Scribd
Upload
13 views

Lab11 - Understanding FrontEnd and BackEnd Subnets - Azure

Uploaded by

raj0000kaml
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

Lab11 - Understanding FrontEnd and BackEnd Subnets - Azure

Uploaded by

raj0000kaml
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 95

Cloud Computing - Azure

Lab11– Understanding FrontEnd and BackEnd Subnets - Azure

Virtual networks

A virtual network is a virtual, isolated portion of the Azure public network. Each virtual
network is dedicated to your subscription. Things to consider when deciding whether to
create one virtual network, or multiple virtual networks in a subscription:

 Do any organizational security requirements exist for isolating traffic into separate
virtual networks? You can choose to connect virtual networks or not. If you
connect virtual networks, you can implement a network virtual appliance, such as a
firewall, to control the flow of traffic between the virtual networks. For more
information, see security and connectivity.
 Do any organizational requirements exist for isolating virtual networks into
separate subscriptions or regions?
 A network interface enables a VM to communicate with other resources. Each
network interface has one or more private IP addresses assigned to it. How many
network interfaces and private IP addresses do you require in a virtual network?
There are limitsto the number of network interfaces and private IP addresses that
you can have within a virtual network.
 Do you want to connect the virtual network to another virtual network or on-
premises network? You may choose to connect some virtual networks to each
other or on-premises networks, but not others. For more information,
see connectivity. Each virtual network that you connect to another virtual network,
or on-premises network, must have a unique address space. Each virtual network
has one or more public or private address ranges assigned to its address space. An
address range is specified in classless internet domain routing (CIDR) format, such
as 10.0.0.0/16. Learn more about address ranges for virtual networks.
 Do you have any organizational administration requirements for resources in
different virtual networks? If so, you might separate resources into separate virtual
network to simplify permission assignment to individuals in your organization or to
assign different policies to different virtual networks.

Page 1 of 95
Cloud Computing - Azure

 When you deploy some Azure service resources into a virtual network, they create
their own virtual network. To determine whether an Azure service creates its own
virtual network, see information for each Azure service that can be deployed into a
virtual network.

Subnets

A virtual network can be segmented into one or more subnets up to the limits. Things to
consider when deciding whether to create one subnet, or multiple virtual networks in a
subscription:

 Each subnet must have a unique address range, specified in CIDR format, within
the address space of the virtual network. The address range cannot overlap with
other subnets in the virtual network.
 If you plan to deploy some Azure service resources into a virtual network, they may
require, or create, their own subnet, so there must be enough unallocated space
for them to do so. To determine whether an Azure service creates its own subnet,
see information for each Azure service that can be deployed into a virtual network.
For example, if you connect a virtual network to an on-premises network using an
Azure VPN Gateway, the virtual network must have a dedicated subnet for the
gateway. Learn more about gateway subnets.
 Azure routes network traffic between all subnets in a virtual network, by default.
You can override Azure's default routing to prevent Azure routing between
subnets, or to route traffic between subnets through a network virtual appliance,
for example. If you require that traffic between resources in the same virtual
network flow through a network virtual appliance (NVA), deploy the resources to
different subnets. Learn more in security.
 You can limit access to Azure resources such as an Azure storage account or Azure
SQL database, to specific subnets with a virtual network service endpoint. Further,
you can deny access to the resources from the internet. You may create multiple
subnets, and enable a service endpoint for some subnets, but not others. Learn
more about service endpoints, and the Azure resources you can enable them for.
 You can associate zero or one network security group to each subnet in a virtual
network. You can associate the same, or a different, network security group to each
subnet. Each network security group contains rules, which allow or deny traffic to
and from sources and destinations. Learn more about network security groups.

Page 2 of 95
Cloud Computing - Azure

Topology

Page 3 of 95
Cloud Computing - Azure

In Azure portal, click “Resource groups”.

Page 4 of 95
Cloud Computing - Azure

In “Resource groups” click “Add”.

Page 5 of 95
Cloud Computing - Azure

While create “Resource group” as type “Resource group name” as “SansboundAzureClass”.

Page 6 of 95
Cloud Computing - Azure

Click on “Virtual networks” in left side panel.

