diff --git a/.gitignore b/.gitignore index c9a921bd..0dc72dab 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ ################################################################################ /.vs/ProjectSettings.json +/.vs/slnx.sqlite diff --git a/Allfiles/Demos/01/azuredeploy.json b/Allfiles/Demos/01/azuredeploy.json deleted file mode 100644 index 47c2e209..00000000 --- a/Allfiles/Demos/01/azuredeploy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - }, - "variables": { - }, - "resources": [ - ], - "outputs": { - } - } \ No newline at end of file diff --git a/Allfiles/Labs/01/Starter/azuredeploy.json b/Allfiles/Labs/01/Starter/azuredeploy.json deleted file mode 100644 index 47c2e209..00000000 --- a/Allfiles/Labs/01/Starter/azuredeploy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - }, - "variables": { - }, - "resources": [ - ], - "outputs": { - } - } \ No newline at end of file diff --git a/Allfiles/Labs/01/az104-01a-customRoleDefinition.json b/Allfiles/Labs/01/az104-01a-customRoleDefinition.json new file mode 100644 index 00000000..b57bb515 --- /dev/null +++ b/Allfiles/Labs/01/az104-01a-customRoleDefinition.json @@ -0,0 +1,15 @@ +{ + "Name": "Support Request Contributor (Custom)", + "IsCustom": true, + "Description": "Allows to create support requests", + "Actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "NotActions": [ + ], + "AssignableScopes": [ + "/providers/Microsoft.Management/managementGroups/az104-01-mg1", + "/subscriptions/SUBSCRIPTION_ID" + ] +} \ No newline at end of file diff --git a/Allfiles/Labs/03/az104-03b-md-parameters.json b/Allfiles/Labs/03/az104-03b-md-parameters.json new file mode 100644 index 00000000..d769e8ac --- /dev/null +++ b/Allfiles/Labs/03/az104-03b-md-parameters.json @@ -0,0 +1,21 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "diskName": { + "value": "az104-03a-disk1" + }, + "location": { + "value": "eastus" + }, + "sku": { + "value": "Standard_LRS" + }, + "diskSizeGb": { + "value": "32" + }, + "createOption": { + "value": "empty" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/03/az104-03b-md-template.json b/Allfiles/Labs/03/az104-03b-md-template.json new file mode 100644 index 00000000..3eed07e1 --- /dev/null +++ b/Allfiles/Labs/03/az104-03b-md-template.json @@ -0,0 +1,53 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "diskName": { + "type": "String" + }, + "location": { + "type": "String" + }, + "sku": { + "type": "String" + }, + "diskSizeGb": { + "type": "String" + }, + "sourceResourceId": { + "type": "String" + }, + "sourceUri": { + "type": "String" + }, + "osType": { + "type": "String" + }, + "createOption": { + "type": "String" + }, + "hyperVGeneration": { + "defaultValue": "V1", + "type": "String" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/disks", + "apiVersion": "2019-07-01", + "name": "[parameters('diskName')]", + "location": "[parameters('location')]", + "tags": {}, + "sku": { + "name": "[parameters('sku')]" + }, + "properties": { + "creationData": { + "createOption": "[parameters('createOption')]" + }, + "diskSizeGB": "[parameters('diskSizeGb')]", + "osType": "[parameters('osType')]" + } + } + ] +} \ No newline at end of file diff --git a/Allfiles/Labs/04/az104-04-vms-parameters.json b/Allfiles/Labs/04/az104-04-vms-parameters.json new file mode 100644 index 00000000..fabe43e9 --- /dev/null +++ b/Allfiles/Labs/04/az104-04-vms-parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "value": "Standard_D2s_v3" + }, + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/04/az104-04-vms-template.json b/Allfiles/Labs/04/az104-04-vms-template.json new file mode 100644 index 00000000..13528f94 --- /dev/null +++ b/Allfiles/Labs/04/az104-04-vms-template.json @@ -0,0 +1,226 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "VM size" + } + }, + "vm0Name": { + "type": "string", + "defaultValue": "az104-04-vm0", + "metadata": { + "description": "VM0 name" + } + }, + "vm1Name": { + "type": "string", + "defaultValue": "az104-04-vm1", + "metadata": { + "description": "VM1 name" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "az104-04-vnet1", + "metadata": { + "description": "Virtual network name" + } + } + }, + "variables": { + "vm0Name": "[parameters('vm0Name')]", + "vm1Name": "[parameters('vm1Name')]", + "nic0": "az104-04-nic0", + "nic1": "az104-04-nic1", + "virtualNetworkName": "[parameters('virtualNetworkName')]", + "subnet0Name": "subnet0", + "subnet1Name": "subnet1", + "subnet1Ref": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet0Name'))]", + "subnet2Ref": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet1Name'))]", + "computeApiVersion": "2018-06-01", + "networkApiVersion": "2018-08-01" + }, + "resources": [ + { + "name": "[variables('vm0Name')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "The first VM", + "dependsOn": [ + "[variables('nic0')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vm0Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic0'))]" + } + ] + } + } + }, + { + "name": "[variables('vm1Name')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "The second VM", + "dependsOn": [ + "[variables('nic1')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vm1Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Virtual Network", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "10.40.0.0/22" + ] + }, + "subnets": [ + { + "name": "[variables('subnet0Name')]", + "properties": { + "addressPrefix": "10.40.0.0/24" + } + }, + { + "name": "[variables('subnet1Name')]", + "properties": { + "addressPrefix": "10.40.1.0/24" + } + } + ] + } + }, + { + "name": "[variables('nic0')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnet1Ref')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ] + } + }, + { + "name": "[variables('nic1')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnet2Ref')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ] + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Allfiles/Labs/05/az104-05-vnetvm-parameters.json b/Allfiles/Labs/05/az104-05-vnetvm-parameters.json new file mode 100644 index 00000000..fabe43e9 --- /dev/null +++ b/Allfiles/Labs/05/az104-05-vnetvm-parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "value": "Standard_D2s_v3" + }, + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/05/az104-05-vnetvm-template.json b/Allfiles/Labs/05/az104-05-vnetvm-template.json new file mode 100644 index 00000000..7dd90f45 --- /dev/null +++ b/Allfiles/Labs/05/az104-05-vnetvm-template.json @@ -0,0 +1,183 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "Virtual machine size" + } + }, + "nameSuffix": { + "type": "string", + "allowedValues": [ + "0", + "1", + "2", + ], + "metadata": { + "description": "Naming suffix" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + } + }, + "variables": { + "vmName": "[concat('az104-05-vm',parameters('nameSuffix'))]", + "nicName": "[concat('az104-05-nic',parameters('nameSuffix'))]", + "virtualNetworkName": "[concat('az104-05-vnet',parameters('nameSuffix'))]", + "publicIPAddressName": "[concat('az104-05-pip',parameters('nameSuffix'))]", + "nsgName": "[concat('az104-05-nsg',parameters('nameSuffix'))]", + "vnetIpPrefix": "[concat('10.5',parameters('nameSuffix'),'.0.0/22')]", + "subnetIpPrefix": "[concat('10.5',parameters('nameSuffix'),'.0.0/24')]", + "subnetName": "subnet0", + "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]", + "computeApiVersion": "2018-06-01", + "networkApiVersion": "2018-08-01" + }, + "resources": [ + { + "name": "[variables('vmName')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('nicName')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Virtual Network", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('vnetIpPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetIpPrefix')]" + } + } + ] + } + }, + { + "name": "[variables('nicName')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[variables('publicIpAddressName')]", + "[variables('nsgName')]", + "[variables('virtualNetworkName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic", + "publicIpAddress": { + "id": "[resourceId('Microsoft.Network/publicIpAddresses', variables('publicIpAddressName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('publicIpAddressName')]", + "type": "Microsoft.Network/publicIpAddresses", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Public IP for Primary NIC", + "properties": { + "publicIpAllocationMethod": "Dynamic" + } + }, + { + "name": "[variables('nsgName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for Primary NIC", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Allfiles/Labs/06/az104-06-vm-parameters.json b/Allfiles/Labs/06/az104-06-vm-parameters.json new file mode 100644 index 00000000..fabe43e9 --- /dev/null +++ b/Allfiles/Labs/06/az104-06-vm-parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "value": "Standard_D2s_v3" + }, + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/06/az104-06-vm-template.json b/Allfiles/Labs/06/az104-06-vm-template.json new file mode 100644 index 00000000..1afeef35 --- /dev/null +++ b/Allfiles/Labs/06/az104-06-vm-template.json @@ -0,0 +1,199 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "Virtual machine size" + } + }, + "nameSuffix": { + "type": "string", + "allowedValues": [ + "2", + "3" + ], + "metadata": { + "description": "Naming suffix" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + } + }, + "variables": { + "vmName": "[concat('az104-06-vm',parameters('nameSuffix'))]", + "vmExtensionName": "customScriptExtension", + "nicName": "[concat('az104-06-nic',parameters('nameSuffix'))]", + "virtualNetworkName": "[concat('az104-06-vnet',parameters('nameSuffix'))]", + "nsgName": "[concat('az104-06-nsg',parameters('nameSuffix'))]", + "vnetIpPrefix": "[concat('10.6',parameters('nameSuffix'),'.0.0/22')]", + "subnetIpPrefix": "[concat('10.6',parameters('nameSuffix'),'.0.0/24')]", + "subnetName": "subnet0", + "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]", + "computeApiVersion": "2018-10-01", + "networkApiVersion": "2018-12-01" + }, + "resources": [ + { + "name": "[variables('vmName')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('nicName')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(variables('vmName'), '/', variables('vmExtensionName'))]", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', variables('vmName'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)" + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Virtual Network", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('vnetIpPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetIpPrefix')]" + } + } + ] + } + }, + { + "name": "[variables('nicName')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[variables('nsgName')]", + "[variables('virtualNetworkName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('nsgName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for Primary NIC", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + }, + { + "name": "default-allow-http", + "properties": { + "priority": 1100, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "80", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Allfiles/Labs/06/az104-06-vms-template.json b/Allfiles/Labs/06/az104-06-vms-template.json new file mode 100644 index 00000000..1e7aa85c --- /dev/null +++ b/Allfiles/Labs/06/az104-06-vms-template.json @@ -0,0 +1,309 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "VM size" + } + }, + "vm0Name": { + "type": "string", + "defaultValue": "az104-06-vm0", + "metadata": { + "description": "VM0 name" + } + }, + "vm1Name": { + "type": "string", + "defaultValue": "az104-06-vm1", + "metadata": { + "description": "VM1 name" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "az104-06-vnet01", + "metadata": { + "description": "Virtual network name" + } + } + }, + "variables": { + "vm0Name": "[parameters('vm0Name')]", + "vm1Name": "[parameters('vm1Name')]", + "vmExtensionName": "customScriptExtension", + "nic0": "az104-06-nic0", + "nic1": "az104-06-nic1", + "virtualNetworkName": "[parameters('virtualNetworkName')]", + "nsgName": "az104-06-nsg01", + "subnet0Name": "subnet0", + "subnet1Name": "subnet1", + "subnet1Ref": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet0Name'))]", + "subnet2Ref": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet1Name'))]", + "computeApiVersion": "2018-06-01", + "networkApiVersion": "2018-08-01" + }, + "resources": [ + { + "name": "[variables('vm0Name')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "The first VM", + "dependsOn": [ + "[variables('nic0')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vm0Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic0'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(variables('vm0Name'), '/', variables('vmExtensionName'))]", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', variables('vm0Name'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)" + } + } + }, + { + "name": "[variables('vm1Name')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "The second VM", + "dependsOn": [ + "[variables('nic1')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vm1Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(variables('vm1Name'), '/', variables('vmExtensionName'))]", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[concat('Microsoft.Compute/virtualMachines/', variables('vm1Name'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)" + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Virtual Network", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "10.60.0.0/22" + ] + }, + "subnets": [ + { + "name": "[variables('subnet0Name')]", + "properties": { + "addressPrefix": "10.60.0.0/24" + } + }, + { + "name": "[variables('subnet1Name')]", + "properties": { + "addressPrefix": "10.60.1.0/24" + } + } + ] + } + }, + { + "name": "[variables('nic0')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[variables('nsgName')]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnet1Ref')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('nic1')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[variables('nsgName')]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnet2Ref')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('nsgName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for Primary NIC", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + }, + { + "name": "default-allow-http", + "properties": { + "priority": 1100, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "80", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Allfiles/Labs/07/LICENSE b/Allfiles/Labs/07/LICENSE new file mode 100644 index 00000000..183d56b1 --- /dev/null +++ b/Allfiles/Labs/07/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2018 Microsoft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/Allfiles/Labs/07/az104-07-vm-parameters.json b/Allfiles/Labs/07/az104-07-vm-parameters.json new file mode 100644 index 00000000..fabe43e9 --- /dev/null +++ b/Allfiles/Labs/07/az104-07-vm-parameters.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "value": "Standard_D2s_v3" + }, + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/07/az104-07-vm-template.json b/Allfiles/Labs/07/az104-07-vm-template.json new file mode 100644 index 00000000..e825d274 --- /dev/null +++ b/Allfiles/Labs/07/az104-07-vm-template.json @@ -0,0 +1,172 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "Virtual machine size" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + } + }, + "variables": { + "vmName": "az104-07-vm0", + "nicName": "az104-05-nic0", + "virtualNetworkName": "az104-05-vnet0", + "publicIPAddressName": "az104-05-pip0", + "nsgName": "az104-05-nsg0", + "vnetIpPrefix": "10.70.0.0/22", + "subnetIpPrefix": "10.70.0.0/24", + "subnetName": "subnet0", + "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]", + "computeApiVersion": "2018-06-01", + "networkApiVersion": "2018-08-01" + }, + "resources": [ + { + "name": "[variables('vmName')]", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "[variables('computeApiVersion')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('nicName')]" + ], + "properties": { + "osProfile": { + "computerName": "[variables('vmName')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "windowsConfiguration": { + "provisionVmAgent": "true" + } + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-Datacenter", + "version": "latest" + }, + "osDisk": { + "createOption": "fromImage" + }, + "dataDisks": [] + }, + "networkProfile": { + "networkInterfaces": [ + { + "properties": { + "primary": true + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Virtual Network", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('vnetIpPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetIpPrefix')]" + } + } + ] + } + }, + { + "name": "[variables('nicName')]", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Primary NIC", + "dependsOn": [ + "[variables('publicIpAddressName')]", + "[variables('nsgName')]", + "[variables('virtualNetworkName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic", + "publicIpAddress": { + "id": "[resourceId('Microsoft.Network/publicIpAddresses', variables('publicIpAddressName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('publicIpAddressName')]", + "type": "Microsoft.Network/publicIpAddresses", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Public IP for Primary NIC", + "properties": { + "publicIpAllocationMethod": "Dynamic" + } + }, + { + "name": "[variables('nsgName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for Primary NIC", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/Allfiles/Labs/08/az104-08-configure_VMSS_disks.ps1 b/Allfiles/Labs/08/az104-08-configure_VMSS_disks.ps1 new file mode 100644 index 00000000..9495758e --- /dev/null +++ b/Allfiles/Labs/08/az104-08-configure_VMSS_disks.ps1 @@ -0,0 +1,23 @@ +$rgName = 'az104-08-rg02' +$vmssName = 'az10408vmss0' +$vmss = Get-AzVmss ` + -ResourceGroupName $rgName ` + -VMScaleSetName $vmssName + +$publicSettings = @{ + "fileUris" = (,"https://raw.githubusercontent.com/Azure-Samples/compute-automation-configurations/master/prepare_vm_disks.ps1"); + "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File prepare_vm_disks.ps1" +} + +Add-AzVmssExtension -VirtualMachineScaleSet $vmss ` + -Name "customScript" ` + -Publisher "Microsoft.Compute" ` + -Type "CustomScriptExtension" ` + -TypeHandlerVersion 1.8 ` + -Setting $publicSettings + +# Update the scale set and apply the Custom Script Extension to the VM instances +Update-AzVmss ` + -ResourceGroupName $rgName ` + -Name $vmssName ` + -VirtualMachineScaleSet $vmss \ No newline at end of file diff --git a/Allfiles/Labs/08/az104-08-custom_script_extension.json b/Allfiles/Labs/08/az104-08-custom_script_extension.json new file mode 100644 index 00000000..98a3e32b --- /dev/null +++ b/Allfiles/Labs/08/az104-08-custom_script_extension.json @@ -0,0 +1,18 @@ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "az104-08-vm1/customScriptExtension", + "apiVersion": "2018-06-01", + "location": "[resourceGroup().location]", + "dependsOn": [ + "az104-08-vm1" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $($env:computername)" + } + } + }, \ No newline at end of file diff --git a/Allfiles/Labs/08/az104-08-install_IIS.ps1 b/Allfiles/Labs/08/az104-08-install_IIS.ps1 new file mode 100644 index 00000000..055de7db --- /dev/null +++ b/Allfiles/Labs/08/az104-08-install_IIS.ps1 @@ -0,0 +1,3 @@ +powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools +powershell.exe Remove-Item -Path 'C:\inetpub\wwwroot\iisstart.htm' +powershell.exe Add-Content -Path 'C:\inetpub\wwwroot\iisstart.htm' -Value "$env:computername" \ No newline at end of file diff --git a/Allfiles/Labs/10/az104-10-vms-parameters.json b/Allfiles/Labs/10/az104-10-vms-parameters.json new file mode 100644 index 00000000..09d02a90 --- /dev/null +++ b/Allfiles/Labs/10/az104-10-vms-parameters.json @@ -0,0 +1,45 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + }, + "vmNamePrefix": { + "value": "az104-10-vm" + }, + "nicNamePrefix": { + "value": "az104-10-nic" + }, + "imagePublisher": { + "value": "MicrosoftWindowsServer" + }, + "imageOffer": { + "value": "WindowsServer" + }, + "imageSKU": { + "value": "2019-Datacenter" + }, + "vmSize": { + "value": "Standard_D2s_v3" + }, + "virtualNetworkName": { + "value": "az104-10-vnet" + }, + "addressPrefix": { + "value": "10.0.0.0/24" + }, + "virtualNetworkResourceGroup": { + "value": "az104-10-rg0" + }, + "subnet0Name": { + "value": "subnet0" + }, + "subnet0Prefix": { + "value": "10.0.0.0/26" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/10/az104-10-vms-template.json b/Allfiles/Labs/10/az104-10-vms-template.json new file mode 100644 index 00000000..844a65ef --- /dev/null +++ b/Allfiles/Labs/10/az104-10-vms-template.json @@ -0,0 +1,258 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "vmNamePrefix": { + "type": "string", + "defaultValue": "az104-10-vm", + "metadata": { + "description": "VM name prefix" + } + }, + "pipNamePrefix": { + "type": "string", + "defaultValue": "az104-10-pip", + "metadata": { + "description": "Public IP address name prefix" + } + }, + "nicNamePrefix": { + "type": "string", + "defaultValue": "az104-10-nic", + "metadata": { + "description": "Nic name prefix" + } + }, + "imagePublisher": { + "type": "string", + "defaultValue": "MicrosoftWindowsServer", + "metadata": { + "description": "Image Publisher" + } + }, + "imageOffer": { + "type": "string", + "defaultValue": "WindowsServer", + "metadata": { + "description": "Image Offer" + } + }, + "imageSKU": { + "type": "string", + "defaultValue": "2019-Datacenter", + "allowedValues": [ + "2019-Datacenter", + "2019-Datacenter-Server-Core", + "2019-Datacenter-Server-Core-smalldisk" + ], + "metadata": { + "description": "Image SKU" + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "VM size" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "az104-10-vnet", + "metadata": { + "description": "Virtual network name" + } + }, + "addressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/24", + "metadata": { + "description": "Virtual network address prefix" + } + }, + "virtualNetworkResourceGroup": { + "type": "string", + "defaultValue": "az104-10-rg0", + "metadata": { + "description": "Resource group of the VNet" + } + }, + "subnet0Name": { + "type": "string", + "defaultValue": "subnet0", + "metadata": { + "description": "VNet first subnet name" + } + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "10.0.0.0/26", + "metadata": { + "description": "VNet first subnet prefix" + } + }, + "nsgName": { + "type": "string", + "defaultValue": "az104-10-nsg01", + "metadata": { + "description": "Network