In this chapter, we are going to get our hands dirty and look at how we can implement some of the things we learned around Azure networking, load balancing technologies, and practical management tips.
In this chapter, we are going to cover the following main topics:
The technical requirements before proceeding with this chapter are as follows:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Note
Even though the labs are on GitHub, no GitHub account is required to access the labs.
Follow these steps to download and extract the files:
You have downloaded all the files you need for the labs later in the chapter.
This lab will guide you through creating an Azure virtual network (VNet) with two subnets for implementing segmentation for your network. As part of the exercise, you will explore adding a network security group (NSG) to your deployment to enhance the security of the network. Finally, you will implement domain name system (DNS) for internal and external resolution.
Estimated time: 40 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to explore networking capabilities within Azure, including segmentation. As part of the exercise, you are looking to harden the security of your network to achieve your organization's security requirements by restricting traffic flow using NSGs. As part of your organization's requirements, you must implement DNS resolution services for internal and external queries. You need to ensure that the IP addresses allocated to your systems do not change. Your organization, Contoso, has several virtualized workloads, and you want to explore whether they can be run from Azure container instances using Docker images.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
After working through this lab, you should have a good feel for how networks are implemented within Azure and how we handle both internal and external DNS resolutions for your networks. You have also experienced how VNets handle traffic between subnets within the same VNet. In the next lab, you will explore working with VNet peering and how this extends connectivity between VNets in Azure.
This lab will guide you through creating three VNets within Azure, two in one region and one in another. The purpose of this lab is to explore inter-site connectivity through VNet peering services and confirm that you can emulate on-premises network topologies through the logical networking options available to Azure.
Estimated time: 30 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to emulate existing work networks that have mesh WAN links across offices using Azure. You want to confirm that you can create VNet interconnectivity, that it can span both local and regional connections, and enable similar functionality to what you have today.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
After working through this lab, you should feel confident in routing traffic throughout Azure, both within the same region and across regions. You have hands-on experience working with global scale networking within Azure and should feel confident to emulate similar deployments in your daily role. The next lab will take this a step further and guide you through deploying multi-VNet infrastructure within Azure and using route tables to manage the traffic flow.
This lab will guide you through configuring a hub and spoke network topology, configuring route tables and user-defined routes (UDRs), and you will explore working with layer 4 and layer 7 load balancing solutions within Azure (particularly the Azure Load Balancer service and Application Gateway).
Estimated time: 60 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to extend upon the previous lab and confirm that traffic flow can be restricted to flowing through the hub network. You will use route tables with user-defined routes to implement the services and will validate it works as expected. Additionally, you are concerned about traffic distribution across both layer 4 and 7 load balances. You will be testing Azure Load Balancer and Application Gateway.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
This lab requires eight vCPUs as the default configuration; this can be costly, and you may have a limit on the vCPU count. This can be raised but not if you are using a trial account. The demonstration will allow for single-core VMs too and you should be able to use the Standard_B1s SKU. This lab has helped you build the skills you need to deploy multi-VNet infrastructure within Azure and route traffic accordingly. You have also learned to implement load balancing services and explored how they enable you to create more resilient services.
In this chapter, we explored working with virtual networks on Azure and implementing security features such as NSGs as well as load balancers and Application Gateway. You went through a practical real-world type of scenario that you will likely encounter as an administrator. You should now feel confident in working with networks in Azure and being able to manage traffic flow effectively. It is best practice to remove unused resources to ensure that there are no unexpected costs, even though resources created in this lab do not incur additional costs.
In the next part of the book, we'll cover the monitoring of resources within Azure, leveraging Azure Monitor.
3.144.109.102