Page 7 of 95
Cloud Computing - Azure

Click “Add”.

Page 8 of 95
Cloud Computing - Azure

While creating virtual network,

Type “Virtual network name” as “SANS-VNET”.

Type “Address space” as 10.0.0.0/16

Select “Subscription” as “Free Trial”.

In “Resource group”, select “SansboundAzureClass”.

Select “Location” as “South India”.

In “Subnet” type Subnet name as “FrontEnd-Subnet”.

In “Address range” type “10.0.1.0/24”.

Page 9 of 95
Cloud Computing - Azure

Click “Create”.

Page 10 of 95
Cloud Computing - Azure

In “Virtual networks”, click on “SANS-VNET”.

Page 11 of 95
Cloud Computing - Azure

In “SANS-VNET” click on “Subnets”.

In “FrontEnd-Subnet” we are able to see address range as 10.0.1.0/24.

Page 12 of 95
Cloud Computing - Azure

In “Subnets”

Click “Subnet” to add additional subnet.

Page 13 of 95
Cloud Computing - Azure

While “Add subnet”.

Type “Subnet name” as “BackEnd-Subnet”.

Type “Address range” as “10.0.2.0/24”.

Page 14 of 95
Cloud Computing - Azure

Click “Ok”.

Page 15 of 95
Cloud Computing - Azure

In “Subnets”.

You have created “FrontEnd-Subnet” and “BackEndSubnet”.

Page 16 of 95
Cloud Computing - Azure

Click in “Virtual machines” left side of the panel.

Page 17 of 95
Cloud Computing - Azure

In “Virtual machines”,

Click “Add”.

Page 18 of 95
Cloud Computing - Azure

While creating “Virtual machine” select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

In “Virtual machine name” as “WindowsVM-Azure”.

Select “Region” as “South India”.

Select “Image” as “Windows Server 2008 R2 SP1”.

Change “VM Size” as “Standard B1s”.

Page 19 of 95
Cloud Computing - Azure

In “Administrator Account”

Type “username” as “sansbound”.

Type “password” for Windows Server 2008 R2.

Page 20 of 95
Cloud Computing - Azure

In “Save Money”.

Click “Yes” for already have a windows license.

In “Confirmation” need to check.

Click “Next : Disks >”.

Page 21 of 95
Cloud Computing - Azure

In “Disks”,

Click “Next : Networking >”.

Page 22 of 95
Cloud Computing - Azure

In “Networking”

Ensure that “Virtual network” as “SANS-VNET”.

Ensure that “FrontEnd-Subnet” subnet is selected, because this subnet only will be accessible from
public network.

In “NIC network security group” as “None”.

Page 23 of 95
Cloud Computing - Azure

In “Management”

Click “Next : Guest config >”.

Page 24 of 95
Cloud Computing - Azure

In “Guest config”.

Click “Next : Tags >”.

Page 25 of 95
Cloud Computing - Azure

In “Tags”.

Click “Review + create”.

Page 26 of 95
Cloud Computing - Azure

Click “Create”.

Page 27 of 95
Cloud Computing - Azure

Click “Virutal machine”.

Page 28 of 95
Cloud Computing - Azure

Click “Add” to create new virtual machine in BackEnd-Subnet which is not publicly available.

Page 29 of 95
Cloud Computing - Azure

While create Virtual machine,

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

Type “Virtual machine name” as “UbuntuVM-Azure”.

Select “Region” as “South India”.

Select “Image” as “Ubuntu Server 18.04 LTS”.

Change “VM Size” as “Standard B1s”.

Page 30 of 95
Cloud Computing - Azure

In “Administrator Account” click “Authentication type” as “Password”.

Page 31 of 95
Cloud Computing - Azure

Click “Next : Disks >”.

Page 32 of 95
Cloud Computing - Azure

In “Networking”,

In “Virtual network” select as “SANS-VNET”.

In “Subnet” as “BackEnd-Subnet” because this subnet would not be accessible from public network.

Page 33 of 95
Cloud Computing - Azure

Click “Next : Management >”.

Page 34 of 95
Cloud Computing - Azure

In “Management”.

Click “Next : Guest config >”.

Page 35 of 95
Cloud Computing - Azure

In “Guest config”

Click “Next : Tags >”.