security group name" + } + } + }, + "variables": { + "vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]", + "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet0Name'))]", + "numberOfInstances": 2, + "computeAPIVersion": "2018-10-01", + "networkAPIVersion": "2018-12-01" + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(parameters('nicNamePrefix'), copyindex())]", + "apiVersion": "[variables('networkAPIVersion')]", + "location": "[resourceGroup().location]", + "copy": { + "name": "nicLoop", + "count": "[variables('numberOfInstances')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/',parameters('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/',parameters('nsgName'))]", + "pipLoop" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnetRef')]" + }, + "publicIpAddress": { + "id": "[resourceId('Microsoft.Network/publicIpAddresses',concat(parameters('pipNamePrefix'),copyindex()))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[parameters('virtualNetworkName')]", + "apiVersion": "[variables('networkAPIVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]" + } + } + ] + } + }, + { + "type": "Microsoft.Network/publicIpAddresses", + "name": "[concat(parameters('pipNamePrefix'), copyindex())]", + "apiVersion": "[variables('networkApiVersion')]", + "copy": { + "name": "pipLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "properties": { + "publicIpAllocationMethod": "Dynamic" + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[parameters('nsgName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(parameters('vmNamePrefix'), copyindex())]", + "apiVersion": "[variables('computeAPIVersion')]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "dependsOn": [ + "nicLoop" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSKU')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Standard_LRS" + } + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(parameters('nicNamePrefix'),copyindex()))]" + } + ] + } + } + } + ] +} \ No newline at end of file diff --git a/Allfiles/Labs/11/az104-11-vm-parameters.json b/Allfiles/Labs/11/az104-11-vm-parameters.json new file mode 100644 index 00000000..2a4dd894 --- /dev/null +++ b/Allfiles/Labs/11/az104-11-vm-parameters.json @@ -0,0 +1,45 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "value": "Student" + }, + "adminPassword": { + "value": "Pa55w.rd1234" + }, + "vmNamePrefix": { + "value": "az104-11-vm" + }, + "nicNamePrefix": { + "value": "az104-11-nic" + }, + "imagePublisher": { + "value": "MicrosoftWindowsServer" + }, + "imageOffer": { + "value": "WindowsServer" + }, + "imageSKU": { + "value": "2019-Datacenter" + }, + "vmSize": { + "value": "Standard_D2s_v3" + }, + "virtualNetworkName": { + "value": "az104-11-vnet" + }, + "addressPrefix": { + "value": "10.0.0.0/24" + }, + "virtualNetworkResourceGroup": { + "value": "az104-11-rg0" + }, + "subnet0Name": { + "value": "subnet0" + }, + "subnet0Prefix": { + "value": "10.0.0.0/26" + } + } +} \ No newline at end of file diff --git a/Allfiles/Labs/11/az104-11-vm-template.json b/Allfiles/Labs/11/az104-11-vm-template.json new file mode 100644 index 00000000..24c2b506 --- /dev/null +++ b/Allfiles/Labs/11/az104-11-vm-template.json @@ -0,0 +1,279 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password" + } + }, + "vmNamePrefix": { + "type": "string", + "defaultValue": "az104-11-vm", + "metadata": { + "description": "VM name prefix" + } + }, + "pipNamePrefix": { + "type": "string", + "defaultValue": "az104-11-pip", + "metadata": { + "description": "Public IP address name prefix" + } + }, + "nicNamePrefix": { + "type": "string", + "defaultValue": "az104-11-nic", + "metadata": { + "description": "Nic name prefix" + } + }, + "imagePublisher": { + "type": "string", + "defaultValue": "MicrosoftWindowsServer", + "metadata": { + "description": "Image Publisher" + } + }, + "imageOffer": { + "type": "string", + "defaultValue": "WindowsServer", + "metadata": { + "description": "Image Offer" + } + }, + "imageSKU": { + "type": "string", + "defaultValue": "2019-Datacenter", + "allowedValues": [ + "2019-Datacenter", + "2019-Datacenter-Server-Core", + "2019-Datacenter-Server-Core-smalldisk" + ], + "metadata": { + "description": "Image SKU" + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "VM size" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "az104-11-vnet", + "metadata": { + "description": "Virtual network name" + } + }, + "addressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/24", + "metadata": { + "description": "Virtual network address prefix" + } + }, + "virtualNetworkResourceGroup": { + "type": "string", + "defaultValue": "az104-11-rg0", + "metadata": { + "description": "Resource group of the VNet" + } + }, + "subnet0Name": { + "type": "string", + "defaultValue": "subnet0", + "metadata": { + "description": "VNet first subnet name" + } + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "10.0.0.0/26", + "metadata": { + "description": "VNet first subnet prefix" + } + }, + "nsgName": { + "type": "string", + "defaultValue": "az104-11-nsg01", + "metadata": { + "description": "Network security group name" + } + } + }, + "variables": { + "vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]", + "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet0Name'))]", + "storageAccountName": "[concat('az10411', uniqueString(subscription().subscriptionId))]", + "storageAccountType": "Standard_LRS", + "numberOfInstances": 1, + "computeAPIVersion": "2018-10-01", + "networkAPIVersion": "2018-12-01", + "storageAPIVersion": "2019-04-01" + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(parameters('nicNamePrefix'), copyindex())]", + "apiVersion": "[variables('networkAPIVersion')]", + "location": "[resourceGroup().location]", + "copy": { + "name": "nicLoop", + "count": "[variables('numberOfInstances')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/',parameters('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/',parameters('nsgName'))]", + "pipLoop" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnetRef')]" + }, + "publicIpAddress": { + "id": "[resourceId('Microsoft.Network/publicIpAddresses',concat(parameters('pipNamePrefix'),copyindex()))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[parameters('virtualNetworkName')]", + "apiVersion": "[variables('networkAPIVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]" + } + } + ] + } + }, + { + "type": "Microsoft.Network/publicIpAddresses", + "name": "[concat(parameters('pipNamePrefix'), copyindex())]", + "apiVersion": "[variables('networkApiVersion')]", + "copy": { + "name": "pipLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "properties": { + "publicIpAllocationMethod": "Dynamic" + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[parameters('nsgName')]", + "apiVersion": "[variables('networkApiVersion')]", + "location": "[resourceGroup().location]", + "properties": { + "securityRules": [ + { + "name": "default-allow-rdp", + "properties": { + "priority": 1000, + "sourceAddressPrefix": "*", + "protocol": "Tcp", + "destinationPortRange": "3389", + "access": "Allow", + "direction": "Inbound", + "sourcePortRange": "*", + "destinationAddressPrefix": "*" + } + } + ] + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountName')]", + "apiVersion": "[variables('storageAPIVersion')]", + "location": "[resourceGroup().location]", + "sku": { + "name": "[variables('storageAccountType')]" + }, + "kind": "Storage", + "properties": {} + }, + { + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(parameters('vmNamePrefix'), copyindex())]", + "apiVersion": "[variables('computeAPIVersion')]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfInstances')]" + }, + "location": "[resourceGroup().location]", + "dependsOn": [ + "nicLoop", + "[resourceId('Microsoft.Storage/storageAccounts/',variables('storageAccountName'))]" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('imagePublisher')]", + "offer": "[parameters('imageOffer')]", + "sku": "[parameters('imageSKU')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Standard_LRS" + } + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(parameters('nicNamePrefix'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "true", + "storageUri": "[concat('https://', variables('storageAccountName'), '.blob.core.windows.net')]" + } + } + } + } + ] +} \ No newline at end of file diff --git a/Instructions/Demos/DEMO_deploying_an_arm_template.md b/Instructions/Demos/DEMO_deploying_an_arm_template.md deleted file mode 100644 index 54ddee13..00000000 --- a/Instructions/Demos/DEMO_deploying_an_arm_template.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -demo: - title: 'Demo: Deploying an ARM Template' - module: 'Module 1: Exploring Azure Resource Manager' ---- - -# Demo: Deploying an ARM Template - -## Instructions - -1. Quisque dictum convallis metus, vitae vestibulum turpis dapibus non. - - 1. Suspendisse commodo tempor convallis. - - 1. Nunc eget quam facilisis, imperdiet felis ut, blandit nibh. - - 1. Phasellus pulvinar ornare sem, ut imperdiet justo volutpat et. - -1. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. - -1. Vestibulum hendrerit orci urna, non aliquet eros eleifend vitae. - -1. Curabitur nibh dui, vestibulum cursus neque commodo, aliquet accumsan risus. - - ``` - Sed at malesuada orci, eu volutpat ex - ``` - -1. In ac odio vulputate, faucibus lorem at, sagittis felis. - -1. Fusce tincidunt sapien nec dolor congue facilisis lacinia quis urna. - - > **Note**: Ut feugiat est id ultrices gravida. - -1. Phasellus urna lacus, luctus at suscipit vitae, maximus ac nisl. - - - Morbi in tortor finibus, tempus dolor a, cursus lorem. - - - Maecenas id risus pharetra, viverra elit quis, lacinia odio. - - - Etiam rutrum pretium enim. - -1. Curabitur in pretium urna, nec ullamcorper diam. diff --git a/Instructions/Labs/LAB_01_deploying_arm_templates.md b/Instructions/Labs/LAB_01_deploying_arm_templates.md deleted file mode 100644 index 0d800380..00000000 --- a/Instructions/Labs/LAB_01_deploying_arm_templates.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -lab: - title: 'Lab: Deploying Azure Resource Manager templates' - module: 'Module 1: Exploring Azure Resource Manager' ---- - -# Lab: Deploying Azure Resource Manager templates -# Student lab manual - -## Lab scenario - -Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus lobortis, erat vel egestas faucibus, dui magna semper velit, id congue sapien lectus id turpis. Nam egestas tempus enim. Ut venenatis vehicula ex, id rutrum odio lacinia at. Donec congue, tortor sed fermentum imperdiet, mauris mi auctor dui, ac cursus ex augue a odio. Aliquam erat volutpat. Vivamus faucibus fringilla augue in dignissim. Quisque sit amet nulla id risus gravida auctor. Ut in est varius, cursus odio rhoncus, placerat erat. Suspendisse nec metus est. - -## Objectives - -After you complete this lab, you will be able to: - -- Cras tincidunt massa et nunc vulputate, eget vestibulum massa tincidunt. - -- Maecenas suscipit at nisl vitae malesuada. - -- Suspendisse eu arcu id velit consequat venenatis. - -## Lab Setup - - - **Estimated Time**: 00 minutes - -## Instructions - -### Before you start - -#### Setup Task - -1. Integer dolor purus, gravida eu sem id, efficitur aliquet neque. - -1. Suspendisse viverra mauris in metus laoreet consectetur. - -1. Sed diam risus, convallis quis condimentum at, egestas malesuada libero. - -### Exercise 0: - -#### Task 0: - -1. Quisque dictum convallis metus, vitae vestibulum turpis dapibus non. - - 1. Suspendisse commodo tempor convallis. - - 1. Nunc eget quam facilisis, imperdiet felis ut, blandit nibh. - - 1. Phasellus pulvinar ornare sem, ut imperdiet justo volutpat et. - -1. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. - -1. Vestibulum hendrerit orci urna, non aliquet eros eleifend vitae. - -1. Curabitur nibh dui, vestibulum cursus neque commodo, aliquet accumsan risus. - - ``` - Sed at malesuada orci, eu volutpat ex - ``` - -1. In ac odio vulputate, faucibus lorem at, sagittis felis. - -1. Fusce tincidunt sapien nec dolor congue facilisis lacinia quis urna. - - > **Note**: Ut feugiat est id ultrices gravida. - -1. Phasellus urna lacus, luctus at suscipit vitae, maximus ac nisl. - - - Morbi in tortor finibus, tempus dolor a, cursus lorem. - - - Maecenas id risus pharetra, viverra elit quis, lacinia odio. - - - Etiam rutrum pretium enim. - -1. Curabitur in pretium urna, nec ullamcorper diam. - -#### Review - -Maecenas fringilla ac purus non tincidunt. Aenean pellentesque velit id suscipit tempus. Cras at ullamcorper odio. diff --git a/Instructions/Labs/LAB_01a_Manage_Subscriptions_and_RBAC.md b/Instructions/Labs/LAB_01a_Manage_Subscriptions_and_RBAC.md new file mode 100644 index 00000000..65827d3d --- /dev/null +++ b/Instructions/Labs/LAB_01a_Manage_Subscriptions_and_RBAC.md @@ -0,0 +1,179 @@ +--- +lab: + title: '01a - Manage Subscriptions and RBAC' + module: 'Module 01 - Subscriptions and Governance' +--- + +# Lab 01a - Manage Subscriptions and RBAC +# Student lab manual + +## Lab scenario + +In order to improve management of Azure resources in Contoso, you have been tasked with implementing the following functionality: + +- creating a management group that would include all of Contoso's Azure subscriptions + +- granting permissions to submit support requests for all subscriptions in the management group to a designated Azure Active Directory user. That user's permissions should be limited only to: + + - creating support request tickets + - viewing resource groups + +## Objectives + +In this lab, you will: + ++ Task 1: Implement Management Groups ++ Task 2: Create custom RBAC roles ++ Task 3: Assign RBAC roles + +## Instructions + +### Exercise 1 + +#### Task 1: Implement Management Groups + +In this task, you will create and configure management groups. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. Search for and select **Management groups** and then, on the **Management groups** blade, click **+ Add management group**. + +1. Create a management group with the following settings: + + | Setting | Value | + | --- | --- | + | Management group ID | **az104-01-mg1**| + | Management group display name | **az104-01-mg1**| + +1. In the list of management groups, click the entry representing the newly created management group and then display its **details**. + +1. From the **az104-01-mg1** blade, click **+ Add subscription** and add the subscription you are using in this lab to the management group. + + >**Note**: Copy the ID of your Azure subscription into Clipboard. You will need it in the next task. + +#### Task 2: Create custom RBAC roles + +In this task, you will create a definition of a custom RBAC role. + +1. From the lab computer, open the file **\\Allfiles\\Labs\\01\\az104-01a-customRoleDefinition.json** in Notepad and review its content: + + ```json + { + "Name": "Support Request Contributor (Custom)", + "IsCustom": true, + "Description": "Allows to create support requests", + "Actions": [ + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Support/*" + ], + "NotActions": [ + ], + "AssignableScopes": [ + "/providers/Microsoft.Management/managementGroups/az104-01-mg1", + "/subscriptions/SUBSCRIPTION_ID" + ] + } + ``` + +1. Replace the `SUBSCRIPTION_ID` placeholder in the JSON file with the subscription ID you copied into Clipboard and save the change. + +1. In the Azure portal, open **Cloud Shell** pane by clicking on the toolbar icon directly to the right of the search textbox. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu click **Upload**, and upload the file **\\Allfiles\\Labs\\01\\az104-01a-customRoleDefinition.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the custom role definition: + + ```pwsh + New-AzRoleDefinition -InputFile $HOME/az104-01a-customRoleDefinition.json + ``` + +1. Close the Cloud Shell pane. + +#### Task 3: Assign RBAC roles + +In this task, you will create an Azure Active Directory user, assign the RBAC role you created in the previous task to that user, and verify that the user can perform the task specified in the RBAC role definition. + +1. In the Azure portal, search for and select **Azure Active Directory**, on the Azure Active Directory blade, click **Users**, and then click **+ New user**. + +1. Create a new user with the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | User name | **az104-01-aaduser1**| + | Name | **az104-01-aaduser1**| + | Let me create the password | enabled | + | Initial password | **Pa55w.rd124** | + + >**Note**: **Copy to clipboard** the full **User name**. You will need it later in this lab. + +1. In the Azure portal, navigate back to the **az104-01-mg1** management group and display its **details**. + +1. Click **Access control (IAM)**, click **+ Add** followed by **Role assignment**, and assign the **Support Request Contributor (Custom)** role to the newly created user account. + +1. Open an **InPrivate** browser window and sign in to the [Azure portal](https://portal.azure.com) using the newly created user account. When prompted to update the password, change the password for the user. + + >**Note**: Rather than typing the user name, you can paste the content of Clipboard. + +1. In the **InPrivate** browser window, in the Azure portal, search and select **Resource groups** to verify that the az104-01-aaduser1 user can see all resource groups. + +1. In the **InPrivate** browser window, in the Azure portal, search and select **All resources** to verify that the az104-01-aaduser1 user cannot see any resources. + +1. In the **InPrivate** browser window, in the Azure portal, search and select **Help + support** and then click **+ New support request**. + +1. In the **InPrivate** browser window, on the **Basic** tab of the **Help + support - New support request** blade, select the **Service and subscription limits (quotas)** issue type and note that the subscription you are using in this lab is listed in the **Subscription** drop-down list. + + >**Note**: The presence of the subscription you are using in this lab in the **Subscription** drop-down list indicates that the account you are using has the permissions required to create the subscription-specific support request. + + >**Note**: If you do not see the **Service and subscription limits (quotas)** option, sign out from the Azure portal and sign in back. + +1. Do not continue with creating the support request. Instead, sign out as the az104-01-aaduser1 user from the Azure portal and close the InPrivate browser window. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. + + >**Note**: Removing unused resources ensures you will not see unexpected charges, although, resources created in this lab do not incur extra cost. + +1. In the Azure portal, search for and select **Azure Active Directory**, on the Azure Active Directory blade, click **Users**. + +1. On the **Users - All users** blade, click **az104-01-aaduser1**. + +1. On the **az104-01-aaduser1 - Profile** blade, copy the value of **Object ID** attribute. + +1. In the Azure portal, start a **PowerShell** session within the **Cloud Shell**. + +1. From the Cloud Shell pane, run the following to remove the assignment of the custom role definition (replace the `[object_ID]` placeholder with the value of the **object ID** attribute of the **az104-01-aaduser1** Azure Active Directory user account you copied earlier in this task): + + ```pwsh + $scope = (Get-AzRoleAssignment -RoleDefinitionName 'Support Request Contributor (Custom)').Scope + + Remove-AzRoleAssignment -ObjectId '[object_ID]' -RoleDefinitionName 'Support Request Contributor (Custom)' -Scope $scope + ``` + +1. From the Cloud Shell pane, run the following to remove the custom role definition: + + ```pwsh + Remove-AzRoleDefinition -Name 'Support Request Contributor (Custom)' -Force + ``` + +1. In the Azure portal, navigate back to the **Users - All users** blade of the **Azure Active Directory**, and delete the **az104-01-aaduser1** user account. + +1. In the Azure portal, navigate to the **az104-01-mg1** management group and display its **details**. + +1. Right-click the **ellipsis** icon to the right of the entry representing your Azure subscription and click **Move**. + +1. On the **Move** blade, select the management group which the subscription was originally part of and click **Save**. + +1. Navigate back to the **Management groups** blade, right click the **ellipsis** icon to the rigth of the **az104-01-mg1** management group and click **Delete**. + +#### Review + +In this lab, you have: + +- Implemented Management Groups +- Created custom RBAC roles +- Assigned RBAC roles \ No newline at end of file diff --git a/Instructions/Labs/LAB_01b-Manage_Governance_via_Azure_Policy.md b/Instructions/Labs/LAB_01b-Manage_Governance_via_Azure_Policy.md new file mode 100644 index 00000000..88f807dd --- /dev/null +++ b/Instructions/Labs/LAB_01b-Manage_Governance_via_Azure_Policy.md @@ -0,0 +1,211 @@ +--- +lab: + title: '01b - Manage Governance via Azure Policy' + module: 'Module 01 - Subscriptions and Governance' +--- + +# Lab 01b - Manage Governance via Azure Policy +# Student lab manual + +## Lab scenario + +In order to improve management of Azure resources in Contoso, you have been tasked with implementing the following functionality: + +- tagging resource groups that include only infrastructure resources (such as Cloud Shell storage acccounts) + +- ensuring that only properly tagged infrastructure resoures can be added to infrastructure resource groups + +- remediating any non-compliant resources + +## Objectives + +In this lab, we will: + ++ Task 1: Create and assign tags via the Azure portal ++ Task 2: Enforce tagging via an Azure policy ++ Task 3: Apply tagging via an Azure policy + +## Instructions + +### Exercise 1 + +#### Task 1: Assign tags via the Azure portal + +In this task, you will create and assign a tag to an Azure resource group via the Azure portal. + +1. In the Azure portal, start a **PowerShell** session within the **Cloud Shell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. From the Cloud Shell pane, run the following to identify the name of the storage account used by Cloud Shell: + + ```pwsh + df + ``` + +1. In the output of the command, note the first part of the fully qualified path designating the Cloud Shell home drive mount (marked here as `xxxxxxxxxxxxxx`: + + ``` + //xxxxxxxxxxxxxx.file.core.windows.net/cloudshell (..) /usr/csuser/clouddrive + ``` + +1. In the Azure portal, search and select **Storage accounts** and, in