).
9. In the Windows PowerShell console window, run the following to test connectivity to
vm01 (which has the private IP address of 10.51.0.4) over TCP port 3389:

Test-NetConnection -ComputerName 10.51.0.4 -Port 3389 -InformationLevel 'Detailed'

10. Verify that the connection was successful and then run the following to test
connectivity to vm02 (which has the private IP address of 10.52.0.4):
 Test-NetConnection -ComputerName 10.52.0.4 -Port 3389 -InformationLevel
'Detailed'

11. On the vm01 virtual machine blade, connect to the machine by choosing the RDP
option. Sign in by using the username and the password from your parameters file. Once
connected to the vm01, right-click the Start button and, in the right-click menu, click
Windows PowerShell (Admin), run the following to test connectivity to vm02 (which
has the private IP address of 10.52.0.4) over TCP port 3389 and verify that the
connection was successful:

Test-NetConnection -ComputerName 10.52.0.4 -Port 3389 -InformationLevel 'Detailed'

12. Delete the resource group you created throughout the lab by running the following
command within the Cloud Shell pane in the Azure portal (PowerShell session) and then
delete the storage you have created in step 1:

Remove-AzResourceGroup -Name 'tp2-rg1' -Force -AsJob

Task 2:

1. Open the Azure Cloud Shell (PowerShell session) and upload the following files into
the Cloud Shell home directory. The Parameters and Template files:
(http://www.imenemami.com/cloud/tp2/vnetvm-parameters_2.json)
(http://www.imenemami.com/cloud/tp2/vnetvm-template_2.json)
The two files define the resources you need to deploy to create three virtual machines
into the same Azure region. Each of the virtual machines will reside in a separate virtual
network. If you want to change the username and/or password, you can edit the
Parameters file you just uploaded.
2. From the Cloud Shell pane, run the following to create the resource group in the North
Europe region, that will be hosting the lab environment.

$location = 'northeurope'
$rgName = 'tp2-rg2'

New-AzResourceGroup -Name $rgName -Location $location

3. Once you have created the resource group, from the Cloud Shell pane, run the following
to create the three virtual networks and three Azure virtual machines into them by using
the template_2 and parameter_2 files you uploaded:

New-AzResourceGroupDeployment `
-ResourceGroupName $rgName `
-TemplateFile $HOME/vnetvm-template_2.json `
-TemplateParameterFile $HOME/vnetvm-parameters_2.json
4. Once deployment is complete, from the Cloud Shell pane, run the following to install
the Network Watcher extension on the virtual machines deployed in the previous step:

$location = (Get-AzResourceGroup -ResourceGroupName $rgName).location

$vmNames = (Get-AzVM -ResourceGroupName $rgName).Name

foreach ($vmName in $vmNames) {

Set-AzVMExtension `
-ResourceGroupName $rgName `
-Location $location `
-VMName $vmName `
-Name 'networkWatcherAgent' `
-Publisher 'Microsoft.Azure.NetworkWatcher' `
-Type 'NetworkWatcherAgentWindows' `
-TypeHandlerVersion '1.4'
}

5. On the vnet01 blade, select Properties and record the value of the Resource ID property.
6. On the vnet02 blade, select Properties and record the value of the Resource ID property.
7. On the vnet00 virtual network blade, in the Settings section, click Peerings and then add
a peering with the following settings (leave others with their default values):
• Peering link name: vnet00_to_vnet01
• Traffic to remote virtual network: Allow
• Traffic forwarded from remote virtual network: Block traffic that originates from
outside this virtual network
• Virtual network gateway: None
• Peering link name (Remote virtual network): vnet01_to_vnet00
• Virtual network deployment model: Resource manager
• I know my resource ID: enabled
Resource ID: the value of resourceID parameter of vnet01 you recorded earlier in task
20.
• Traffic to remote virtual network: Allow
• Traffic forwarded from remote virtual network: Allow
• Virtual network gateway: None

8. Add another peering with the following settings (leave others with their default values):
• Peering link name: vnet00_to_vnet02
• Traffic to remote virtual network: Allow
• Traffic forwarded from remote virtual network: Block traffic that originates from
outside this virtual network
• Virtual network gateway: None
• Peering link name (Remote virtual network): vnet00_to_vnet02
• Virtual network deployment model: Resource manager
• I know my resource ID: enabled
Resource ID the value of resourceID parameter of vnet02 you recorded earlier in task
21.
• Traffic to remote virtual network: Allow
• Traffic forwarded from remote virtual network: Allow
• Virtual network gateway: None