Page 36 of 95
Cloud Computing - Azure

In “Tags”.

Click “Review + create”.

Page 37 of 95
Cloud Computing - Azure

Click “Create”.

Page 38 of 95
Cloud Computing - Azure

Click “All services” in dashboard (left side panel).

In “Networking”.

Click “Network security groups”.

Page 39 of 95
Cloud Computing - Azure

In “Network security groups”.

Click “Add”.

Page 40 of 95
Cloud Computing - Azure

While creating “Network Security Group” it requires,

Name “FrontEnd-NSG”.

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

Select “Location” as “South India”.

Page 41 of 95
Cloud Computing - Azure

Click “Create”.

Page 42 of 95
Cloud Computing - Azure

In “Network security groups” click “Refresh” to view the newly created “Network Security Group”

Click “Network Security groups” named as “FrontEnd-NSG”.

Page 43 of 95
Cloud Computing - Azure

In “Inbound security rules”

You are able to see three rules created by default. In “Inbound security rules” all inbound rule
has been denied due to “DenyAllInbound” from outside.

Click “Add”.

Page 44 of 95
Cloud Computing - Azure

While “Add inbound security rule”,

In “Source” as “Any”.

In “Source port ranges” as “*” to allow from All sources.

In “Destination” as “Any”.

In “Destination port ranges” as “3389” (To Allow RDP port to access the server through remotely).

“Protocol” click on “TCP”.

“Action” as “Allow”.

“Priority” as “100”. (Lowest priority rule will be applied first)”.

Type Rule “Name” as “AllowRDP”.

Page 45 of 95
Cloud Computing - Azure

Click “Add”.

Page 46 of 95
Cloud Computing - Azure

In “FrontEnd-NSG”,

Click “Subnets”.

Page 47 of 95
Cloud Computing - Azure

In “FrontEnd-NSG – Subnets”.

Click “Associate”.

Page 48 of 95
Cloud Computing - Azure

While “Associate subnet”

Click on “Choose a virtual network”.

Page 49 of 95
Cloud Computing - Azure

Click on “SANS-VNET” to select the Virtual network for the Network Security Group.

Page 50 of 95
Cloud Computing - Azure

You have required to click on “FrontEnd-Subnet”, because we have required to access the Virtual
machines through public from this subnet 10.0.1.0/24.

Page 51 of 95
Cloud Computing - Azure

Ensure that “Virtual network” as “SANS-VNET”.

Ensure that “Subnet” as “FrontEnd-Subnet”.

Click ”Ok”.

Page 52 of 95
Cloud Computing - Azure

In “FrontEnd-NSG” we have associated FrontEnd-Subnet.

Page 53 of 95
Cloud Computing - Azure

Click on “Network security groups”.

Page 54 of 95
Cloud Computing - Azure

In “Network Security groups”.

Click “Add”.

Page 55 of 95
Cloud Computing - Azure

While creating “Network security group”

It requires “Name” type as “BackEnd-NSG”.

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

Select “Region” as “South India”.

Page 56 of 95
Cloud Computing - Azure

Click ”Create”.

Page 57 of 95
Cloud Computing - Azure

In “Network security groups” click “Refresh” to view newly created network security groups.

Click on “BackEnd-NSG”.

Page 58 of 95
Cloud Computing - Azure

In “Network Security groups”.

In “BackEnd-NSG”.

Click “Inbound security rules”.

Page 59 of 95
Cloud Computing - Azure

Click “Add”.

Page 60 of 95
Cloud Computing - Azure

While add “Inbound security rule”.

Select the “Source” as “IP address” and type the Subnet / IP address (10.0.1.0/24) as Source IP address
where you are going to connect SSH.

Select “Destination” as “IP address” and type the Subnet / IP address (10.0.2.0/24) as Destination IP
address which you have required to access.

Type “Destination port ranges” as “22”.

Protocol “TCP”.

Click “Allow”.

In “Priority”, type as 100 (lowest priority rule apply first).

Name as “AllowSSH”.

Page 61 of 95
Cloud Computing - Azure

Click “Add” to create the Network Security Group for BackEnd-Subnet.