the list of the storage accounts, click the entry representing the storage account you identified in the previous step. + +1. On the storage account blade, click the link representing the name of the resource group containing the storage account. + +1. On the resource group blade, click **Tags**. + +1. Create a tag with the following settings and save your change: + + | Setting | Value | + | --- | --- | + | Name | **Role** | + | Value | **Infra** | + +1. Navigate back to the storage account blade and note that tag is not automatically assigned to the storage account. + +#### Task 2: Enforce tagging via an Azure policy + +1. In the Azure portal, search for and select **Policy**. + +1. In the **Authoring** section, click **Definitions**. Take a moment to browse through the list of built-in policy definitions that are available for you to use. List all built-in policies that involve the use of tags by selecting the **Tags** entry (and de-selecting all other entries) in the **Category** drop-down list. + +1. Click the entry representing the **Require tag and its value** built-in policy and review its definition. + +1. On the **Require tag and its value** built-in policy definition blade, click **Assign**. + +1. Specify the **Scope** by clicking the ellipsis button and selecting the following values: + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | the name of the resource group containing the Cloud Shell account you identified in the previous task | + + >**Note**: A scope determines the resources or resource groups where the policy assignment takes effect. You could assign policies on the management group, subscription, or resource group level. You also have the option of specifying exclusions, such as individual subscriptions, resource groups, or resources (depending on the assignment scope). + +1. Configure the **Basics** properties of the assignment by specifying the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | Assignment name | **Require Role tag with Infra value**| + | Description | **Require Role tag with Infra value for all resources in the Cloud Shell resource group**| + | Policy enforcement | Enabled | + + >**Note**: The **Assignment name** is automatically populated with the policy name you selected, but you can change it. You can also add an optional **Description**. **Assigned by** is automatically populated based on the user name creating the assignment. + +1. Click **Next** and set **Parameters** to the following values: + + | Setting | Value | + | --- | --- | + | Tag Name | **Role** | + | Tag Value | **Infra** | + +1. Click **Next** and review the **Remediation** tab. Leave the **Create a Managed Identity** checkbox unchecked. + + >**Note**: This setting can be used when the policy or initiative includes the **deployIfNotExists** or **Modify** effect. + +1. Click **Review + Create** and then click **Create**. + + >**Note**: Now you will verify that the new policy assignment is in effect by attempting to create another Azure Storage account in the resource group without explicitly adding the required tag. + +1. Navigate back to the blade of the resource group hosting the storage account used for the Cloud Shell home drive, which you identified in the previous task. + +1. On the resource group blade, click **+ Add**. + +1. On the **New** blade, search for and select **Storage account - blob, file, table, queue**. + +1. On the **Basics** tab of the **Creat storage account** blade, specify the following settings (leave others with their defaults) and click **Review + create**: + + | Setting | Value | + | --- | --- | + | Storage account name | any globally unique combination of between 3 and 24 lower case leters and digits, starting with a letter | + +1. Note that the validation failed. Click the link **Validation failed. Click here to view details** to display the **Errors** blade and identify the reason for the failure. + + >**Note**: The error message states that the resource deployment was disallowed by the policy. + + >**Note**: By clicking the **Raw Error** tab, you can find more details about the error, including the name of the role definition **Require Role tag with Infra value**. The deployment failed because the storage account you attempted to create did not have a tag named **Role** with its value set to **Infra**. + +#### Task 3: Apply tagging via an Azure policy + +In this task, we will use a different policy definition to remediate any non-compliant resources. + +1. In the Azure portal, search for and select **Policy**. + +1. In the **Authoring** section, click **Assignments**. + +1. In the list of assignments, right click the ellipsis icon in the row representing the **Require Role tag with Infra value** policy assignment and use the **Delete assignment** menu item to delete the assignment. + +1. Click **Assign policy** and specify the **Scope** by clicking the ellipsis button and selecting the following values:: + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | the name of the resource group containing the Cloud Shell account you identified in the first task | + +1. To specify the **Policy definition**, click the ellipsis button and then search for and select **Inherit a tag from the resource group if missing**. + +1. Configure the remaining **Basics** properties of the assignment by specifying the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | Assignment name | **Inherit the Role tag and its Infra value from the Cloud Shell resource group if missing**| + | Description | **Inherit the Role tag and its Infra value from the Cloud Shell resource group if missing**| + | Policy enforcement | Enabled | + +1. Click **Next** and set **Parameters** to the following values: + + | Setting | Value | + | --- | --- | + | Tag Name | **Role** | + +1. Click **Next** and, on the **Remediation** tab, configure the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | Create a remediation task | enabled | + | Policy to remediate | **Inherit a tag from the resource group if missing** | + + >**Note**: This policy definition includes the **Modify** effect. + +1. Click **Review + Create** and then click **Create**. + + >**Note**: To verify that the new policy assignment is in effect, you will create another Azure Storage account in the same resource group without explicitly adding the required tag. + +1. Navigate back to the blade of the resource group hosting the storage account used for the Cloud Shell home drive, which you identified in the first task. + +1. On the resource group blade, click **+ Add**. + +1. On the **New** blade, search for and select **Storage account - blob, file, table, queue**. + +1. On the **Basics** tab of the **Creat storage account** blade, specify the following settings (leave others with their defaults) and click **Review + create**: + + | Setting | Value | + | --- | --- | + | Storage account name | any globally unique combination of between 3 and 24 lower case leters and digits, starting with a letter | + +1. Verify that this time the validation passed and click **Create**. + +1. Once the new storage account is provisioned, click **Go to resource** button and, on the **Overview** blade of the newly created storage account, note that the tag **Role** with the value **Infra** has been automatically assigned to the resource. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. + + >**Note**: Removing unused resources ensures you will not see unexpected charges, although keep in mind that Azure policies do not incur extra cost. + +1. In the portal, search for and select **Policy**. + +1. In the **Authoring** section, click **Assignments**, click the ellipsis icon to the right of the assignment you created in the previous task and click **Delete assignment**. + +1. In the portal, search for and select **Storage accounts**. + +1. In the list of storage accounts, select the storage account you created in the last task of this lab, click **Delete**, when prompted for the confirmation, in the **Confirm delete** type **yes** and click **Delete**. + +#### Review + +In this lab, you have: + +- Created and assigned tags via the Azure portal +- Enforced tagging via an Azure policy +- Applied tagging via an Azure policy diff --git a/Instructions/Labs/LAB_02-Manage_Azure_AD_Identities.md b/Instructions/Labs/LAB_02-Manage_Azure_AD_Identities.md new file mode 100644 index 00000000..02ce91f7 --- /dev/null +++ b/Instructions/Labs/LAB_02-Manage_Azure_AD_Identities.md @@ -0,0 +1,265 @@ +--- +lab: + title: '02 - Manage Azure Active Directory Identities' + module: 'Module 02 - Identity' +--- + +# Lab 02 - Manage Azure Active Directory Identities + +# Student lab manual + +## Lab scenario + +In order to allow Contoso users to authenticate by using Azure AD, you have been tasked with provisioning users and group accounts. Membership of the groups should be updated automatically based on the user job titles. You also need to create a test Azure AD tenant with a test user account and grant that account limited permissions to resources in the Contoso Azure subscription. + +## Objectives + +In this lab, you will: + ++ Task 1: Create and configure Azure AD users ++ Task 2: Create Azure AD groups with assigned and dynamic membership ++ Task 3: Create an Azure Active Directory (AD) tenant ++ Task 4: Manage Azure AD guest users + +## Instructions + +### Exercise 1 + +#### Task 1: Create and configure Azure AD users + +In this task, you will create and configure Azure AD users. + +1. In the Azure portal, search for and select **Azure Active Directory**. + +1. On the Azure Active Directory blade, scroll down to the **Manage** section, click **User settings**, and review available configuration options. + +1. On the Azure Active Directory blade, in the **Manage** section, click **Users**, and then click your user account to display its **Profile** settings. + +1. Click **edit**, in the **Settings** section, set **Usage location** to **United States** and save the change. + + >**Note**: This is necessary in order to assign an Azure AD Premium P2 license to your user account later in this lab. + +1. Navigate back to the **Users - All users** blade, and then click **+ New user**. + +1. Create a new user with the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | User name | **az104-02a-aaduser1** | + | Name | **az104-02a-aaduser1** | + | Let me create the password | enabled | + | Initial password | **Pa55w.rd124** | + | Usage location | **United States** | + | Job title | **Cloud Administrator** | + | Department | **IT** | + + >**Note**: **Copy to clipboard** the full **User name**. You will need it later in this task. + +1. In the list of users, click the newly created user account to display its blade. + +1. Review the options available in the **Manage** section and note that you can identify the Azure AD roles assigned to the user account as well as the user account's permissions to Azure resources. + +1. In the **Manage** section, click **Assigned roles**, then click **+ Add assignment** button and assign the **User administrator** role to **az104-02a-aaduser1**. + + >**Note**: You also have the option of assigning Azure AD roles when provisioning a new user. + +1. Open an **InPrivate** browser window and sign in to the [Azure portal](https://portal.azure.com) using the newly created user account. When prompted to update the password, change the password for the user. + + >**Note**: Rather than typing the user name, you can paste the content of Clipboard. + +1. In the **InPrivate** browser window, in the Azure portal, search for and select **Azure Active Directory**. + + >**Note**: While this user account can access the Azure Active Directory tenant, it does not have any access to Azure resources. This is expected, since such access would need to be granted explicitly by using Azure Role-Based Access Control. + +1. In the **InPrivate** browser window, on the Azure AD blade, scroll down to the **Manage** section, click **User settings**, and note that you do not have permissions to modify any configuration options. + +1. In the **InPrivate** browser window, on the Azure AD blade, in the **Manage** section, click **Users**, and then click **+ New user**. + +1. Create a new user with the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | User name | **az104-02a-aaduser2** | + | Name | **az104-02a-aaduser2** | + | Let me create the password | enabled | + | Initial password | **Pa55w.rd124** | + | Usage location | **United States** | + | Job title | **System Administrator** | + | Department | **IT** | + +1. Sign out as the az104-02a-aaduser1 user from the Azure portal and close the InPrivate browser window. + +#### Task 2: Create Azure AD groups with assigned and dynamic membership + +In this task, you will create Azure Active Directory groups with assigned and dynamic membership. + +1. Back in the Azure portal where you are signed in with your user account, navigate back to the **Overview** blade of the Azure AD tenant and, in the **Manage** section, click **Licenses**. + + >**Note**: Azure AD Premium P1 or P2 licenses are required in order to implement dynamic groups. + +1. In the **Manage** section, click **All products**. + +1. Click **+ Try/Buy** and activate the free trial of Azure AD Premium P2. + +1. Refresh the browser window to verify that the activation was successful. + +1. From the **Licenses - All products** blade, select the **Azure Active Directory Premium P2** entry, and assign all license options of Azure AD Premium P2 to your user account and the two newly created user accounts. + +1. In the Azure portal, navigate back to the Azure AD tenant blade and click **Groups**. + +1. Use the **+ New group** button to create a new group with the following settings: + + | Setting | Value | + | --- | --- | + | Group type | **Security** | + | Group name | **IT Cloud Administrators** | + | Group description | **Contoso IT cloud administrators** | + | Membership type | **Dynamic User** | + + >**Note**: If the **Membership type** drop-down list is grayed out, refresh the browser page. + +1. Click **Add dynamic query**. + +1. On the **Configure Rules** tab of the **Dynamic membership rules** blade, create a new rule with the following settings: + + | Setting | Value | + | --- | --- | + | Property | **jobTitle** | + | Operator | **Equals** | + | Value | **Cloud Administrator** | + +1. Save the rule and, back on the **New Group** blade, click **Create**. + +1. Back on the **Groups - All groups** blade of the Azure AD tenant, click the **+ New group** button and create a new group with the following settings: + + | Setting | Value | + | --- | --- | + | Group type | **Security** | + | Group name | **IT System Administrators** | + | Group description | **Contoso IT system administrators** | + | Membership type | **Dynamic User** | + +1. Click **Add dynamic query**. + +1. On the **Configure Rules** tab of the **Dynamic membership rules** blade, create a new rule with the following settings: + + | Setting | Value | + | --- | --- | + | Property | **jobTitle** | + | Operator | **Equals** | + | Value | **System Administrator** | + +1. Save the rule and, back on the **New Group** blade, click **Create**. + +1. Back on the **Groups - All groups** blade of the Azure AD tenant, click the **+ New group** button, and create a new group with the following settings: + + | Setting | Value | + | --- | --- | + | Group type | **Security** | + | Group name | **IT Lab Administrators** | + | Group description | **Contoso IT Lab administrators** | + | Membership type | **Assigned** | + +1. Click **No members selected**. + +1. From the **Add members** blade, search and select the **IT Cloud Administrators** and **IT System Administrators** groups and, back on the **New Group** blade, click **Create**. + +1. Back on the **Groups - All groups** blade, click the entry representing the **IT Cloud Administrators** group and, on then display its **Members** blade. Verify that the **az104-02a-aaduser1** appears in the list of group members. + +1. Navigate back to the **Groups - All groups** blade, click the entry representing the **IT System Administrators** group and, on then display its **Members** blade. Verify that the **az104-02a-aaduser2** appears in the list of group members. + + >**Note**: You might experience delays with updates of the dynamic membership groups. To expedate the update, navigate to the group blade, display its **Dynamic membership rules** blade, **Edit** the rule listed in the **Rule syntax** textbox by adding a whitespace at the end, and **Save** the change. + +#### Task 3: Create an Azure Active Directory (AD) tenant + +In this task, you will create a new Azure AD tenant. + +1. In the Azure portal, search for and select **Azure Active Directory**. + +1. Click **+ Create a directory** and specify the following setting: + + | Setting | Value | + | --- | --- | + | Directory type | **Azure Active Directory** | + | Organization name | **Contoso Lab** | + | Initial domain name | any valid DNS name consisting of lower case letters and digits and starting with a letter | + | Country/Region | **United States** | + + > **Note**: The green check mark in the **Initial domain name** text box will indicate that the domain name you typed in is valid and unique. + +1. Click **Review + create** and then click **Create**. + +1. Display the blade of the newly created Azure AD tenant by using the **Click here to navigate to your new directory: Contoso Lab** link or the **Directory + Subscription** button (directly to the right of the Cloud Shell button) in the Azure portal toolbar. + +#### Task 4: Manage Azure AD guest users. + +In this task, you will create Azure AD guest users and grant them access to resources in an Azure subscription. + +1. In the Azure portal displaying the Contoso Lab Azure AD tenant, in the **Manage** section, click **Users**, and then click **+ New user**. + +1. Create a new user with the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | User name | **az104-02b-aaduser1** | + | Name | **az104-02b-aaduser1** | + | Let me create the password | enabled | + | Initial password | **Pa55w.rd124** | + | Job title | **System Administrator** | + | Department | **IT** | + + >**Note**: **Copy to clipboard** the full **User name**. You will need it later in this task. + +1. Switch back to your default Azure AD tenant by using the **Directory + Subscription** button (directly to the right of the Cloud Shell button) in the Azure portal toolbar. + +1. Navigate back to the **Users - All users** blade, and then click **+ New guest user**. + +1. Create a new guest user with the following settings (leave others with their defaults): + + | Setting | Value | + | --- | --- | + | Name | **az104-02b-aaduser1** | + | Email address | paste the value you copied into Clipboard earlier in this task | + | Usage location | **United States** | + | Job title | **Lab Administrator** | + | Department | **IT** | + +1. Click **Invite**. + +1. Back on the **Users - All users** blade, click the entry representing the newly created guest user account. + +1. On the **az104-02b-aaduser1 - Profile** blade, click **Groups**. + +1. Click **+ Add membership** and add the guest user account to the **IT Lab Administrators** group. + + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not incur unexpected costs. While, in this case, there are no additional charges associated with Azure Active Directory tenants and their objects, you might want to consider removing the user accounts, the group accounts, and the Azure Active Directory tenant you created in this lab. + +1. In the Azure portal, navigate to the **Users - All users** blade, click the entry representing the **az104-02b-aaduser1** guest user account, on the **az104-02b-aaduser1 - Profile** blade click **Delete**, and, when prompted to confirm, click **OK**. + +1. Repeat the same sequence of steps to delete the remaining user accounts you created in this lab. + +1. Navigate to the **Groups - All groups** blade, select the groups you created in this lab, click **Delete**, and, when prompted to confirm, click **OK**. + +1. Navigate to the **Azure Active Directory Premium P2 - Licensed users** blade, select the user accounts to which you assigned licenses in this lab, click **Remove license**, and, when prompted to confirm, click **OK**. + +1. In the Azure portal, display the blade of the Contoso Lab Azure AD tenant by using the **Directory + Subscription** button (directly to the right of the Cloud Shell button) in the Azure portal toolbar. + +1. Navigate to the **Users - All users** blade, click the entry representing the **az104-02b-aaduser1** user account, on the **az104-02b-aaduser1 - Profile** blade click **Delete**, and, when prompted to confirm, click **OK**. + +1. Navigate to the **Contoso Lab - Overview** blade of the Contoso Lab Azure AD tenant, click **Delete directory**, on the **Delete directory 'Contoso Lab'** blade, click the **Get permission to delete Azure resources** link, on the **Properties** blade of Azure Active Directory, set **Access management for Azure resources** to **Yes** and click **Save**. + +1. Sign out from the Azure portal and sign in back. + +1. Navigate back to the **Delete directory 'Contoso Lab'** blade and click **Delete**. + +#### Review + +In this lab, you have: + +- Created and configured Azure AD users +- Created Azure AD groups with assigned and dynamic membership +- Created an Azure Active Directory (AD) tenant +- Managed Azure AD guest users \ No newline at end of file diff --git a/Instructions/Labs/LAB_03a-Manage_Azure_Resources_by_Using the Azure Portal.md b/Instructions/Labs/LAB_03a-Manage_Azure_Resources_by_Using the Azure Portal.md new file mode 100644 index 00000000..1bb54ecf --- /dev/null +++ b/Instructions/Labs/LAB_03a-Manage_Azure_Resources_by_Using the Azure Portal.md @@ -0,0 +1,137 @@ +--- +lab: + title: '03a - Manage Azure resources by Using the Azure Portal' + module: 'Module 03 - Azure Administration' +--- + +# Lab 03a - Manage Azure resources by Using the Azure Portal +# Student lab manual + +## Lab scenario + +You need to explore the basic Azure administration capabilities associated with provisioning resources and organizing them based on resource groups, including moving resources between resource groups. You also want to explore options for protecting disk resources from being accidentally deleted, while still allowing for modifying their performance characteristics and size. + +## Objectives + +In this lab, we will: + ++ Task 1: Create resource groups and deploy resources to resource groups ++ Task 2: Move resources between resource groups ++ Task 3: Implement and test resource locks + +## Instructions + +### Exercise 1 + +#### Task 1: Create resource groups and deploy resources to resource groups + +In this task, you will use the Azure portal to create resorce groups and create a disk in the resource group. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. Search for and select **Resource groups**. + +1. On the **Resource groups** blade, click **+ Add** and create a resource group with the following settings: + + |Setting|Value| + |---|---| + |Subscription| the name of the Azure subscription you will use in this lab | + |Resource Group| **az104-03a-rg1**| + |Region| the name of any Azure region available in the subscription you will use in this lab | + +1. Click **Review + Create** and then click **Create**. + +1. In the Azure portal, search for and select **Disks**, click **+ Add**, and specify the following settings: + + |Setting|Value| + |---|---| + |Subscription| the name of the Azure subscription where you created the resource group | + |Resource Group| **az104-03a-rg1** | + |Disk name| **az104-03a-disk1** | + |Region| the name of the Azure region where you created the resource group | + |Availability zone| **None** | + |Source type| **None** | + + >**Note**: When creating a resource, you have the option of creating a new resource group or using an existing one. + +1. Change the disk type and size to **Standard HDD** and **32 GiB**, respectively. + +1. Click **Review + Create** and then click **Create**. + + >**Note**: Wait until the disk is created. This should take less than a minute. + +#### Task 2: Move resources between resource groups + +In this task, we will move the disk resource you created in the previous task to a new resource group. + +1. Search for and select **Resource groups**. + +1. On the **Resource groups** blade, click the entry representing the **az104-03a-rg1** resource group you created in the previous task. + +1. From the **Overview** blade of the resource group, in the list of resource group resources, select the entry representing the newly created disk, click **Move** in the toolbar, and, in the drop-down list, select **Move to another resource group**. + + >**Note**: This method allows you to move multiple resources at the same time. + +1. On the **Move resources** blade, click **Create a new group**. + +1. In the **Resource group** text box, type **az104-03a-rg2**, select the checkbox **I understand that tools and scripts associated with moved resources will not work until I update them to use new resource IDs**, and click **OK**. + + >**Note**: Do not wait for the move to complete but instead proceed to the next task. The move might take about 10 minutes. You can determine that the operation was completed by monitoring activity log entries of the source or target resource group. Revisit this step once you complete the next task. + +#### Task 3: Implement resource locks + +In this task, you will apply a resource lock to an Azure resource group containing a disk resource. + +1. In the Azure portal, search for and select **Disks**, click **+ Add**, and specify the following settings: + + |Setting|Value| + |---|---| + |Subscription| the name of the subscription you are using in this lab | + |Resource Group| the name of a new resource group **az104-03a-rg3** | + |Disk name| **az104-03a-disk2** | + |Region| the name of the Azure region where you created the other resource groups in this lab | + |Availability zone| **None** | + |Source type| **None** | + +1. Set the disk type and size to **Standard HDD** and **32 GiB**, respectively. + +1. Click **Review + Create** and then click **Create**. + +1. In the Azure portal, search for and select **Resource groups**. + +1. In the list of resource groups, click the entry representing the **az104-03a-rg3** resource group. + +1. On the **az104-03a-rg3** resource group blade, click **Locks** and add a lock with the following settings: + + |Setting|Value| + |---|---| + |Lock name| **az104-03a-delete-lock** | + |Lock type| **Delete** | + +1. On the **az104-03a-rg3** resource group blade, click **Overview**, in the list of resource group resources, select the entry representing the disk you created earlier in this task, and click **Delete** in the toolbar. + +1. When prompted **Do you want to delete all the selected resources?**, in the **Confirm delete** text box, type **yes** and click **Delete**. + +1. You should see an error message, notifying about the failed delete operation. + + >**Note**: As the error message states, this is expected due to the delete lock applied on the resource group level. + +1. Navigate back to the list of resources of the **az104-03a-rg3** resource group and click the entry representing the **az104-03a-disk2** resource. + +1. On the **az104-03a-disk2** blade, in the **Settings** section, click **Configuration**, set the disk type and size to **Premium SSD** and **64 GiB**, respectively, and save the change. Verify that the change was successful. + + >**Note**: This is expected, since the resource group-level lock applies to delete operations only. + +#### Clean up resources + + >**Note**: Do not delete resources you deployed in this lab. You will be using them in the next lab of this module. Remove only the resource lock you created in this lab. + +1. Navigate to the **az104-03a-rg3** resource group blade, display its **Locks** blade, and remove the lock **az104-03a-delete-lock** by clicking the **Delete** link on the right-hand side of the **Delete** lock entry. + +#### Review + +In this lab, you have: + +- Created resource groups and deployed resources to resource groups +- Moved resources between resource groups +- Implemented and tested resource locks \ No newline at end of file diff --git a/Instructions/Labs/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md b/Instructions/Labs/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md new file mode 100644 index 00000000..d2b06476 --- /dev/null +++ b/Instructions/Labs/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md @@ -0,0 +1,133 @@ +--- +lab: + title: '03b - Manage Azure resources by Using ARM Templates' + module: 'Module 03 - Azure Administration' +--- + +# Lab 03b - Manage Azure resources by Using ARM Templates +# Student lab manual + +## Lab scenario +Now that you explored the basic Azure administration capabilities associated with provisioning resources and organizing them based on resource groups by using the Azure portal, you need to carry out the equivalent task by using Azure Resource Manager templates. + +## Objectives + +In this lab, you will: + ++ Task 1: Review an ARM template for deployment of an Azure managed disk ++ Task 2: Create an Azure managed disk by using an ARM template ++ Task 3: Review the ARM template-based deployment of the managed disk + +## Instructions + +### Exercise 1 + +#### Task 1: Review an ARM template for deployment of an Azure managed disk + +In this task, you will create an Azure disk resource by using an Azure Resource Manager template. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, search for and select **Resource groups**. + +1. In the list of resource groups, click **az104-03a-rg1**. + +1. On the **az104-03a-rg1** resource group blade, in the **Settings** section, click **Deployments**. + +1. On the **az104-03a-rg1 - Deployments** blade, click the first entry in the list of deployments and, on the overview blade of the deployment, click **Template**. + + >**Note**: Review the content of the template and note that you have the option to download it to the local computer, add it to the libary, and re-deploy it. + +1. Click **Download** and save the compressed file containing the template and parameters files to the **Downloads** folder on your lab computer. + +1. Extract the content of the downloaded file into the **Downloads** folder on your lab computer. + + >**Note**: These files are also available as **\\Allfiles\\Labs\\03\\az104-03b-md-template.json** and **\\Allfiles\\Labs\\03\\az104-03b-md-parameters.json** + +#### Task 2: Create an Azure managed disk by using an ARM template + +1. In the Azure portal, search for and select **Template deployment**. + +1. On the **Custom deployment** blade, click **Build your own template in the editor**. + +1. On the **Edit template** blade, click **Load file** and upload the template file you downloaded in the previous step. + +1. Within the editor pane, remove the following lines: + + ```json + "sourceResourceId": { + "type": "String" + }, + "sourceUri": { + "type": "String" + }, + "osType": { + "type": "String" + }, + ``` + + ```json + }, + "hyperVGeneration": { + "defaultValue": "V1", + "type": "String" + ``` + + ```json + "osType": "[parameters('osType')]" + ``` + + >**Note**: These parameters are removed since the are not applicable to the current deployment. In particular, souceResourceId, sourceUri, osType, and hyperVGeneration parameters are applicable to creating an Azure disk from an existing VHD file. + +1. In addition, remove the trailing comma from the following line: + + ```json + "diskSizeGB": "[parameters('diskSizeGb')]", + ``` + + >**Note**: This is necessary to account for the syntax rules of JSON-based ARM templates. + +1. Save the changes. + +1. Back on the **Custom deployment** blade, click **Edit parameters**. + +1. On the **Edit parameters** blade, click **Load file** and upload the parameters file **\\Allfiles\\Labs\\03\\az104-03b-md-parameters.json** and save the changes. + +1. Back on the **Custom deployment** blade, specify the following settings: + + | Setting | Value | + | --- |--- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | the name of a new resource group **az104-03b-rg1** | + | Location | the name of any Azure region available in the subscription you are using in this lab | + | Disk Name | **az104-03b-disk1** | + | Location | accept the default value | + | Sku | **Standard_LRS** | + | Disk Size Gb | **32** | + | Create Option | **empty** | + +1. Select the checkbox **I agree to the terms and conditions stated above** and click **Purchase**. + +1. Verify that the deployment completed successfully. + +#### Task 3: Review the ARM template-based deployment of the managed disk + +1. In the Azure portal, search for and select **Resource groups**. + +1. In the list of resource groups, click **az104-03b-rg1**. + +1. On the **az104-03b-rg1** resource group blade, in the **Settings** section, click **Deployments**. + +1. From the **az104-03b-rg1 - Deployments** blade, click the first entry in the list of deployments and review the content of the **Input** and **Template** blades. + +#### Clean up resources + + >**Note**: Do not delete resources you deployed in this lab. You will reference them in the next lab of this module. + +#### Review + +In this lab, you have: + +- Reviewed an ARM template for deployment of an Azure managed disk +- Created an Azure managed disk by using an ARM template +- Reviewed the ARM template-based deployment of the managed disk diff --git a/Instructions/Labs/LAB_03c-Manage_Azure_Resources_by_Using_Azure_PowerShell.md b/Instructions/Labs/LAB_03c-Manage_Azure_Resources_by_Using_Azure_PowerShell.md new file mode 100644 index 00000000..75a82059 --- /dev/null +++ b/Instructions/Labs/LAB_03c-Manage_Azure_Resources_by_Using_Azure_PowerShell.md @@ -0,0 +1,119 @@ +--- +lab: + title: '03c - Manage Azure resources by Using Azure PowerShell' + module: 'Module 03 - Azure Administration' +--- + +# Lab 03c - Manage Azure resources by Using Azure PowerShell +# Student lab manual + +## Lab scenario + +Now that you explored the basic Azure administration capabilities associated with provisioning resources and organizing them based on resource groups by using the Azure portal and Azure Resource Manager templates, you need to carry out the equivalent task by using Azure PowerShell. To avoid installing Azure PowerShell modules, you will leverage PowerShell environment available in Azure Cloud Shell. + +## Objectives + +In this lab, you will: + ++ Task 1: Start a PowerShell session in Azure Cloud Shell ++ Task 2: Create a resource group and an Azure managed disk by using Azure PowerShell ++ Task 3: Configure the managed disk by using Azure PowerShell + +## Instructions + +### Exercise 1 + +#### Task 1: Start a PowerShell session in Azure Cloud Shell + +In this task, you will open a PowerShell session in Cloud Shell. + +1. In the portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. If prompted, click **Create storage**, and wait until the Azure Cloud Shell pane is displayed. + +1. Ensure **PowerShell** appears in the drop-down menu in the upper-left corner of the Cloud Shell pane. + +#### Task 2: Create a resource group and an Azure managed disk by using Azure PowerShell + +In this task, you will create a resource group and an Azure managed disk by using Azure PowerShell session within Cloud Shell + +1. To create a resource group in the same Azure region as the **az104-03b-rg1** resource group you created in the previous lab, from the PowerShell session within Cloud Shell, run the following: + + ```pwsh + $location = (Get-AzResourceGroup -Name az104-03b-rg1).Location + + $rgName = 'az104-03c-rg1' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. To retrieve properties of the newly created resource group, run the following: + + ```pwsh + Get-AzResourceGroup -Name $rgName + ``` +1. To create a new managed disk with the same characteristics as those you created in the previous labs of this module, run the following: + + ```pwsh + $diskConfig = New-AzDiskConfig ` + -Location $location ` + -CreateOption Empty ` + -DiskSizeGB 32 ` + -Sku Standard_LRS + + $diskName = 'az104-03c-disk1' + + New-AzDisk ` + -ResourceGroupName $rgName ` + -DiskName $diskName ` + -Disk $diskConfig + ``` + +1. To retrieve properties of the newly created disk, run the following: + + ```pwsh + Get-AzDisk -ResourceGroupName $rgName -Name $diskName + ``` + +#### Task 3: Configure the managed disk by using Azure PowerShell + +In this task, you will managing configuration of the Azure managed disk by using Azure PowerShell session within Cloud Shell. + +1. To increase the size of the Azure managed disk to **64 GB**, from the PowerShell session within Cloud Shell, run the following: + + ```pwsh + New-AzDiskUpdateConfig -DiskSizeGB 64 | Update-AzDisk -ResourceGroupName $rgName -DiskName $diskName + ``` + +1. To verify that the change took effect, run the following: + + ```pwsh + Get-AzDisk -ResourceGroupName $rgName -Name $diskName + ``` + +1. To change the disk performance SKU to **Premium_LRS**, from the PowerShell session within Cloud Shell, run the following: + + ```pwsh + New-AzDiskUpdateConfig -Sku Premium_LRS | Update-AzDisk -ResourceGroupName $rgName -DiskName $diskName + ``` + +1. To verify that the change took effect, run the following: + + ```pwsh + (Get-AzDisk -ResourceGroupName $rgName -Name $diskName).Sku + ``` + +#### Clean up resources + + >**Note**: Do not delete resources you deployed in this lab. You will reference them in the next lab of this module. + +#### Review + +In this lab, you have: + +- Started a PowerShell session in Azure Cloud Shell +- Created a resource group and an Azure managed disk by using Azure PowerShell +- Configured the managed disk by using Azure PowerShell \ No newline at end of file diff --git a/Instructions/Labs/LAB_03d-Manage_Azure_Resources_by_Using_Azure_CLI.md b/Instructions/Labs/LAB_03d-Manage_Azure_Resources_by_Using_Azure_CLI.md new file mode 100644 index 00000000..ba53ed37 --- /dev/null +++ b/Instructions/Labs/LAB_03d-Manage_Azure_Resources_by_Using_Azure_CLI.md @@ -0,0 +1,131 @@ +--- +lab: + title: '03d - Manage Azure resources by Using Azure CLI' + module: 'Module 03 - Azure Administration' +--- + +# Lab 03d - Manage Azure resources by Using Azure CLI +# Student lab manual + +## Lab scenario + +Now that you explored the basic Azure administration capabilities associated with provisioning resources and organizing them based on resource groups by using the Azure portal, Azure Resource Manager templates, and Azure PowerShell, you need to carry out the equivalent task by using Azure CLI. To avoid installing Azure CLI, you will leverage Bash environment available in Azure Cloud Shell. + +## Objectives + +In this lab, you will: + ++ Task 1: Start a Bash session in Azure Cloud Shell ++ Task 2: Create a resource group and an Azure managed disk by using Azure CLI ++ Task 3: Configure the managed disk by using Azure CLI + +## Instructions + +### Exercise 1 + +#### Task 1: Start a Bash session in Azure Cloud Shell + +In this task, you will open a Bash session in Cloud Shell. + +1. From the portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **Bash**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. If prompted, click **Create storage**, and wait until the Azure Cloud Shell pane is displayed. + +1. Ensure **Bash** appears in the drop-down menu in the upper-left corner of the Cloud Shell pane. + +#### Task 2: Create a resource group and an Azure managed disk by using Azure CLI + +In this task, you will create a resource group and an Azure managed disk by using Azure CLI session within Cloud Shell. + +1. To create a resource group in the same Azure region as the **az104-03c-rg1** resource group you created in the previous lab, from the Bash session within Cloud Shell, run the following: + + ```sh + LOCATION=$(az group show --name 'az104-03c-rg1' --query location --out tsv) + + RGNAME='az104-03d-rg1' + + az group create --name $RGNAME --location $LOCATION + ``` +1. To retrieve properties of the newly created resource group, run the following: + + ```sh + az group show --name $RGNAME + ``` +1. To create a new managed disk with the same characteristics as those you created in the previous labs of this module, from the Bash session within Cloud Shell, run the following: + + ```sh + DISKNAME='az104-03d-disk1' + + az disk create \ + --resource-group $RGNAME \ + --name $DISKNAME \ + --sku 'Standard_LRS' \ + --size-gb 32 + ``` + >**Note**: When using multi-line syntax, ensure that each line ends with back-slash (`\`) with no trailing spaces and that there are no leading spaces at the beginning of each line. + +1. To retrieve properties of the newly created disk, run the following: + + ```sh + az disk show --resource-group $RGNAME --name $DISKNAME + ``` + +#### Task 3: Configure the managed disk by using Azure CLI + +In this task, you will managing configuration of the Azure managed disk by using Azure CLI session within Cloud Shell. + +1. To increase the size of the Azure managed disk to **64 GB**, from the Bash session within Cloud Shell, run the following: + + ```sh + az disk update --resource-group $RGNAME --name $DISKNAME --size-gb 64 + ``` + +1. To verify that the change took effect, run the following: + + ```sh + az disk show --resource-group $RGNAME --name $DISKNAME --query diskSizeGb + ``` + +1. To change the disk performance SKU to **Premium_LRS**, from the Bash session within Cloud Shell, run the following: + + ```sh + az disk update --resource-group $RGNAME --name $DISKNAME --sku 'Premium_LRS' + ``` + +1. To verify that the change took effect, run the following: + + ```sh + az disk show --resource-group $RGNAME --name $DISKNAME --query sku + ``` + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **Bash** shell session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```sh + az group list --query "[?starts_with(name,'az104-03')].name" --output tsv + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```sh + az group list --query "[?starts_with(name,'az104-03')].