The Goal of this lab is to create a VNET Network =10.0.0.0/16 ; then inside of it I will create three Subnets as follow
Public Subnet 1 = 10.0.1.0/24
Private Subnet 2= 10.0.2.0/24
Public Subnet 3 = 10.0.3.0/24
Then we will bootup a Windows 2019 server on Subnet1 and Subnet 3 and we call it VAWebserver1 and VAWebserver3 ; then we will install IIS ( Web server) and we will create a single home page called it index.html and we will make sure after all is finished we will be able to see the content of it from outside world.
Step 1) Login into Azure Portal ; then created a Resource group called “ResourcegroupWebserver”
Step 2) Go on Top and search for VNET ( this is similar to AWS called VPC) and create a VNET=10.0.0.0/16 in VA (us-east)
Step 3) VNET name =VAVnet10.0.0.0-16
Step 4) on Ip address tab ; lets delete what is there and the create a new VNET=10.0.0.0/16
and delate Default Subnet and create these subnet
Public Subnet 1 = 10.0.1.0/24
Private Subnet 2= 10.0.2.0/24
Public Subnet 3 = 10.0.3.0/24
We will not be using Service (This is similar to Amazon AWS S3 Enpoint = https://asmed.com/amazon-aws-s3-vpc-endpoint/)
As you see when you create above subnet we will have 251 available since 5 Ip address are reserved for : 10.0.3.0 – 10.0.3.255 (251 + 5 Azure reserved addresses)
The reserved Ip address is 10.0.3.0 Network ID
10.0.3.1 Router IP address
10.0.3.2 DNS IP address
10.0.3.3 Reserved for future use
10.0.3.255 Broadcast IP address
Step 5) On Security tab leave as default
Step 6) On tag tab ; nothing ; click next and review and create it.
Step 7) When you go to top and click on VNET ; you will see it and also on left side you will see all your Subnet ( as you see on the right side we do not have any security group associate in here ; later on I will do Lab on Security group that can be associated for Subnet and Interface.
Step 8) Now I go on top and add Some VM ;
Name =VAWebserver1
Region=USEast
Infrastructure =none
Image =windows 2019
Username=HamedMoghaddam
Password=Pa$w0rd12345
Subnet= 10.0.1.0/24
Security = RDP (port 3389)
Disk =default
Network = 10.0.0.0/16
Subnet =10.0.1.0/24
Network Secuity group=basic
Public inbound port=3389
Load balancing =None
Step 9) On Management tab (all default Value)
Step 10) Advanced Tab= All Default
Step 11) Tags =None
Step 12) Review and Create it.
Step 13) When you created VM ; it will create all these resources : ( Go to all Resources)
vawebserver1942 Microsoft.Network/networkInterfaces
VAWebserver1-nsg Microsoft.Network/networkSecurityGroups
VAWebserver1-ip Microsoft.Network/publicIpAddresses
Disk VAWebserver1_disk1_5c7892156b194f1fb2da2fc61d4c4a95
VAWebserver1 Virtual machine
Step 14) I will go to VM ; then I will try to RDP and I will install IIS (from Server manger ) then I will go c:\inetpub\wwwroot I will create a new file called index.html
Then put this content inside of it
This is VAwebserver1
Step 15) Since my file name extension is hidden; I need to go to search box and type Folder options ; then go to View then make sure(hidden file extension is not checked) then make sure rename file from index.html.txt to index.html
Now I can go inside the VM machine and test my websites; by typing Localhost and I should be able to see my websites ; but when I go to my laptop and paste the Public IP address of VM I will not see content of my wesites ? Why not?
Step 16) I need to go and check the security group for my VM ; the best way go on top and search for “Security group”
Then you will see VAWebserver1-nsg go there then you will see inbound rules only allowing RDP ; so I need to allow the http access ; after allowing I will test it from my laptop and I will be able to see the content of Websites
Step 17) Click Add ; then allow port 80 (TCP) from any source to any destination and name it http; save it and then test it.
Step 18) Now when I go back to Security group ; I will see on top this Security group is associated to interface , not subnets ; now I go to Public Subnet 10.0.3.0/24 and associate it ; so any VM bootup in this subnets will have RDP and Http.
Step 19) I will do another lab ; which shows what is difference when security group is associated to interface or Subnets
Step 20) Now I will do same concept as before ; that is I will bootup another VM on PublicSubnet10.0.3.0 and I will give the name =VAWebserver3 ; I will install IIS and created an inde.html as follow
This is VA Webserver3
Step 21) after all is finished I make sure when I go to Public IP address of VA Webserver3 ; I will be able to see content of above page.
Name=VAWebserver3
On Portal We will see this :
Inbound port rules
Select which virtual machine network ports are accessible from the public internet. You can specify more limited or granular network access on the Networking tab.
Publicinboundport=NO
Disk=Default Value
On networking tab we will do as follow
Pick VNET =10.0.0.0/16
Subent = 10.0.3.0/24
Network Security group= None
Then you will see :
The selected subnet ‘PublicSubne10.0.3.0-24 (10.0.3.0/24)’ is already associated to a network security group ‘VAWebserver1-nsg’. We recommend managing connectivity to this virtual machine via the existing network security group instead of creating a new one here.
Since I have a security associate with 10.0.3.0/24 ( which has RDP and Http) I do not need to do anything in here.
Step 22 ) on management tab ;advanced tab and Tag tab just pick default ; then click review and create it.
Step 23) Now it will create these resources and we will see that VM will be using the security group that we had associated with it.
VAWebserver3-ip Public IP address
vawebserver3425 Network interface
Disk VAWebserver3_disk1_4c7400e691734ebaa67e04250af1e551
VAWebserver3 Virtual machine
Step 24) If you go to VAWebserver3 >Networking then on right side you will see it is allowing RDP and Http to this VM
Step 25) Now I will RDP to VM and install IIS and then create index.html and test it and make sure it is working good
This is VA Webserver3
Step 26) Seated at VAWebserver1 when I try to ping 10.0.3.4 (Ip address of VAWebserver3) as we see it does not work? Why since my security group is not allowing ICMP ; so lets modify security group to allow ICMP
Step 27) When I go back and check the ping; I will see it does not work ? Since Microsoft has its own Firewall ; so go to VM VAserver3 and go to control panel and disable the firewall .