Page 62 of 95
Cloud Computing - Azure

You are able to see that inbound rule with priority “100” has been created for “BackEnd-Subnet”.

Page 63 of 95
Cloud Computing - Azure

Click “Subnets”.

Page 64 of 95
Cloud Computing - Azure

Click “Associate” to associate the subnet to “Network Security Group”.

Page 65 of 95
Cloud Computing - Azure

While “Associate subnet” click on “Choose a virtual network” to select “Virtual Network”.

Page 66 of 95
Cloud Computing - Azure

Click on “SANS-VNET”.

Page 67 of 95
Cloud Computing - Azure

We have required to click on “BackEnd-Subnet”.

Page 68 of 95
Cloud Computing - Azure

Click “Ok”.

Page 69 of 95
Cloud Computing - Azure

In “BackEnd-NSG – Subnets”.

You are able to see that “BackEnd-Subnet” has been associated with “BackEnd-NSG” network security
group.

Page 70 of 95
Cloud Computing - Azure

Click on “Virtual machines” in left side panel.

Page 71 of 95
Cloud Computing - Azure

Click on ”WindowsVM-Azure”.

Page 72 of 95
Cloud Computing - Azure

Kindly note the public IP address of Windows Virtual machine which belongs to Front End network
(Publicly accessible).

Page 73 of 95
Cloud Computing - Azure

Type “mstsc” in your local machine, and type the Public IP address of the Windows Server 2008 R2.

Click “Connect”.

Page 74 of 95
Cloud Computing - Azure

Type username as “sansbound” and password which you have provided in Azure portal while create
Windows virtual machine.

Click “Ok”.

Page 75 of 95
Cloud Computing - Azure

Click “Yes”.

Page 76 of 95
Cloud Computing - Azure

You have successfully logged on to “Windows 2008 R2 Server”, in command prompt type “ipconfig” and
press “Enter”.

Page 77 of 95
Cloud Computing - Azure

Click on “Virtual machines” in top.

Page 78 of 95
Cloud Computing - Azure

Click on “UbuntuVM-Azure” virtual machine.

Page 79 of 95
Cloud Computing - Azure

In “UbuntuVM-Azure”.

Click on “Networking”.

Page 80 of 95
Cloud Computing - Azure

In “Networking” you are able to view the Private IP address of Ubuntu as 10.0.2.4

Page 81 of 95
Cloud Computing - Azure

Click “Server manager” icon in task bar.

Page 82 of 95
Cloud Computing - Azure

In “Server manager”, click “Configure IE ESC”.

Page 83 of 95
Cloud Computing - Azure

You have required to set the configuration as “Off“ to Administrators and Users.

Click ”Ok”.

Page 84 of 95
Cloud Computing - Azure

In “Windows Server 2008 R2”,

You have required to download “Putty.exe” for access the Ubuntu through SSH.

Run the putty setup.

Click “Next” to continue.

Page 85 of 95
Cloud Computing - Azure

Click “Next”.

Page 86 of 95
Cloud Computing - Azure

Click “Install”.

Page 87 of 95
Cloud Computing - Azure

Click “Finish”.

Page 88 of 95
Cloud Computing - Azure

In “Start” you are able to see the “putty.exe” click it.

Page 89 of 95
Cloud Computing - Azure

In Putty, Private IP address of as “10.0.2.4” Ubuntu Server which belongs to BackEnd-Subnet


(10.0.2.0/24).

Click “Open” to connect to Ubuntu.

Page 90 of 95
Cloud Computing - Azure

Click “Yes”.

Page 91 of 95
Cloud Computing - Azure

Type username of Ubuntu server as “sansbound”and press “Enter”.

Page 92 of 95
Cloud Computing - Azure

And type password for Ubuntu server and press “Enter”.

Page 93 of 95
Cloud Computing - Azure

You have logged on successfully to Ubuntu VM by using BackEnd-Subnet (10.0.2.0/24) from


“WindowsVM-Azure” virtual machine which belongs to FrontEnd-Subnet (10.0.1.0/24).

Page 94 of 95
Cloud Computing - Azure

In “Ubuntu VM” SSH, type “sudo –i” to login as root user.

Now, we have understood the FrontEnd & BackEnd subnets briefly.

Page 95 of 95

You might also like