Chapter 19: Practice Labs – Configuring and Managing Virtual Networking
In this chapter, we are going to get our hands dirty and look at how we can implement some of the things we learned around Azure networking, load balancing technologies, and practical management tips.
In this chapter, we are going to cover the following main topics:
- Virtual network subnetting lab
- Global peering interconnectivity lab
Technical requirements
The technical requirements before proceeding with this chapter are as follows:
- Access to an Azure subscription with global administrator and billing administrator privileges. If you do not have access to one, you can enroll for a free account: https://azure.microsoft.com/en-in/free/.
- PowerShell 3.6.1 or later versions installed on a PC from which labs can be practiced. Note that many examples can only be followed from a PC. Alternatively, you can also use https://shell.azure.com.
- Installation of the AZ module can be performed by running the following code in an administrative PowerShell session:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
- Download the following ZIP files and extract them somewhere easily accessible to you. If you have done this in previous labs, it is no longer required to perform this step. For assistance in downloading and extracting, we have the following steps for guidance.
Note
Even though the labs are on GitHub, no GitHub account is required to access the labs.
Downloading and extracting files for labs
Follow these steps to download and extract the files:
- Navigate to the following URL and download the archive folder (.zip): https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator/archive/master.zip.
- Depending on the browser you are using, you will likely be presented with different versions of the following dialog. Click Save File and OK at the bottom of the screen:
Figure 19.1 – Downloading files (ZIP)
- Right-click the ZIP file you downloaded, and click Extract All... (on Windows systems):
Figure 19.2 – Extract All (ZIP)
- Navigate to your downloaded folder and follow instructions from the labs when needing files that will be in that folder.
You have downloaded all the files you need for the labs later in the chapter.
Virtual network subnetting lab
This lab will guide you through creating an Azure virtual network (VNet) with two subnets for implementing segmentation for your network. As part of the exercise, you will explore adding a network security group (NSG) to your deployment to enhance the security of the network. Finally, you will implement domain name system (DNS) for internal and external resolution.
Estimated time: 40 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to explore networking capabilities within Azure, including segmentation. As part of the exercise, you are looking to harden the security of your network to achieve your organization's security requirements by restricting traffic flow using NSGs. As part of your organization's requirements, you must implement DNS resolution services for internal and external queries. You need to ensure that the IP addresses allocated to your systems do not change. Your organization, Contoso, has several virtualized workloads, and you want to explore whether they can be run from Azure container instances using Docker images.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
- Task 1: Create the VNet and two subnets
- Task 2: Deploy your VMs
- Task 3: Configure the network interface card (NIC) private and public IPs
- Task 4: Create your NSG and rules
- Task 5: Configure an internal DNS resolution
- Task 6: Configure an external DNS resolution
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
Figure 19.3 – Virtual network subnetting – architecture diagram
After working through this lab, you should have a good feel for how networks are implemented within Azure and how we handle both internal and external DNS resolutions for your networks. You have also experienced how VNets handle traffic between subnets within the same VNet. In the next lab, you will explore working with VNet peering and how this extends connectivity between VNets in Azure.
Global peering interconnectivity Lab
This lab will guide you through creating three VNets within Azure, two in one region and one in another. The purpose of this lab is to explore inter-site connectivity through VNet peering services and confirm that you can emulate on-premises network topologies through the logical networking options available to Azure.
Estimated time: 30 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to emulate existing work networks that have mesh WAN links across offices using Azure. You want to confirm that you can create VNet interconnectivity, that it can span both local and regional connections, and enable similar functionality to what you have today.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
- Task 1: Provision your environment resources (resource group, VNets, and VMs)
- Task 2: Set up VNet peering
- Task 3: Test connectivity
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
Figure 19.4 – Global peering interconnectivity – architecture diagram
After working through this lab, you should feel confident in routing traffic throughout Azure, both within the same region and across regions. You have hands-on experience working with global scale networking within Azure and should feel confident to emulate similar deployments in your daily role. The next lab will take this a step further and guide you through deploying multi-VNet infrastructure within Azure and using route tables to manage the traffic flow.
Traffic management lab
This lab will guide you through configuring a hub and spoke network topology, configuring route tables and user-defined routes (UDRs), and you will explore working with layer 4 and layer 7 load balancing solutions within Azure (particularly the Azure Load Balancer service and Application Gateway).
Estimated time: 60 minutes
Lab method: PowerShell and the Azure portal
Lab scenario: In this lab, you play the role of an administrator who is looking to extend upon the previous lab and confirm that traffic flow can be restricted to flowing through the hub network. You will use route tables with user-defined routes to implement the services and will validate it works as expected. Additionally, you are concerned about traffic distribution across both layer 4 and 7 load balances. You will be testing Azure Load Balancer and Application Gateway.
Visit the following link (Lab URL) to the official Microsoft learning GitHub labs, where you will be guided through each task step by step to achieve the preceding objective.
Lab objectives:
- Task 1: Provision your environment resources (resource group, VNets, and VMs)
- Task 2: Configure your network in a hub-and-spoke topology
- Task 3: Test VNet peering
- Task 4: Configure routing using UDRs
- Task 5: Deploy and configure load balancers
- Task 6: Deploy and configure Application Gateway
Lab architecture diagram:
The following diagram illustrates the different steps involved in the exercise:
Figure 19.5 – Traffic management – architecture diagram
This lab requires eight vCPUs as the default configuration; this can be costly, and you may have a limit on the vCPU count. This can be raised but not if you are using a trial account. The demonstration will allow for single-core VMs too and you should be able to use the Standard_B1s SKU. This lab has helped you build the skills you need to deploy multi-VNet infrastructure within Azure and route traffic accordingly. You have also learned to implement load balancing services and explored how they enable you to create more resilient services.
Summary
In this chapter, we explored working with virtual networks on Azure and implementing security features such as NSGs as well as load balancers and Application Gateway. You went through a practical real-world type of scenario that you will likely encounter as an administrator. You should now feel confident in working with networks in Azure and being able to manage traffic flow effectively. It is best practice to remove unused resources to ensure that there are no unexpected costs, even though resources created in this lab do not incur additional costs.
In the next part of the book, we'll cover the monitoring of resources within Azure, leveraging Azure Monitor.