9. Test now transitivity of virtual network peering by using Network Watcher. In the Azure
portal, search for Network Watcher. On the Network Watcher blade, navigate to the
Connection troubleshoot and initiate a check with the following settings (leave others
with their default values):
• Resource group: tp2-rg2
• Source type: Virtual machine
• Virtual machine: vm00
• Destination: Specify manually
URI, FQDN or IPv4: 10.61.0.4
• Protocol: TCP
• Destination Port: 3389
Verify that the status is Reachable (10.61.0.4 represents the private IP address of vm01).
10. Initiate a check with the following settings (leave others with their default values):
• Resource group: tp2-rg2
• Source type: Virtual machine
• Virtual machine: vm00
• Destination: Specify manually
• URI, FQDN or IPv4: 10.62.0.4
• Protocol: TCP
• Destination Port: 3389
Verify that the status is Reachable (10.62.0.4 represents the private IP address of vm02).
11. Initiate a check with the following settings (leave others with their default values):
• Resource group: tp2-rg2
• Source type: Virtual machine
• Virtual machine: vm01
• Destination: Specify manually
• URI, FQDN or IPv4: 10.62.0.4
• Protocol: TCP
• Destination Port: 3389
Verify that the status is Unreachable since the two virtual networks are not peered with each
other (virtual network peering is not transitive).
Configure routing between the virtual networks (vnet01 and vnet02) by enabling IP
forwarding on the network interface of the vm00 virtual machine, enabling routing within
its operating system, and configuring user-defined routes on the virtual networks.
12. On the vm00 virtual machine blade, in the Settings section, click Networking. Click the
nic0 link next to the Network interface label, and then, on the nic0 network interface
blade, in the Settings section, click IP configurations. Set IP forwarding to Enabled and
save the change.
13. On the vm00 blade, in the Operations section, click Run command, and, in the list of
commands, click RunPowerShellScript. On the Run Command Script blade, type the
following and click Run to install the Remote Access Windows Server role:
Install-WindowsFeature RemoteAccess -IncludeManagementTools
14. Wait for the confirmation that the command completed successfully. Then, type the
following and click Run to install the Routing role service:

Install-WindowsFeature -Name Routing -IncludeManagementTools -

IncludeAllSubFeature

Install-WindowsFeature -Name "RSAT-RemoteAccess-Powershell"

Install-RemoteAccess -VpnType RoutingOnly

Get-NetAdapter | Set-NetIPInterface -Forwarding Enabled

15. Wait for the confirmation that the command completed successfully. Now you need to
create and configure user defined routes on the virtual networks
16. In the Azure portal, search and select Route tables and, on the Route tables blade, create
a route table with the following settings (leave others with their default values):
• Resource group: tp2-rg2
• Location: the name of the Azure region in which you created the virtual networks
• Name: route12
• Propagate gateway routes: No

17. Once the route table created, On the route12 route table blade, in the Settings section,
click Routes, and add a new route with the following settings:
• Route name: route-vnet1-to-vnet2
• Address prefix destination: IP Addresses
• Destination IP addresses/CIDR ranges: 10.62.0.0/22
• Next hop type: Virtual appliance
• Next hop address: 10.60.0.4

18. On the route12 route table blade, in the Settings section, click Subnets, and then
associate the route table route12 with the following subnet:
• Virtual network: vnet01
• Subnet : subnet0

19. Navigate back to Route tables blade and create a route table with the following settings
(leave others with their default values):
• Resource group: tp2-rg2
• Region: The name of the Azure region in which you created the virtual networks
• Name: route21
• Propagate gateway routes: No
20. Once the route table created, On the route21 route table blade, in the Settings section,
click Routes, and add a new route with the following settings:
• Route name: route-vnet2-to-vnet1
• Address prefix destination: IP Addresses
• Destination IP addresses/CIDR ranges: 10.61.0.0/22
• Next hop type Virtual appliance
• Next hop address: 10.60.0.4

21. On the route21 route table blade, in the Settings section, click Subnets, and then
associate the route table route21 with the following subnet:
• Virtual network: vnet02
• Subnet : subnet0

22. Navigate back to the Network Watcher - Connection troubleshoot blade and initiate a
check with the following settings (leave others with their default values):
• Resource group: tp2-rg2
• Source type: Virtual machine
• Virtual machine: vm01
• Destination: Specify manually
• URI, FQDN or IPv4: 10.62.0.4
• Protocol: TCP
• Destination Port: 3389

Verify that the status is Reachable.

23. Delete the resource group you created throughout the lab by running the following
command and then delete the storage you have created in step 1.

Remove-AzResourceGroup -Name 'tp2-rg2' -Force -AsJob