[name]" --output tsv | xargs -L1 bash -c 'az group delete --name $0 --no-wait --yes' + ``` + + >**Note**: The command command executes asynchronously (as determined by the --nowait parameter), so while you will be able to run another Azure CLI command immediately afterwards within the same Bash session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Started a Bash session in Azure Cloud Shell +- Created a resource group and an Azure managed disk by using Azure CLI +- Configured the managed disk by using Azure CLI \ No newline at end of file diff --git a/Instructions/Labs/LAB_04-Implement_Virtual_Networking.md b/Instructions/Labs/LAB_04-Implement_Virtual_Networking.md new file mode 100644 index 00000000..07a0ff2b --- /dev/null +++ b/Instructions/Labs/LAB_04-Implement_Virtual_Networking.md @@ -0,0 +1,327 @@ +--- +lab: + title: '04 - Implement Virtual Networking' + module: 'Module 04 - Virtual Networking' +--- + +# Lab 04 - Implement Virtual Networking + +# Student lab manual + +## Lab scenario + +You need to explore Azure virtual networking capabilities. To start, you plan to create a virtual network in Azure that will host a couple of Azure virtual machines. Since you intend to implement network-based segmentation, you will deploy them into different subnets of the virtual network. You also want to make sure that their private and public IP addresses will not change over time. To comply with Contoso security requirements, you need to protect public endpoints of Azure virtual machines accessible from Internet. Finally, you need to implement DNS name resolution for Azure virtual machines both within the virtual network and from Internet. + +## Objectives + +In this lab, you will: + ++ Task 1: Create and configure a virtual network ++ Task 2: Deploy virtual machines into the virtual network ++ Task 3: Configure private and public IP addresses of Azure VMs ++ Task 4: Configure network security groups ++ Task 5: Configure Azure DNS for internal name resolution ++ Task 6: Configure Azure DNS for external name resolution + +## Instructions + +### Exercise 1 + +#### Task 1: Create and configure a virtual network + +In this task, you will create a virtual network with multiple subnets by using the Azure portal + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, search for and select **Virtual networks**, and, on the **Virtual networks** blade, click **+ Add**. + +1. Create a virtual network with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-04-vnet1** | + | Address space | **10.40.0.0/20** | + | Subscription | the name of the Azure subscription you will be using in this lab | + | Resource Group | the name of a new resource group **az104-04-rg1** | + | Location | the name of any Azure region available in the subscription you will use in this lab | + | Subnet Name | **subnet0** | + | Subnet Address range | **10.40.0.0/24** | + + >**Note:** Wait for the virtual network to be provisioned. This should take less than a minute. + +1. On the **Virtual networks** blade, click **Refresh** and click **az104-04-vnet1**. + +1. On the **az104-04-vnet1** virtual network blade, click **Subnets** and then click **+ Subnet**. + +1. Create a subnet with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **subnet1** | + | Address range (CIDR block) | **10.40.1.0/24** | + | Network security group | **None** | + | Route table | **None** | + +#### Task 2: Deploy virtual machines into the virtual network + +In this task, you will deploy Azure virtual machines into different subnets of the virtual network by using an ARM template + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Labs\\04\\az104-04-vms-template.json** and **\\Allfiles\\Labs\\04\\az104-04-vms-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to deploy two virtual machines by using the template and parameter files you uploaded: + + ```pwsh + $rgName = 'az104-04-rg1' + + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-04-vms-template.json ` + -TemplateParameterFile $HOME/az104-04-vms-parameters.json + ``` + + >**Note**: This method of deploying ARM templates uses Azure PowerShell. You can perform the same task by running the equivalent Azure CLI command **az deployment create** (for more information, refer to [Deploy resources with Resource Manager templates and Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli). + + >**Note**: Wait for the deployment to complete before proceeding to the next task. This should take about 2 minutes. + +1. Close the Cloud Shell pane. + +#### Task 3: Configure private and public IP addresses of Azure VMs + +In this task, you will configure static assignment of public and private IP addresses assigned to network interfaces of Azure virtual machines. + + >**Note**: Private and public IP addresses are actually assigned to the network interfaces, which, in turn are attached to Azure virtual machines, however, it is fairly common to refer to IP addresses assigned to Azure VMs instead. + +1. In the Azure portal, search for and select **Resource groups**, and, on the **Resource groups** blade, click **az104-04-rg1**. + +1. On the **az104-04-rg1** resource group blade, in the list of its resources, click **az104-04-vnet1**. + +1. On the **az104-04-vnet1** virtual network blade, review the **Connected devices** section and verify that there are two network interfaces **az104-04-nic0** and **az104-04-nic1** attached to the virtual network. + +1. Click **az104-04-nic0** and, on the **az104-04-nic0** blade, click **IP configurations**. + + >**Note**: Verify that **ipconfig1** is currently set up with a dynamic private IP address. + +1. In the list IP configurations, click **ipconfig1**. + +1. On the **ipconfig1** blade, set **Assignment** to **Static**, leave the default value of **IP address** set to **10.40.0.4**. + +1. On the **ipconfig1** blade, set **Public IP address** to **Enabled** and then click **IP address - Configure required settings**. + +1. On the **Choose public IP address blade**, click **+ Create new** and create a new public IP address with the following settings: + + | Setting | Value | + | --- | --- | + | Name | **az104-04-pip0** | + | SKU | **Standard** | + +1. Back on the **ipconfig1** blade, save the changes. + +1. Navigate back to the **az104-04-vnet1** blade and repeat the previous six steps to change the IP address assignment of **ipconfig1** of **az104-04-nic1** to **Static** and associate **az104-04-nic1** with a new Standard SKU public IP address named **az104-04-pip1**. + +1. Navigate back to the **az104-04-rg1** resource group blade, in the list of its resources, click **az104-04-vm0**, and from the **az104-04-vm0** virtual machine blade, note the public IP address entry. + +1. Navigate back to the **az104-04-rg1** resource group blade, in the list of its resources, click **az104-04-vm1**, and from the **az104-04-vm1** virtual machine blade, note the public IP address entry. + + >**Note**: You will need both IP addresses in the last task of this lab. + + +#### Task 4: Configure network security groups + +In this task, you will configure network security groups in order to allow for restricted connectivity to Azure virtual machines. + +1. In the Azure portal, navigate back to the **az104-04-rg1** resource group blade, and in the list of its resources, click **az104-04-vm0**. + +1. On the **az104-04-vm0** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software. + +1. Note that the connection attempt fails. + + >**Note**: This is expected, because public IP addresses of the Standard SKU, by default, require that the network interfaces to which they are assigned are protected by a network security group. In order to allow Remote Desktop connections, you will create a network security group explicitly allowing inbound RDP traffic from Internet and assign it to network interfaces of both virtual machines. + +1. In the Azure portal, search for and select **Network security groups**, and, on the **Network security groups** blade, click **+ Add**. + +1. Create a network security group with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | **az104-04-rg1** | + | Name | **az104-04-nsg01** | + | Region | the name of the Azure region where you deployed all other resources in this lab | + + >**Note**: Wait for the deployment to complete. This should take about 2 minutes. + +1. On the deployment blade, click **Go to resource** to open the **az104-04-nsg01** network security group blade. + +1. On the **az104-04-nsg01** network security group blade, in the **Settings** section, click **Inbound security rules**. + +1. Add an inbound rule with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Source | **Any** | + | Source port ranges | **/*** | + | Destination | **Any** | + | Destination port ranges | **3389** | + | Protocol | **TCP** | + | Action | **Allow** | + | Priority | **300** | + | Name | **AllowRDPInBound** | + +1. On the **az104-04-nsg01** network security group blade, in the **Settings** section, click **Network interfaces** and then click **+ Associate**. + +1. Associate the **az104-04-nsg01** network security group with the **az104-04-nic0** and **az104-04-nic1** network interfaces. + +1. Navigate back to the **az104-04-vm0** virtual machine blade. + +1. On the **az104-04-vm0** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: Accept any warning prompts when connecting to the target virtual machines. + +1. Verify that you can successfully connect to the target virtual machine and sign in by using the **Student** username and **Pa55w.rd1234** password. + + >**Note**: Leave the Remote Desktop session open. You will need it in the next task. + +#### Task 5: Configure Azure DNS for internal name resolution + +In this task, you will configure DNS name resolution within a virtual network by using Azure private DNS zones. + +1. In the Azure portal, search for and select **Private DNS zones** and, on the **Private DNS zones** blade, click **+ Add**. + +1. Create a private DNS zone with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | **az104-04-rg1** | + | Name | **contoso.org** | + + >**Note**: Wait for the private DNS zone to be created. This should take about 2 minutes. + +1. Click **Go to resource** to open the **contoso.org** DNS private zone blade. + +1. On the **contoso.org** private DNS zone blade, in the **Settings** section, click **Virtual network links** + +1. Add a virtual network link with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Link name | **az104-04-vnet1-link** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-04-vnet1** | + | Enable auto registration | enabled | + + >**Note:** Wait for the virtual network link to be created. This should take less than 1 minute. + +1. On the **contoso.org** private DNS zone blade, in the **Settings** section, click **Overview** + +1. Verify that the DNS records for **az104-04-vm0** and **az104-04-vm1** appear in the list of record sets as **Auto registered**. + + >**Note:** You might need to wait a few minutes and refresh the page if the record sets are not listed. + +1. Switch to the Remote Desktop session to **az104-04-vm0**, right-click the **Start** button and, in the right-click menu, click **Windows PowerShell (Admin)**. + +1. In the Windows PowerShell console window, run the following to test internal name resolution of the **az104-04-vm1** DNS record set in the the newly created private DNS zone: + + ```pwsh + nslookup az104-04-vm1.contoso.org + ``` +1. Verify that the output of the command includes the private IP address of **az104-04-vm1** (**10.40.1.4**). + +#### Task 6: Configure Azure DNS for external name resolution + +In this task, you will configure external DNS name resolution by using Azure public DNS zones. + +1. In the Azure portal, search for and select **DNS zones** and, on the **DNS zones** blade, click **+ Add**. + +1. Create a DNS zone with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource Group | **az104-04-rg1** | + | Name | **contoso.org** | + + >**Note**: Wait for the DNS zone to be created. This should take about 2 minutes. + +1. Click **Go to resource** to open the **contoso.org** DNS zone blade. + +1. On the **contoso.org** DNS zone blade, click **+ Record set**. + +1. Add a record set with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-04-vm0** | + | Type | **A** | + | Alias record set | **No** | + | TTL | **1** | + | TTL unit | **Hours** | + | IP address | the public IP address of **az104-04-vm0** which you identified in the third exercise of this lab | + +1. Add a record set with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-04-vm1** | + | Type | **A** | + | Alias record set | **No** | + | TTL | **1** | + | TTL unit | **Hours** | + | IP address | the public IP address of **az104-04-vm1** which you identified in the third exercise of this lab | + +1. On the **contoso.org** DNS zone blade, note the name of the **Name server 1** entry. + +1. In the Azure portal, open the **PowerShell** session in **Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. From the Cloud Shell pane, run the following to test external name resolution of the **az104-04-vm0** DNS record set in the the newly created DNS zone (replace the placeholder `[Name server 1]` with the name of **Name server 1** you noted earlier in this task): + + ```pwsh + nslookup az104-04-vm0.contoso.org [Name server 1] + ``` +1. Verify that the output of the command includes the public IP address of **az104-04-vm0**. + +1. From the Cloud Shell pane, run the following to test external name resolution of the **az104-04-vm1** DNS record set in the the newly created DNS zone (replace the placeholder `[Name server 1]` with the name of **Name server 1** you noted earlier in this task): + + ```pwsh + nslookup az104-04-vm1.contoso.org [Name server 1] + ``` +1. Verify that the output of the command includes the public IP address of **az104-04-vm1**. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-04*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-04*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Created and configured a virtual network +- Deployed virtual machines into the virtual network +- Configured private and public IP addresses of Azure VMs +- Configured network security groups +- Configured Azure DNS for internal name resolution +- Configured Azure DNS for external name resolution \ No newline at end of file diff --git a/Instructions/Labs/LAB_05-Implement_Intersite_Connectivity.md b/Instructions/Labs/LAB_05-Implement_Intersite_Connectivity.md new file mode 100644 index 00000000..5a9b6d04 --- /dev/null +++ b/Instructions/Labs/LAB_05-Implement_Intersite_Connectivity.md @@ -0,0 +1,249 @@ +--- +lab: + title: '05 - Implement Intersite Connectivity' + module: 'Module 05 - Intersite Connectivity' +--- + +# Lab 05 - Implement Intersite Connectivity +# Student lab manual + +## Lab scenario + +Contoso has its datacenters in Boston, New York, and Seattle offices connected via a mesh wide-area network links, with full connectivity between them. You need to implement a lab environment that will reflect the the topology of the Contoso's on-premises networks and verify its functionality. + +## Objectives + +In this lab, you will: + ++ Task 1: Provision the lab environment ++ Task 2: Configure local and global virtual network peering ++ Task 3: Test intersite connectivity + +#### Task 1: Provision the lab environment + +In this task, you will deploy three virtual machines, each into a separate virtual network, with two of them in the same Azure region and the third one in another Azure region. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Labs\\05\\az104-05-vnetvm-template.json** and **\\Allfiles\\Labs\\05\\az104-05-vnetvm-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the first resource group that will be hosting the first virtual network and the pair of virtual machines (replace the `[Azure_region_1]` placeholder with the name of an Azure region where you intend to deploy these Azure virtual machines): + + ```pwsh + $location = '[Azure_region_1]' + + $rgName = 'az104-05-rg0' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the first virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-05-vnetvm-template.json ` + -TemplateParameterFile $HOME/az104-05-vnetvm-parameters.json ` + -nameSuffix 0 ` + -AsJob + ``` +1. From the Cloud Shell pane, run the following to create the second resource group that will be hosting the second virtual network and the second virtual machine + + ```pwsh + $rgName = 'az104-05-rg1' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the second virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-05-vnetvm-template.json ` + -TemplateParameterFile $HOME/az104-05-vnetvm-parameters.json ` + -nameSuffix 1 ` + -AsJob + ``` +1. From the Cloud Shell pane, run the following to create the third resource group that will be hosting the third virtual network and the third virtual machine (replace the `[Azure_region_2]` placeholder with the name of another Azure region where you can deploy Azure virtual machines, different from the Azure region you used for the other two deployments): + + ```pwsh + $location = '[Azure_region_2]' + + $rgName = 'az104-05-rg2' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the third virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-05-vnetvm-template.json ` + -TemplateParameterFile $HOME/az104-05-vnetvm-parameters.json ` + -nameSuffix 2 ` + -AsJob + ``` + >**Note**: Wait for the deployments to complete before proceeding to the next task. This should take about 2 minutes. + + >**Note**: To verify the status of the deployments, you can examine the the properties of the resource groups you created in this task. + +1. Close the Cloud Shell pane. + +#### Task 2: Configure local and global virtual network peering + +In this task, you will configure local and global peering between the virtual networks you deployed in the previous tasks. + +1. In the Azure portal, search for and select **Virtual networks**. + +1. Review the virtual networks you created in the previous task and verify that the first two are located in the same Azure region and the third one in a different Azure region. + + >**Note**: The template you used for deployment of the three virtual networks ensures that the IP address ranges of the three virtual networks do not overlap. + +1. In the list of virtual networks, click **az104-05-vnet0**. + +1. On the **az104-05-vnet0** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**. + +1. Add a peering with the following settings (leave others with their default values): + + | Setting | Value| + | --- | --- | + | Name of the peering from az104-05-vnet0 to remote virtual network | **az104-05-vnet0_to_az104-05-vnet1** | + | Virtual network deployment model | **Resource manager** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-05-vnet1 (az104-05-rg1)** | + | Name of the peering from az104-05-vnet1 to az104-05-vnet0 | **az104-05-vnet1_to_az104-05-vnet0** | + | Allow virtual network access from az104-05-vnet0 to az104-05-vnet1 | **Enabled** | + | Allow virtual network access from az104-05-vnet1 to az104-05-vnet0 | **Enabled** | + | Allow forwarded traffic from az104-05-vnet1 to az104-05-vnet0 | **Disabled** | + | Allow forwarded traffic from az104-05-vnet0 to az104-05-vnet1 | **Disabled** | + | Allow gateway transit | **Disabled** | + + >**Note**: This step establishes two local peerings - one from az104-05-vnet0 to az104-05-vnet1 and the other from az104-05-vnet1 to az104-05-vnet0. + +1. On the **az104-05-vnet0** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**. + +1. Add a peering with the following settings (leave others with their default values): + + | Setting | Value| + | --- | --- | + | Name of the peering from az104-05-vnet0 to remote virtual network | **az104-05-vnet0_to_az104-05-vnet2** | + | Virtual network deployment model | **Resource manager** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-05-vnet2 (az104-05-rg2)** | + | Name of the peering from az104-05-vnet2 to az104-05-vnet0 | **az104-05-vnet2_to_az104-05-vnet0** | + | Allow virtual network access from az104-05-vnet0 to az104-05-vnet2 | **Enabled** | + | Allow virtual network access from az104-05-vnet2 to az104-05-vnet0 | **Enabled** | + | Allow forwarded traffic from az104-05-vnet2 to az104-05-vnet0 | **Disabled** | + | Allow forwarded traffic from az104-05-vnet0 to az104-05-vnet2 | **Disabled** | + | Allow gateway transit | **Disabled** | + + >**Note**: This step establishes two global peerings - one from az104-05-vnet0 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet0. + +1. Navigate back to the **Virtual networks** blade and, in the list of virtual networks, click **az104-05-vnet1**. + +1. On the **az104-05-vnet1** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**. + +1. Add a peering with the following settings (leave others with their default values): + + | Setting | Value| + | --- | --- | + | Name of the peering from az104-05-vnet1 to remote virtual network | **az104-05-vnet1_to_az104-05-vnet2** | + | Virtual network deployment model | **Resource manager** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-05-vnet2 (az104-05-rg2)** | + | Name of the peering from az104-05-vnet2 to az104-05-vnet1 | **az104-05-vnet2_to_az104-05-vnet1** | + | Allow virtual network access from az104-05-vnet1 to az104-05-vnet2 | **Enabled** | + | Allow virtual network access from az104-05-vnet2 to az104-05-vnet1 | **Enabled** | + | Allow forwarded traffic from az104-05-vnet2 to az104-05-vnet1 | **Disabled** | + | Allow forwarded traffic from az104-05-vnet1 to az104-05-vnet2 | **Disabled** | + | Allow gateway transit | **Disabled** | + + >**Note**: This step establishes two global peerings - one from az104-05-vnet1 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet1. + +#### Task 3: Test intersite connectivity + +In this task, you will test connectivity between virtual machines on the three virtual networks that you connected via local and global peering in the previous task. + +1. In the Azure portal, search for and select **Virtual machines**. + +1. In the list of virtual machines, click **az104-05-vm0**. + +1. On the **az104-05-vm0** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software. + + >**Note**: In this case, you can ignore any warning prompts when connecting to the target virtual machines. + +1. When prompted, sign in by using the **Student** username and **Pa55w.rd1234** password. + +1. Within the Remote Desktop session to **az104-05-vm0**, right-click the **Start** button and, in the right-click menu, click **Windows PowerShell (Admin)**. + +1. In the Windows PowerShell console window, run the following to test connectivity to **az104-05-vm1** (which has the private IP address of **10.51.0.4**) over TCP port 3389: + + ```pwsh + Test-NetConnection -ComputerName 10.51.0.4 -Port 3389 -InformationLevel 'Detailed' + ``` + >**Note**: The test uses TCP 3389 since this is this port is allowed by default by operating system firewall. + +1. Examine the output of the command and verify that the connection was successful. + +1. In the Windows PowerShell console window, run the following to test connectivity to **az104-05-vm2** (which has the private IP address of **10.52.0.4**): + + ```pwsh + Test-NetConnection -ComputerName 10.51.0.4 -Port 3389 -InformationLevel 'Detailed' + ``` +1. Switch back to the Azure portal on your lab computer and navigate back to the **Virtual machines** blade. + +1. In the list of virtual machines, click **az104-05-vm1**. + +1. On the **az104-05-vm1** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software. + + >**Note**: In this case, you can ignore any warning prompts when connecting to the target virtual machines. + +1. When prompted, sign in by using the **Student** username and **Pa55w.rd1234** password. + +1. Within the Remote Desktop session to **az104-05-vm1**, right-click the **Start** button and, in the right-click menu, click **Windows PowerShell (Admin)**. + +1. In the Windows PowerShell console window, run the following to test connectivity to **az104-05-vm2** (which has the private IP address of **10.52.0.4**) over TCP port 3389: + + ```pwsh + Test-NetConnection -ComputerName 10.52.0.4 -Port 3389 -InformationLevel 'Detailed' + ``` + >**Note**: The test uses TCP 3389 since this is this port is allowed by default by operating system firewall. + +1. Examine the output of the command and verify that the connection was successful. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-05*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-05*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Provisioned the lab environment +- Configured local and global virtual network peering +- Tested intersite connectivity \ No newline at end of file diff --git a/Instructions/Labs/LAB_06-Implement_Network_Traffic_Management.md b/Instructions/Labs/LAB_06-Implement_Network_Traffic_Management.md new file mode 100644 index 00000000..2fb0d4fd --- /dev/null +++ b/Instructions/Labs/LAB_06-Implement_Network_Traffic_Management.md @@ -0,0 +1,582 @@ +--- +lab: + title: '06 - Implement Traffic Management' + module: 'Module 06 - Network Traffic Management' +--- + +# Lab 06 - Implement Traffic Management +# Student lab manual + +## Lab scenario + +You were tasked with testing managing network traffic targeting Azure virtual machines in the hub and spoke network topology, which Contoso considers implementing in its Azure environment (instead of creating the mesh topology, which you tested in the previous lab). This testing needs to include implementing connectivity between spokes by relying on user defined routes that force traffic to flow via the hub, as well as traffic distribution across virtual machines by using layer 4 and layer 7 load balancers. For this purpose, you intend to use Azure Load Balancer (layer 4) and Azure Application Gateway (layer 7). + +## Objectives + +In this lab, you will: + ++ Task 1: Provision the lab environment ++ Task 2: Configure the hub and spoke network topology ++ Task 3: Test transitivity of virtual network peering ++ Task 4: Configure routing in the hub and spoke topology ++ Task 5: Implement Azure Load Balancer ++ Task 6: Implement Azure Application Gateway + +## Instructions + +### Exercise 1 + +#### Task 1: Provision the lab environment + +In this task, you will deploy four virtual machines into the same Azure region. The first two will reside in a hub virtual network, while each of the remaining to will reside in a separate spoke virtual network. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Module_06\\az104-06-vms-template.json**, **\\Allfiles\\Labs\\06\\az104-06-vm-template.json**, and **\\Allfiles\\Labs\\06\\az104-06-vm-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the first resource group that will be hosting the first virtual network and the pair of virtual machines (replace the `[Azure_region]` placeholder with the name of an Azure region where you intend to deploy Azure virtual machines): + + ```pwsh + $location = '[Azure_region]' + + $rgName = 'az104-06-rg01' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the first virtual network and deploy a pair of virtual machines into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-06-vms-template.json ` + -TemplateParameterFile $HOME/az104-06-vm-parameters.json ` + -AsJob + ``` + +1. From the Cloud Shell pane, run the following to create the second resource group that will be hosting the second virtual network and the third virtual machine + + ```pwsh + $rgName = 'az104-06-rg2' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the second virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-06-vm-template.json ` + -TemplateParameterFile $HOME/az104-06-vm-parameters.json ` + -nameSuffix 2 ` + -AsJob + ``` +1. From the Cloud Shell pane, run the following to create the third resource group that will be hosting the third virtual network and the fourth virtual machine: + + ```pwsh + $rgName = 'az104-06-rg3' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the third virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-06-vm-template.json ` + -TemplateParameterFile $HOME/az104-06-vm-parameters.json ` + -nameSuffix 3 ` + -AsJob + ``` + >**Note**: Wait for the deployments to complete before proceeding to the next task. This should take about 2 minutes. + + >**Note**: To verify the status of the deployments, you can examine the the properties of the resource groups you created in this task. + +1. Close the Cloud Shell pane. + +#### Task 2: Configure the hub and spoke network topology + +In this task, you will configure local peering between the virtual networks you deployed in the previous tasks in order to create a hub and spoke network topology. + +1. In the Azure portal, search for and select **Virtual networks**. + +1. Review the virtual networks you created in the previous task. + + >**Note**: The template you used for deployment of the three virtual networks ensures that the IP address ranges of the three virtual networks do not overlap. + +1. In the list of virtual networks, click **az104-06-vnet01**. + +1. On the **az104-06-vnet01** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**. + +1. Add a peering with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name of the peering from az104-06-vnet01 to remote virtual network | **az104-06-vnet01_to_az104-06-vnet2** | + | Virtual network deployment model | **Resource manager** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-06-vnet2 (az104-06-rg2)** | + | Name of the peering from az104-06-vnet2 to az104-06-vnet01 | **az104-06-vnet2_to_az104-06-vnet01** | + | Allow virtual network access from az104-06-vnet01 to az104-06-vnet2 | **Enabled** | + | Allow virtual network access from az104-06-vnet2 to az104-06-vnet01 | **Enabled** | + | Allow forwarded traffic from az104-06-vnet2 to az104-06-vnet01 | **Enabled** | + | Allow forwarded traffic from az104-06-vnet01 to az104-06-vnet2 | **Enabled** | + | Allow gateway transit | **Disabled** | + + >**Note**: Wait for the operation to complete. + + >**Note**: This step establishes two local peerings - one from az104-06-vnet01 to az104-06-vnet2 and the other from az104-06-vnet2 to az104-06-vnet01. + + >**Note**: **Allow forwarded traffic** needs to be enabled in order to facilitate routing between spoke virtual networks, which you will implement later in this lab. + +1. On the **az104-06-vnet01** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**. + +1. Add a peering with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name of the peering from az104-06-vnet01 to remote virtual network | **az104-06-vnet01_to_az104-06-vnet3** | + | Virtual network deployment model | **Resource manager** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Virtual network | **az104-06-vnet3 (az104-06-rg2)** | + | Name of the peering from az104-06-vnet3 to az104-06-vnet01 | **az104-06-vnet3_to_az104-06-vnet01** | + | Allow virtual network access from az104-06-vnet01 to az104-06-vnet3 | **Enabled** | + | Allow virtual network access from az104-06-vnet3 to az104-06-vnet01 | **Enabled** | + | Allow forwarded traffic from az104-06-vnet3 to az104-06-vnet01 | **Enabled** | + | Allow forwarded traffic from az104-06-vnet01 to az104-06-vnet3 | **Enabled** | + | Allow gateway transit | **Disabled** | + + >**Note**: This step establishes two local peerings - one from az104-06-vnet01 to az104-06-vnet3 and the other from az104-06-vnet3 to az104-06-vnet01. This completes setting up the hub and spoke topology (with two spoke virtual networks). + + >**Note**: **Allow forwarded traffic** needs to be enabled in order to facilitate routing between spoke virtual networks, which you will implement later in this lab. + +#### Task 3: Test transitivity of virtual network peering + +In this task, you will test transitivity of virtual network peering by using Network Watcher. + +1. In the Azure portal, search for and select **Network Watcher**. + +1. On the **Network Watcher** blade, expand the listing of Azure regions and verify that the service is enabled in the Azure into which you deployed resources in the first task of this lab. + +1. On the **Network Watcher** blade, navigate to the **Connection troubleshoot**. + +1. On the **Network Watcher - Connection troubleshoot** blade, initiate a check with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg01** | + | Source type | **Virtual machine** | + | Virtual machine | **az104-06-vm0** | + | Destination | **Specify manually** | + | URI, FQDN or IPv4 | **10.62.0.4** | + | Protocol | **TCP** | + | Destination Port | **3389** | + + > **Note**: **10.62.0.4** represents the private IP address of **az104-06-vm2** + +1. Click **Check** and wait until results of the connectivity check are returned. Verify that the status is **Reachable**. Review the network path and note that the connection was direct, with no intermediate hops in between the VMs. + + > **Note**: This is expected, since the hub virtual network is peered directly with the first spoke virtual network. + + > **Note**: The initial check can take about 2 minutes because it requires installation of the Network Watcher Agent virtual machine extension on **az104-06-vm0**. + +1. On the **Network Watcher - Connection troubleshoot** blade, initiate a check with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg01** | + | Source type | **Virtual machine** | + | Virtual machine | **az104-06-vm0** | + | Destination | **Specify manually** | + | URI, FQDN or IPv4 | **10.63.0.4** | + | Protocol | **TCP** | + | Destination Port | **3389** | + + > **Note**: **10.63.0.4** represents the private IP address of **az104-06-vm3** + +1. Click **Check** and wait until results of the connectivity check are returned. Verify that the status is **Reachable**. Review the network path and note that the connection was direct, with no intermediate hops in between the VMs. + + > **Note**: This is expected, since the hub virtual network is peered directly with the second spoke virtual network. + +1. On the **Network Watcher - Connection troubleshoot** blade, initiate a check with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg2** | + | Source type | **Virtual machine** | + | Virtual machine | **az104-06-vm2** | + | Destination | **Specify manually** | + | URI, FQDN or IPv4 | **10.63.0.4** | + | Protocol | **TCP** | + | Destination Port | **3389** | + +1. Click **Check** and wait until results of the connectivity check are returned. Note that the status is **Unreachable**. + + > **Note**: This is expected, since the two spoke virtual networks are not peered with each other (virtual network peering is not transitive). + +#### Task 4: Configure routing in the hub and spoke topology + +In this task, you will configure and test routing between the two spoke virtual networks by enabling IP forwarding on the network interface of the **az104-06-vm0** virtual machine, enabling routing within its operating system, and configuring user-defined routes on the spoke virtual network. + +1. In the Azure portal, search and select **Virtual machines**. + +1. On the **Virtual machines** blade, in the list of virtual machines, click **az104-06-vm0**. + +1. On the **az104-06-vm0** virtual machine blade, in the **Settings** section, click **Networking**. + +1. Click the **az104-06-nic0** link next to the **Network interface** label, and then, on the **az104-06-nic0** network interface blade, in the **Settings** section, in the **Settings** section, click **IP configurations**. + +1. Set **IP forwarding** to **Enabled** and save the change. + + > **Note**: This setting is required in order for **az104-06-vm0** to function as a router, which will route traffic between two spoke virtual networks. + + > **Note**: Now you need to configure operating system of the **az104-06-vm0** virtual machine to support routing. + +1. In the Azure portal, navigate back to the **az104-06-vm0** Azure virtual machine blade and click **Overview**. + +1. On the **az104-06-vm0** blade, in the **Operations** section, click **Run command**, and, in the list of commands, click **RunPowerShellScript**. + +1. On the **Run Command Script** blade, type the following and click **Run** to install the Remote Access Windows Server role. + + ```pwsh + Install-WindowsFeature RemoteAccess -IncludeManagementTools + ``` + + > **Note**: Wait for the confirmation that the command completed successfully. + +1. On the **Run Command Script** blade, type the following and click **Run** to install the Routing role service. + + ```pwsh + Install-WindowsFeature -Name Routing -IncludeManagementTools -IncludeAllSubFeature + + Install-WindowsFeature -Name "RSAT-RemoteAccess-Powershell" + + Install-RemoteAccess -VpnType RoutingOnly + + Get-NetAdapter | Set-NetIPInterface -Forwarding Enabled + ``` + + > **Note**: Wait for the confirmation that the command completed successfully. + + > **Note**: Now you need to create and configure user defined routes on the spoke virtual networks. + +1. In the Azure portal, search and select **Route tables** and, on the **Route tables** blade, click **+ Add**. + +1. Create a route table with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-rt23** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg2** | + | Location | the name of the Azure region in which you created the virtual networks | + | Virtual network gateway route propagation | **Disabled** | + + > **Note**: Wait for the route table to be created. This should take about 3 minutes. + +1. Back on the **Route tables** blade, click **Refresh** and then click **az104-06-rt23**. + +1. On the **az104-06-rt23** route table blade, click **Routes** and then click **+ Add**. + +1. Add a new route with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Route name | **az104-06-route-vnet2-to-vnet3** | + | Address prefix | **10.63.0.0/20** | + | Next hop type | **Virtual appliance** | + | Next hop address | **10.60.0.4** | + +1. Back on the **az104-06-rt23** route table blade, click **Subnets** and then click **+ Associate**. + +1. Associate the route table **az104-06-rt23** with the following subnet: + + | Setting | Value | + | --- | --- | + | Virtual network | **az104-06-vnet2** | + | Subnet | **subnet0** | + +1. Navigate back to **Route tables** blade and click **+ Add**. + +1. Create a route table with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-rt32** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg3** | + | Location | the name of the Azure region in which you created the virtual networks | + | Virtual network gateway route propagation | **Disabled** | + + > **Note**: Wait for the route table to be created. This should take about 3 minutes. + +1. Back on the **Route tables** blade, click **Refresh** and then click **az104-06-rt32**. + +1. On the **az104-06-rt32** route table blade, click **Routes** and then click **+ Add**. + +1. Add a new route with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Route name | **az104-06-route-vnet3-to-vnet2** | + | Address prefix | **10.62.0.0/20** | + | Next hop type | **Virtual appliance** | + | Next hop address | **10.60.0.4** | + +1. Back on the **az104-06-rt32** route table blade, click **Subnets** and then click **+ Associate**. + +1. Associate the route table **az104-06-rt32** with the following subnet: + + | Setting | Value | + | --- | --- | + | Virtual network | **az104-06-vnet3** | + | Subnet | **subnet0** | + +1. In the Azure portal, navigate back to the **Network Watcher - Connection troubleshoot** blade. + +1. On the **Network Watcher - Connection troubleshoot** blade, initiate a check with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-06-rg2** | + | Source type | **Virtual machine** | + | Virtual machine | **az104-06-vm2** | + | Destination | **Specify manually** | + | URI, FQDN or IPv4 | **10.63.0.4** | + | Protocol | **TCP** | + | Destination Port | **3389** | + +1. Click **Check** and wait until results of the connectivity check are returned. Verify that the status is **Reachable**. Review the network path and note that the traffic was routed via **10.60.0.4**, assigned to the **az104-06-nic0** network adapter. + + > **Note**: This is expected, since the traffic between spoke virtual networks is now routed via the virtual machine located in the hub virtual network, which functions as a router. + +#### Task 5: Implement Azure Load Balancer + +In this task, you will implement an Azure Load Balancer in front of the two Azure virtual machines in the hub virtual network + +1. In the Azure portal, search and select **Load balancers** and, on the **Load balancers** blade, click **+ Add**. + +1. Create a load balancer with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-06-rg4** | + | Name | **az104-06-lb4** | + | Region| name of the Azure region into which you deployed all other resources in this lab | + | Type | **Public** | + | SKU | **Standard** | + | Public IP address | **Create new** | + | Public IP address name | **az104-06-pip4** | + | Availability zone | **Zone-redundant** | + | Add a public IPv6 address | **No** | + + > **Note**: Wait for the Azure load balancer to be provisioned. This should take about 2 minutes. + +1. On the deployment blade, click **Go to resource**. + +1. On the **az104-06-lb4** load balancer blade, click **Backend pools** and click **+ Add**. + +1. Add a backend pool with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-lb4-be1** | + | Virtual network | **az104-06-vnet01** | + | IP version | **IPv4** | + | Virtual machine | **az104-06-vm0** | + | Virtual machine IP address | **ipconfig1 (10.60.0.4)** | + | Virtual machine | **az104-06-vm1** | + | Virtual machine IP address | **ipconfig1 (10.60.1.4)** | + +1. Wait for the backend pool to be creted, click **Health probes**, and then click **+ Add**. + +1. Add a health probe with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-lb4-hp1** | + | Protocol | **TCP** | + | Port | **80** | + | Interval | **5** | + | Unhealthy threshold | **2** | + +1. Wait for the health probe to be created, click **Load balancing rules**, and then click **+ Add**. + +1. Add a load balancing rule with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-lb4-lbrule1** | + | IP Version | **IPv4** | + | Protocol | **TCP** | + | Port | **80** | + | Backend port | **80** | + | Backend pool | **az104-06-lb4-be1** | + | Health probe | **az104-06-lb4-hp1** | + | Session persistence | **None** | + | Idle timeout (minutes) | **4** | + | TCP reset | **Disabled** | + | Floating IP (direct server return) | **Disabled** | + | Create implicit outbound rules | **Yes** | + +1. Wait for the load balancing rule to be created, click **Overview**, and note the value of the **Public IP address**. + +1. Start another browser window and navigate to the IP address you identified in the previous step. + +1. Verify that the browser window displays the message **Hello World from az104-06-vm0** or **Hello World from az104-06-vm1**. + +1. Open another browser window but this time by using InPrivate mode and verify whether the target vm changes (as indicated by the message). + + > **Note**: You might need to refresh the browser window or open it again by using InPrivate mode. + +#### Task 6: Implement Azure Application Gateway + +In this task, you will implement an Azure Application Gateway in front of the two Azure virtual machines in the spoke virtual networks. + +1. In the Azure portal, search and select **Virtual networks**. + +1. On the **Virtual networks** blade, in the list of virtual networks, click **az104-06-vnet01**. + +1. On the **az104-06-vnet01** virtual network blade, in the **Settings** section, click **Subnets**, and then click **+ Add**. + +1. Add a subnet with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **subnet-appgw** | + | Address range (CIDR block) | **10.60.3.224/27** | + | Network security group | **None** | + | Route table | **None** | + + > **Note**: This subnet will be used by the Azure Application Gateway instances, which you will deploy later in this task. The Application Gateway requires a dedicated subnet of /27 or larger size. + +1. In the Azure portal, search and select **Application Gateways** and, on the **Application Gateways** blade, click **+ Add**. + +1. On the **Basics** tab of the **Create an application gateway** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-06-rg5** | + | Application gateway name | **az104-06-appgw5** | + | Region | name of the Azure region into which you deployed all other resources in this lab | + | Tier | **Standard V2** | + | Enable autoscaling | **No** | + | Instances | **1** | + | Availability zone | **1, 2, 3** | + | HTTP/2 | **Disabled** | + | Virtual network | **az104-06-vnet01** | + | Subnet | **subnet-appgw** | + +1. Click **Next: Frontends >** and, on the **Frontends** tab of the **Create an application gateway** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Frontend IP address type | **Public** | + | Public IP address| the name of a new public ip address **az104-06-pip5** | + +1. Click **Next: Backends >**, on the **Backends** tab of the **Create an application gateway** blade, click **+ Add a backend pool**, and, on the **Add a backend pool** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-06-appgw5-be1** | + | Add backend pool without targets | **No** | + | Target type | **IP address or hostname** | + | Target | **10.62.0.4** | + | Target type | **IP address or hostname** | + | Target | **10.63.0.4** | + + > **Note**: The targets represent the private IP addresses of virtual machines in the spoke virtual networks **az104-06-vm2** and **az104-06-vm3**. + +1. Click **Add**, click **Next: Configuration >** and, on the **Configuration** tab of the **Create an application gateway** blade, click **+ Add a rule**. + +1. On the **Add a routing rule** blade, on the **Listener** tab, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Rule name | **az104-06-appgw5-rl1** | + | Listener name | **az104-06-appgw5-rl1l1** | + | Frontend IP | **Public** | + | Protocol | **HTTP** | + | Port | **80** | + | Listener type | **Basic** | + | Error page url | **No** | + +1. Switch to the **Backend targets** tab of the **Add a routing rule** blade and specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Target type | **Backend pool** | + | Backend target | **az104-06-appgw5-be1** | + +1. On the **Backend targets** tab of the **Add a routing rule** blade, click click **Create new** next to the **HTTP setting** text box, and, on the **Add an HTTP setting** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | HTTP setting name | **az104-06-appgw5-http1** | + | Backend protocol | **HTTP** | + | Backend port | **80** | + | Cookie-based affinity | **Disable** | + | Connection draining | **Disable** | + | Request time-out (seconds) | **20** + +1. Click **Add** on the **Add an HTTP setting** blade, and back on the **Add a routing rule** blade, clik **Add**. + +1. Click **Next: Tags >**, followed by **Next: Review + create >** and then click **Create**. + + > **Note**: Wait for the Application Gateway instance to be created. This might take about 8 minutes. + +1. In the Azure portal, search and select **Application Gateways** and, on the **Application Gateways** blade, click **az104-06-rg5**. + +1. On the **az104-06-rg5** Application Gateway blade, note the value of the **Frontend public IP address**. + +1. Start another browser window and navigate to the IP address you identified in the previous step. + +1. Verify that the browser window displays the message **Hello World from az104-06-vm2** or **Hello World from az104-06-vm3**. + +1. Open another browser window but this time by using InPrivate mode and verify whether the target vm changes (based on the message displayed on the web page). + + > **Note**: You might need to refresh the browser window or open it again by using InPrivate mode. + + > **Note**: Targeting virtual machines on multiple virtual networks is not a common configuration, but it is meant to illustrate the point that Application Gateway is capable of targeting virtual machiens on multiple virtual networks (as well as endpoints in other Azure regions or even outside of Azure), unlike Azure Load Balancer, which load balances across virtual machines in the same virtual network. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-06*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-06*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Provisioned the lab environment +- Configured the hub and spoke network topology +- Tested transitivity of virtual network peering ++ Task 4: Configure routing in the hub and spoke topology ++ Task 5: Implement Azure Load Balancer ++ Task 6: Implement Azure Application Gateway \ No newline at end of file diff --git a/Instructions/Labs/LAB_07-Manage_Azure_Storage.md b/Instructions/Labs/LAB_07-Manage_Azure_Storage.md new file mode 100644 index 00000000..a266f9d3 --- /dev/null +++ b/Instructions/Labs/LAB_07-Manage_Azure_Storage.md @@ -0,0 +1,327 @@ +--- +lab: + title: '07 - Manage Azure storage' + module: 'Module 07 - Azure Storage' +--- + +# Lab 07 - Manage Azure Storage +# Student lab manual + +## Lab scenario + +You need to evaluate the use of Azure storage for storing files residing currently in on-premises data stores. While majority of these files are not accessed frequently, there are some exceptions. You would like to minimize cost of storage by placing less frequently accessed files in lower-priced storage tiers. You also plan to explore different protection mechanisms that Azure Storage offers, including network access, authentication, authorization, and replication. Finally, you want to determine to what extent Azure Files service might be suitable for hosting your on-premises file shares. + +## Objectives + +In this lab, you will: + ++ Task 1: Provision the lab environment ++ Task 2: Create and configure Azure Storage accounts ++ Task 3: Manage blob storage ++ Task 4: Manage authentication and authorization for Azure Storage ++ Task 5: Create and configure an Azure Files shares ++ Task 6: Manage network access for Azure Storage + +## Instructions + +### Exercise 1 + +#### Task 1: Provision the lab environment + +In this task, you will deploy an Azure virtual machine that you will use later in this lab. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Module_07\\az104-07-vm-template.json** and **\\Allfiles\\Module_07\\az104-07-vm-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the resource group that will be hosting the virtual machine (replace the `[Azure_region]` placeholder with the name of an Azure region where you intend to deploy the Azure virtual machine): + + ```pwsh + $location = '[Azure_region]' + + $rgName = 'az104-07-rg0' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to deploy thef virtual machine by using the uploaded template and parameter files: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-07-vm-template.json ` + -TemplateParameterFile $HOME/az104-07-vm-parameters.json ` + -AsJob + ``` + + >**Note**: Do not wait for the deployments to complete, but proceed to the next task. + +1. Close the Cloud Shell pane. + +#### Task 2: Create and configure Azure Storage accounts + +In this task, you will create and configure an Azure Storage account. + +1. In the Azure portal, search for and select **Storage accounts**, and then click **+ Add**. + +1. On the **Basics** tab of the **Create storage account** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-07-rg1** | + | Storage account name | any globally unique name between 3 and 24 in length consisting of letters and digits | + | Location | the name of an Azure region where you can create an Azure Storage account | + | Performance | **Standard** | + | Account kind | **Storage (general purpose v1)** | + | Replication | **Read-access geo-redundant storage (RA-GRS)** | + +1. Click **Next: Networking >**, on the **Networking** tab of the **Create storage account** blade, review the available options, accept the default option **Public endpoint (all networks}** and click **Next: Advanced >**. + +1. On the **Advanced** tab of the **Create storage account** blade, review the available options, accept the defaults, click **Review + Create**, wait for the validation process to complete and click **Create**. + + >**Note**: Wait for the Storage account to be created. This should take about 2 minutes. + +1. On the deployment blade, click **Go to resource** to display the Azure Storage account blade. + +1. On the Azure Storage account blade, in the **Settings** section, click **Configuration**. + +1. Click **Upgrade** to change the Storage account kind from **Storage (general purpose v1)** to **StorageV2 (general purpose v2)**. + +1. On the **Upgrade storage account** blade, review the warning stating that the upgrade is permanent and will result in billing charges, in the **Confirm upgrade** text box, type the name of the storage account, and click **Upgrade**. + + > **Note**: You have the option to set the account kind to **StorageV2 (general purpose v2)** at the provisioning time. The previous two steps were meant to illustrate that you also have the option to upgrade existing general purpose v1 accounts. + + > **Note**: **StorageV2 (general purpose v2)** offers a number of features, such as, for example, access tiering, not available in with general purpose v1 accounts. + + > **Note**: Review the other configuration options, including **Access tier (default)**, currently set to **Hot**, which you can change, the **Performance**, currently set to **Standard**, which can be set only during account provisioning, and the **Identity-based Directory Service for Azure File Authentication**, which requires Azure Active Directory Domain Services. + +1. On the Storage account blade, in the **Settings** section, click **Geo-replication** and note the secondary location. Click the **View all** link under the **Storage endpoints** label and review the **Storage account endpoints** blade. + + > **Note**: As expected, the **Storage account endpoints** blade contains both primary and secondary endpoints. + +1. Switch to the Configuration blade of the Storage account and, in the **Replication** drop-down list, select **Geo-redundant storage (GRS)** and save the change. + +1. Switch back to the **Geo-replication** blade and note that the secondary location is still specified. Click the **View all** link under the **Storage endpoints** label and review the **Storage account endpoints** blade. + + > **Note**: As expected, the **Storage account endpoints** blade contains only primary endpoints. + +1. Display again the **Configuration** blade of the Storage account, in the **Replication** drop-down list select **Locally redundant storage (LRS)** and save the change. + +1. Switch back to the **Geo-replication** blade and note that, at this point, the Storage account has only the primary location. + +1. Display again the **Configuration** blade of the Storage account and set **Access tier (default)** to **Cool**. + + > **Note**: The cool access tier is optimal for data which is not accessed frequently. + +#### Task 3: Manage blob storage + +In this task, you will create a blob container and upload a blob into it. + +1. On the Storage account blade, in the **Blob service** section, click **Containers**. + +1. Click **+ Container** and create a container with the following settings: + + | Setting | Value | + | --- | --- | + | Name | **az104-07-container** | + | Public access level | **Private (no anonymous access)** | + +1. In the list of containers, click **az104-07-container** and then click **Upload**. + +1. Browse to **\\Allfiles\\Module_07\\LICENSE** on your lab computer, and click **Open**. + +1. On the **Upload blob** blade, expand the **Advanced** section and specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Authentication type | **Account key** | + | Blob type | **Block blob** | + | Block size | **4 MB** | + | Access tier | **Hot** | + | Upload to folder | **licenses** | + + > **Note**: Access tier can be set for individual blobs. + +1. Click **Upload**. + + > **Note**: Note that the upload automatically created a subfolder named **licenses**. + +1. Back on the **az104-07-container** blade, click **licenses** and then click **LICENSE**. + +1. On the **licenses/LICENSE** blade, review the available options. + + > **Note**: You have the option to download the blob, change its access tier (it is currently set to **Cool**), acquire a lease, which would change its lease status to **Locked** (it is currently set to **Unlocked**) and protect the blob from being modified or deleted, as well as assign custom metadata (by specifying an arbitrary key and value pairs). You also have the ability to **Edit** the file directly within the Azure portal interface, without downloading it first. You can also create snapshots, as well as generate a SAS token (you will explore this option in the next task). + +# Task 4: Manage authentication and authorization for Azure Storage + +In this task, you will configure authentication and authorization for Azure Storage. + +1. On the **licenses/LICENSE** blade, on the **Overview** tab, click **Copy to clipboard** button next to the **URL** entry. + +1. Open another browser window by using InPrivate mode and navigate to the URL you copied in the previous step. + +1. You should be presented with an XML-formatted mesage stating **ResourceNotFound**. + + > **Note**: This is expected, since the container you crated has the public access level set to **Private (no anonymous access)**. + +1. Close the InPrivate mode browser window, return to the browser window showing the **licenses/LICENSE** blade of the Azure Storage container, and switch to the the **Generate SAS** tab. + +1. On the **Generate SAS** tab of the **licenses/LICENSE** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Permissions | **Read** | + | Start date | yesterday's date | + | Start time | current time | + | Expiry date | tomorrow's date | + | Expiry time | current time | + | Allowed IP addresses | leave blank | + | Allowed protocols | **HTTP** | + | Signing key | **Key 1** | + +1. Click **Generate SAS token and URL**. + +1. Click **Copy to clipboard** button next to the **Blob SAS URL** entry. + +1. Open another browser window by using InPrivate mode and navigate to the URL you copied in the previous step. + +1. You should be presented with the content of **The MIT License (MIT)** page. + + > **Note**: This is expected, since now your access is authorized based on the newly generated the SAS token. + + > **Note**: Save the blob SAS URL. You will need it later in this lab. + +1. Close the InPrivate mode browser window, return to the browser window showing the **licenses/LICENSE** blade of the Azure Storage container, and from there, navigate back to the **az104-07-container** blade. + +1. Click the **Switch to the Azure AD User Account** link next to the **Authentication method** label. + + > **Note**: At this point, you no longer have access to the container. + +1. On the **az104-07-container** blade, click **Access Control (IAM)**. + +1. In the **Add a role assignment** section, click **Add**. + +1. On the **Add role administrator** blade, specify the following settings: + + | Setting | Value | + | --- | --- | + | Role | **Storage Blob Data Owner** | + | Assign access to | **Azure AD user, group, or service principal** | + | Select | the name of your user account | + +1. Save the change and return to the **Overview** blade of the **az104-07-container** container and verify that you can access to container again. + +#### Task 5: Create and configure an Azure Files shares + +In this task, you will create and configure Azure Files shares. + + > **Note**: Before you start this task, verify that the virtual machine you provisioned in the first task of this lab is running. + +1. In the Azure portal, navigate back to the blade of the storage account you created in the first task of this lab and, in the **File service** section, click **File shares**. + +1. Click **+ File share** and create a file share with the following settings: + + | Setting | Value | + | --- | --- | + | Name | **az104-07-share** | + | Quota | **1024** | + +1. Click the newly created file share and click **Connect**. + +1. On the **Connect** blade, ensure that the **Windows** tab is selected, and click **Copy to clipboard**. + +1. In the Azure portal, search for and select **Virtual machines**, and, in the list of virtual machines, click **az104-07-vm0**. + +1. On the **az104-07-vm0** blade, in the **Operations** section, click **Run command**. + +1. On the **az104-07-vm0 - Run command** blade, click **RunPowerShellScript**. + +1. On the **Run Command Script** blade, paste the script you copied earlier in this task into the **PowerShell Script** pane and click **Run**. + +1. Verify that the script completed successfully. + +1. Replace the content of the **PowerShell Script** pane with the following script and click **Run**: + + ```pwsh + New-Item -Type Directory -Path 'Z:\az104-07-folder' + + New-Item -Type File -Path 'Z:\az104-07-folder\az-104-07-file.txt' + ``` + +1. Verify that the script completed successfully. + +1. Navigate back to the **az104-07-share** file share blade, click **Refresh**, and verify that **az104-07-folder** appears in the list of folders. + +1. Click **az104-07-folder** and verify that **az104-07-file.txt** appears in the list of files. + +#### Task 6: Manage network access for Azure Storage + +In this task, you will configure network access for Azure Storage. + +1. In the Azure portal, navigate back to the blade of the storage account you created in the first task of this lab and, in the **Settings** section, click **Firewalls and virtual networks**. + +1. Click the **Selected networks** option and review the configuration settings that become available once this option is enabled. + + > **Note**: You can use these settings to configure direct connectivity between Azure virtual machines on designated subnets of virtual networks and the storage account by using service endpoints. + +1. Click the checkbox **Add your client IP address** and save the change. + +1. Open another browser window by using InPrivate mode and navigate to the blob SAS URL you generated in the previous task. + +1. You should be presented with the content of **The MIT License (MIT)** page. + + > **Note**: This is expected, since you are connecting from your client IP address. + +1. Close the InPrivate mode browser window, return to the browser window showing the **licenses/LICENSE** blade of the Azure Storage container, and open Azure Cloud Shell pane. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + +1. From the Cloud Shell pane, run the following to attempt downloading of the LICENSE blob from the **az104-07-container** container of the storage account (replace the `[blob SAS URL]` placeholder with the blob SAS URL you generated in the previous task): + + ```pwsh + Invoke-WebRequest -URI '[blob SAS URL]' + ``` +1. Verify that the download attempt failed. + + > **Note**: You should receive the message stating **AuthorizationFailure: This request is not authorized to perform this operation**. This is expected, since you are connecting from the IP address assigned to an Azure VM hosting the Cloud Shell instance. + +1. Close the Cloud Shell pane. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-07*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-07*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Provisioned the lab environment +- Created and configured Azure Storage accounts +- Managed blob storage +- Managed authentication and authorization for Azure Storage +- Created and configured an Azure Files shares +- Managed network access for Azure Storage \ No newline at end of file diff --git a/Instructions/Labs/LAB_08-Manage_Virtual_Machines.md b/Instructions/Labs/LAB_08-Manage_Virtual_Machines.md new file mode 100644 index 00000000..1ea3c606 --- /dev/null +++ b/Instructions/Labs/LAB_08-Manage_Virtual_Machines.md @@ -0,0 +1,536 @@ +--- +lab: + title: '08 - Manage Virtual Machines' + module: 'Module 08 - Virtual Machines' +--- + +# Lab 08 - Manage Virtual Machines +# Student lab manual + +## Lab scenario + +You were tasked with identifying different options for deploying and configuring Azure virtual machines. First, you need to determine different compute and storage resiliency and scalability options you can implement when using Azure virtual machines. Next, you need to investigate compute and storage resiliency and scalability options that are available when using Azure virtual machine scale sets. You also want to explore the ability to automatically configure virtual machines and virtual machine scale sets by using the Azure Virtual Machine Custom Script extension. + +## Objectives + +In this lab, you will: + ++ Task 1: Deploy zone-resilient Azure virtual machines by using the Azure portal and an Azure Resource Manager template ++ Task 2: Configure Azure virtual machines by using virtual machine extensions ++ Task 3: Scale compute and storage for Azure virtual machines ++ Task 4: Deploy zone-reslient Azure virtual machine scale sets by using the Azure portal ++ Task 5: Configure Azure virtual machine scale sets by using virtual machine extensions ++ Task 6: Scale compute and storage for Azure virtual machine scale sets + +## Instructions + +### Exercise 1 + +#### Task 1: Deploy zone-resilient Azure virtual machines by using the Azure portal and an Azure Resource Manager template + +In this task, you will deploy Azure virtual machines into different availability zones by using the Azure portal and an Azure Resource Manager template. + +1. Sign in to the [Azure portal](http://portal.azure.com). + +1. In the Azure portal, search for and select **Virtual machines** and, on the **Virtual machines** blade, click **+ Add**. + +1. On the **Basics** tab of the **Create a virtual machine** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you will be using in this lab | + | Resource group | the name of a new resource group **az104-08-rg01** | + | Virtual machine name | **az104-08-vm0** | + | Region | select one of the regions that support availability zones and where you can provision Azure virtual machines | + | Availability options | **Availability zone** | + | Availability zone | **1** | + | Image | **Windows Server 2019 Datacenter** | + | Azure Spot instance | **No** | + | Size | **Standard D2s v3** | + | Username | **Student** | + | Password | **Pa55w.rd1234** | + | Public inbound ports | **None** | + | Already have a Windows Server license | **No** | + +1. Click **Next: Disks >** and, on the **Disks** tab of the **Create a virtual machine** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | OS disk type | **Standard HDD** | + | Enable Ultra Disk compatibility | **No** | + +1. Click **Next: Networking >** and, on the **Networking** tab of the **Create a virtual machine** blade, click **Create new** below the **Virtual network** textbox. + +1. On the **Create virtual network** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-08-rg01-vnet** | + | Address range | **10.80.0.0/20** | + | Subnet name | **subnet0** | + | Subnet range | **10.80.0.0/24** | + +1. Click **OK** and, back on the **Networking** tab of the **Create a virtual machine** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Public IP | **None** | + | NIC network security group | **None** | + | Accelerated networking | **Off** | + | Place this virtual machine behind an existing load balancing solution? | **No** | + +1. Click **Next: Management >** and, on the **Management** tab of the **Create a virtual machine** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Boot diagnostics | **Off** | + +1. Click **Next: Advanced >**, on the **Management** tab of the **Create a virtual machine** blade, review the available settings without modifying any of them, and click **Review + Create**. + +1. On the **Review + Create** blade, click **Create**. + +1. On the deployment blade, click **Template**. + +1. Review the template representing the deployment in progress and click **Deploy**. + + >**Note**: You will use this option to deploy the second virtual machine with matching configuration except for the availability zone. + +1. On the **Custom deployment** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Resource group | **az104-08-rg01** | + | Network Interface Name | **az104-08-vm1-nic1** | + | Virtual Machine Name | **az104-08-vm1** | + | Admin Username | **Student** | + | Admin Password | **Pa55w.rd1234** | + | Zone | **2** | + + >**Note**: You need to modify parameteres corresponding to the properties of the distinct resources you are deploying by using the template, including the virtual machine and its network interface. You also need to specify a different availability zone if you want your deployment consisting of two virtual machines to be zone redundant. + +1. Enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**. + + >**Note**: Wait for both deployments to complete before you proceed to the next task. This might take about 3 minutes. + +#### Task 2: Configure Azure virtual machines by using virtual machine extensions + +In this task, you will install Windows Server Web Server role on the two Azure virtual machines you deployed in the previous task by using the Custom Script virtual machine extension. + +1. In the Azure portal, search for and select **Virtual machines** and, on the **Virtual machines** blade, click **az104-08-vm0**. + +1. On the **az104-08-vm0** virtual machine blade, in the **Settings** section, click **Extensions**, and the click **+ Add**. + +1. On the **New resource** blade, click **Custom Script Extension** and then click **Create**. + +1. From the **Install extension** blade, upload the script **az104-08-install_IIS.ps1** from **\\Allfiles\\Labs\\08** and click **OK**. + +1. In the Azure portal, search for and select **Virtual machines** and, on the **Virtual machines** blade, click **az104-08-vm1**. + +1. On the **az104-08-vm1** blade, in the **Settings** section, click **Export template**. + +1. On the **az104-08-vm1 - Export template** blade, click **Deploy**. + +1. On the **Custom deployment** blade, click **Edit template**. + +1. On the **Edit template** blade, in the section displaying the content of the template, insert the following code starting with line **20** (directly underneath the ` "resources": [` line): + + ```json + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "az104-08-vm1/customScriptExtension", + "apiVersion": "2018-06-01", + "location": "[resourceGroup().location]", + "dependsOn": [ + "az104-08-vm1" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)" + } + } + }, + + ``` + + >**Note**: This section of the template defines the same Azure virtual machine custom script extension that you deployed earlier to the first virtual machine via Azure PowerShell. + +1. Click **Save** and, back on the **Custom template** blade, enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**. + + >**Note**: Disregard the message stating **The resource group is in a location that is not supported by one or more resources in the template. Please choose a different resource group**. This is expected and can be ignored in this case. + + >**Note**: Wait for the template deployment to complete. You can monitor its progress from the **Extensions** blade of the **az104-08-vm0** and **az104-08-vm1** virtual machines. This should take no more than 3 minutes. + +1. To verify that the Custom Script extension-based configuration was successful, navigate back on the **az104-08-vm1** blade, in the **Operations** section, click **Run command**, and, in the list of commands, click **RunPowerShellScript**. + +1. On the **Run Command Script** blade, type the following and click **Run** to access the web site hosted on **az104-08-vm0**: + + ```pwsh + Invoke-WebRequest -URI http://10.80.0.4 -UseBasicParsing + ``` + + >**Note**: The **-UseBasicParsing** parameter is necessary to eliminate depenency on Internet Explorer to complete execution of the cmdlet + + >**Note**: You can also connect to **az104-08-vm0** and run `Invoke-WebRequest -URI http://10.80.0.5` to access the web site hosted on **az104-08-vm1**. + +#### Task 3: Scale compute and storage for Azure virtual machines + +In this task you will scale compute for Azure virtual machines by changing their size and scale their storage by attaching and configuring their data disks. + +1. In the Azure portal, search for and select **Virtual machines** and, on the **Virtual machines** blade, click **az104-08-vm0**. + +1. On the **az104-08-vm0** virtual machine blade, click **Size** and set the virtual machine size to **Standard DS1_v2** + + >**Note**: Choose another size if **Standard DS1_v2** is not available. + +1. On the **az104-08-vm0** virtual machine blade, click **Disks**, click **+ Add data disk**, and, in the **Name** drop down list, click **Create disk**. + +1. Create a managed disk with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Disk name | **az104-08-vm0-datadisk-0** | + | Source type | **None** | + | Account type | **Premium SSD** | + | Size | **1024 GiB** | + + +1. Back on the **az104-08-vm0 - Disks** blade, click **+ Add data disk**, and, in the **Name** drop down list, click **Create disk**. + +1. Create a managed disk with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Disk name | **az104-08-vm0-datadisk-1** | + | Source type | **None** | + | Account type | **Premium SSD** | + | Size | **1024 GiB** | + +1. Back on the **az104-08-vm0 - Disks** blade, click **Save**. + +1. On the **az104-08-vm0** blade, in the **Operations** section, click **Run command**, and, in the list of commands, click **RunPowerShellScript**. + +1. On the **Run Command Script** blade, type the following and click **Run** to create a drive Z: consisting of the two newly attached disks with the simple layout and fixed provisioning: + + ```pwsh + New-StoragePool -FriendlyName storagepool1 -StorageSubsystemFriendlyName "Windows Storage*" -PhysicalDisks (Get-PhysicalDisk -CanPool $true) + + New-VirtualDisk -StoragePoolFriendlyName storagepool1 -FriendlyName virtualdisk1 -Size 2046GB -ResiliencySettingName Simple -ProvisioningType Fixed + + Initialize-Disk -VirtualDisk (Get-VirtualDisk -FriendlyName virtualdisk1) + + New-Partition -DiskNumber 4 -UseMaximumSize -DriveLetter Z + ``` + + > **Note**: Wait for the confirmation that the commands completed successfully. + +1. In the Azure portal, search for and select **Virtual machines** and, on the **Virtual machines** blade, click **az104-08-vm1**. + +1. On the **az104-08-vm1** blade, in the **Settings** section, click **Export template**. + +1. On the **az104-08-vm1 - Export template** blade, click **Deploy**. + +1. On the **Custom deployment** blade, click **Edit template**. + +1. On the **Edit template** blade, in the section displaying the content of the template, replace the line **30** ` "vmSize": "Standard_D2s_v3"` with the following line): + + ```json + "vmSize": "Standard_DS1_v2" + + ``` + + >**Note**: This section of the template defines the same Azure virtual machine size as the one you specified for the first virtual machine via the Azure portal. + + +1. On the **Edit template** blade, in the section displaying the content of the template, replace line **49** (` "dataDisks": [ ]` line) with the following code : + + ```json + "dataDisks": [ + { + "lun": 0, + "name": "az104-08-vm1-datadisk0", + "diskSizeGB": "1024", + "caching": "ReadOnly", + "createOption": "Empty" + }, + { + "lun": 1, + "name": "az104-08-vm1-datadisk1", + "diskSizeGB": "1024", + "caching": "ReadOnly", + "createOption": "Empty" + } + ] + ``` + + >**Note**: This section of the template creates two managed disks and attaches them to **az104-08-vm1**, similarly to the storage configuration of the first virtual machine via the Azure portal. + +1. Click **Save** and, back on the **Custom template** blade, enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**. + + >**Note**: Disregard the message stating **The resource group is in a location that is not supported by one or more resources in the template. Please choose a different resource group**. This is expected and can be ignored in this case. + + >**Note**: Wait for the template deployment to complete. You can monitor its progress from the **Extensions** blade of the **az104-08-vm1** virtual machine. This should take no more than 3 minutes. + +1. Back on the **az104-08-vm1** blade, in the **Operations** section, click **Run command**, and, in the list of commands, click **RunPowerShellScript**. + +1. On the **Run Command Script** blade, type the following and click **Run** to create a drive Z: consisting of the two newly attached disks with the simple layout and fixed provisioning: + + ```pwsh + New-StoragePool -FriendlyName storagepool1 -StorageSubsystemFriendlyName "Windows Storage*" -PhysicalDisks (Get-PhysicalDisk -CanPool $true) + + New-VirtualDisk -StoragePoolFriendlyName storagepool1 -FriendlyName virtualdisk1 -Size 2046GB -ResiliencySettingName Simple -ProvisioningType Fixed + + Initialize-Disk -VirtualDisk (Get-VirtualDisk -FriendlyName virtualdisk1) + + New-Partition -DiskNumber 4 -UseMaximumSize -DriveLetter Z + ``` + > **Note**: Wait for the confirmation that the commands completed successfully. + +#### Task 4: Deploy zone-reslient Azure virtual machine scale sets by using the Azure portal + +In this task, you will deploy Azure virtual machine scale set across availability zones by using the Azure portal. + +1. In the Azure portal, search for and select **Virtual machine scale sets** and, on the **Virtual machine scale sets** blade, click **+ Add**. + +1. On the **Create a virtual machine scale set** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Virtual machine scale set name | **az10408vmss0** | + | Operating system disk image | **Windows Server 2016 Datacenter** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-08-rg02** | + | Location | select one of the regions that support availability zones and where you can provision Azure virtual machines different from the one you used to deploy virtual machines earlier in this lab | + | Availability zone | **Zones 1, 2, 3** | + | Username | **Student** | + | Password | **Pa55w.rd1234** | + | Instance count | **2** | + | Size | **Standard D2s v3** | + | Autoscale | **Disabled** | + | Choose load balancing options | **Load balancer** | + | Public IP address name | **az10408vmss0-pip** | + | Domain name label | any unique DNS name | + + >**Note**: For the list of Azure regions which support deployment of Windows virtual machines to availability zones, refer to [What are Availability Zones in Azure?](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview) + +1. Click the **Create new** link below the **Virtual network** textbox and create a new virtual network with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az104-08-rg02-vnet** | + | Address range | **10.82.0.0/20** | + | Subnet name | **subnet0** | + | Subnet range | **10.82.0.0/24** | + + >**Note**: Once you create a new virtual network and return to the **Create a virtual machine scale set** blade, the **Virtual network** and **Subnet** values will be automatically set to **az104-08-rg02-vnet** and **subnet0**. + +1. Back on the **Create a virtual machine scale set** blade, select the **Advanced** option next to the **NIC network security group** label and click **Create new**. + +1. On the **Create network security group** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Name | **az10408vmss0-nsg** | + +1. Click **Add an inbound rule** and add an inbound security rule with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Source | **Any** | + | Source port ranges | **\*** | + | Destination | **Any** | + | Destination port ranges | **80** | + | Protocol | **TCP** | + | Action | **Allow** | + | Priority | **1010** | + | Name | **custom-allow-http** | + + >**Note**: Once you create a new virtual network and return to the **Create a virtual machine scale set** blade, the **NIC network security group** value will be automatically set to **az10408vmss0-nsg**. + +1. Back on the **Create a virtual machine scale set** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | Boot diagnostics | **Off** | + | System assigned managed identity | **Off** | + + >**Note**: Wait for the virtual machine scale set deployment to complete. This should take about 3 minutes. + + +#### Task 5: Configure Azure virtual machine scale sets by using virtual machine extensions + +In this task, you will install Windows Server Web Server role on the instances of the Azure virtual machine scale set you deployed in the previous task by using the Custom Script virtual machine extension. + +1. In the Azure portal, refresh the **Virtual machine scale sets** blade and click **az10408vmss0**. + +1. On the **az10408vmss0** blade, click **Extensions**, and the click **+ Add**. + +1. On the **New resource** blade, click **Custom Script Extension** and then click **Create**. + +1. From the **Install extension** blade, upload the script **az104-08-install_IIS.ps1** from **\\Allfiles\\Labs\\08** and click **OK**. + + >**Note**: Wait for the installation of the extension to complete before proceeding to the next step. + +1. In the **Settings** section of the **az10408vmss0** blade, click **Instances**, select the checkboxes next to the two instances of the virtual machine scale set, click **Upgrade**, and then, when prompted for confirmation, click **Yes**. + + >**Note**: Wait for the upgrade to complete before proceeding to the next step. + +1. In the Azure portal, search for and select **Load balancers** and, in the list of load balancers, click **az10408vmss0lb**. + +1. On the **az10408vmss0lb** blade, note the value of the **Public IP address** assigned to the frontend of the load balancer, open an new browser tab, and navigate to that IP address. + + >**Note**: Verify that the browser page displays the name of one of the instances of the Azure virtual machine scale set **az10408vmss0**. + +#### Task 6: Scale compute and storage for Azure virtual machine scale sets + +In this task, you will change the size of virtual machine scale set instances, configure their autoscaling settings, and attach disks to them. + +1. In the Azure Portal, on the **az10408vmss0** blade, click **Size**. + +1. In the list of available sizes, select **Standard DS1_v2** and click **Resize**. + +1. In the **Settings** section, click **Instances**, select the checkboxes next to the two instances of the virtual machine scale set, click **Upgrade**, and then, when prompted for confirmation, click **Yes**. + +1. In the list of instances, click the entry representing the first instance and, on the scale set instance blade, note its **Location** (it should be one of the zones in the target Azure region into which you deployed the Azure virtual machine scale set). + +1. Return to the **az10408vmss0 - Instances** blade, click the entry representing the second instance and, on the scale set instance blade, note its **Location** (it should be one of the other two zones in the target Azure region into which you deployed the Azure virtual machine scale set). + +1. Return to the **az10408vmss0 - Instances** blade and click **Scaling**. + +1. On the **az10408vmss0 - Scaling** blade, select the **Custom autoscale** option and configure autoscale with the following settings (leave others with their default values): + + | Setting | Value | + | --- |--- | + | Scale mode | **Scale based on a metric** | + +1. Click the **+ Add a rule** link and, on the **Scale rule** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- |--- | + | Metric source | **Current resource (az10480vmss0)** | + | Time aggregation | **Maximum** | + | Metric namespace | **Virtual Machine Host** | + | Metric name | **Network In Total** | + | Operator | **Greater than** | + | Metric threshold to trigger scale action | **10** | + | Duration (in minutes) | **1** | + | Time grain statistic | **Maximum** | + | Operation | **Increase count by** | + | Instance count | **1** | + | Cool down (minutes) | **5** | + + >**Note**: Obviously these values do not represent a realistic configuration, since their purpose is to trigger autoscaling as soon as possible, without extended wait period. + +1. Click **Add** and, back on the **az10408vmss0 - Scaling** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- |--- | + | Instance limits Minimum | **1** | + | Instance limits Maximum | **3** | + | Instance limits Default | **1** | + +1. Click **Save**. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. From the Cloud Shell pane, run the following to identify the public IP address of the load balancer in front of the Azure virtual machine scale set **az10408vmss0**. + + ```pwsh + $rgName = 'az104-08-rg02' + + $lbpipName = 'az10408vmss0-pip' + + $pip = (Get-AzPublicIpAddress -ResourceGroupName $rgName -Name $lbpipName).IpAddress + ``` +1. From the Cloud Shell pane, run the following to start and infinite loop that sends the HTTP requests to the web sites hosted on the instances of Azure virtual machine scale set **az10408vmss0**. + + ```pwsh + while ($true) { Invoke-WebRequest -Uri "http://$pip" } + ``` + +1. Minimize the Cloud Shell pane but do not close it, switch back to the **az10408vmss0 - Instances** blade and monitor the number of instances. + + >**Note**: You might need to wait a couple of minutes and click **Refresh**. + +1. Once the third instance is provisioned, navigate to its blade to determine its **Location** (it should be different than the first two zones you identified earlier in this task. + +1. Close Cloud Shell pane. + +1. On the **az10408vmss0** blade, click **Storage**, click **+ Add data disk**, and attach a new managed disk with the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | LUN | **0** | + | Size | **32** | + | Account type | **Standard HDD** | + | Host caching | **None** | + +1. Save the change, in the **Settings** section of the **az10408vmss0** blade, click **Instances**, select the checkboxes next to the two instances of the virtual machine scale set, click **Upgrade**, and then, when prompted for confirmation, click **Yes**. + + >**Note**: The disk attached in the previous step is a raw disks. Before it can be used, it is necessary to create a partition, create a filesystem, and mount it. To accomplish this, you will use Azure virtual machine Custom Script extension. First, you will need to remove the existing Custom Script Extension. + +1. In the **Settings** section of the **az10408vmss0** blade, click **Extensions**, click **CustomScriptExtension**, and then click **Uninstall**. + + >**Note**: Wait for uninstallation to complete. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the file **\\Allfiles\\Labs\\08\\az104-08-configure_VMSS_disks.ps1** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to display the content of the script: + + ```pwsh + Set-Location -Path $HOME + + Get-Content -Path ./az104-08-configure_VMSS_disks.ps1 + ``` + + >**Note**: The script installs a custom script extension that configures the attached disk. + +1. From the Cloud Shell pane, run the following to excecute the script and configure disks of Azure virtual machine scale set: + + ```pwsh + ./az104-08-configure_VMSS_disks.ps1 + ``` + +1. Close the Cloud Shell pane. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-08*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-08*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Deployed zone-resilient Azure virtual machines by using the Azure portal and an Azure Resource Manager template +- Configured Azure virtual machines by using virtual machine extensions +- Scaled compute and storage for Azure virtual machines +- Deployed zone-reslient Azure virtual machine scale sets by using the Azure portal +- Configured Azure virtual machine scale sets by using virtual machine extensions +- Scaled compute and storage for Azure virtual machine scale sets \ No newline at end of file diff --git a/Instructions/Labs/LAB_09a-Implement_Web_Apps.md b/Instructions/Labs/LAB_09a-Implement_Web_Apps.md new file mode 100644 index 00000000..5543c084 --- /dev/null +++ b/Instructions/Labs/LAB_09a-Implement_Web_Apps.md @@ -0,0 +1,266 @@ +--- +lab: + title: '09a - Implement Web Apps' + module: 'Module 09 - Serverless Computing' +--- + +# Lab 09a - Implement Web Apps +# Student lab manual + +## Lab scenario + +You need to evaluate the use of Azure Web apps for hosting Contoso's web sites, hosted currently in the company's on-premises data centers. The web sites are running on Windows servers using PHP runtime stack. You also need to determine how you can implement DevOps practices by leveraging Azure web apps deployment slots. + +## Objectives + +In this lab, you will: + ++ Task 1: Create an Azure web app ++ Task 2: Create a staging deployment slot ++ Task 3: Configure web app deployment settings ++ Task 4: Deploy code to the staging deployment slot ++ Task 5: Swap the staging slots ++ Task 6: Configure and test autoscaling of the Azure web app + +## Instructions + +### Exercise 1 + +#### Task 1: Create an Azure web app + +In this task, you will create an Azure web app. + +1. Sign in to the [**Azure portal**](http://portal.azure.com). + +1. In the Azure portal, search for and select **App services**, and, on the **App Services** blade, click **+ Add**. + +1. On the **Basics** tab of the **Web App** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | ---| + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-09a-rg1** | + | Web app name | any globally unique name | + | Publish | **Code** | + | Runtime stack | **PHP 7.3** | + | Operating system | **Windows** | + | Region | the name of an Azure region where you can provision Azure web apps | + | App service plan | accept the default configuration | + +1. Click **Next : Monitoring >**, on the **Monitoring** tab of the **Web App** blade, set the **Enable Application Insights** switch to **No**, click **Review + create**, and then click **Create**. + + >**Note**: Typically, you would want to enable **Application Insights**, however, its functionality is not used in this lab. + + >**Note**: Wait until the web app is created before you proceed to the next task. This should take about a minute. + +1. On the deployment blade, click **Go to resource**. + +#### Task 2: Create a staging deployment slot + +In this task, you will create a staging deployment slot. + +1. On the blade of the newly deployed web app, click the **URL** link to display the default web page in a new browser tab. + +1. Close the new browser tab and, back in the Azure portal, in the **Deployment** section of the web app blade, click **Deployment slots**. + + >**Note**: The web app, at this point, has a single deployment slot labeled **PRODUCTION**. + +1. Click **+ Add slot**, and add a new slot with the following settings: + + | Setting | Value | + | --- | ---| + | Name | **staging** | + | Clone settings from | **Do not clone settings**| + +1. Back on the **Deployment slots** blade of the web app, click the entry representing the newly created staging slot. + + >**Note**: This will open the blade displaying the properties of the staging slot. + +1. Review the staging slot blade and note that its URL differs from the one assigned to the production slot. + +#### Task 3: Configure web app deployment settings + +In this task, you will configure web app deployment settings. + +1. On the staging deployment slot blade, in the **Deployment** section, click **Deploymnent Center**. + + >**Note:** Make sure you are on the staging slot blade (rather than the production slot). + +1. In the **Continuous Deployment (CI/CD)** section, select **Local Git**, and then click **Continue**. + +1. Select **App Service build service**, click **Continue**, and then click **Finish**. + +1. Copy the resulting **Git Clone Url** to Notepad. + + >**Note:** You will need the Git Clone Url value in the next task of this lab. + +1. Click **Deployment Credentials** toolbar icon to display **Deployment Credentials** pane. + +1. Click **User credentials**. + +1. Complete the required information, and then click **Save Credentials**. + + | Setting | Value | + | --- | ---| + | User name | any unique name | + | Password | **Pa55w0rd1234** | + + >**Note:** You will need these credentials in the next task of this lab. + +#### Task 4: Deploy code to the staging deployment slot + +In this task, you will deploy code to the staging deployment slot. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. From the Cloud Shell pane, run the following to clone the remote repository containing the code for the web app. + + ```pwsh + git clone https://github.com/Azure-Samples/php-docs-hello-world + ``` + +1. From the Cloud Shell pane, run the following to set the current location to the newly created clone of the local repository containing the sample web app code. + + ``` + Set-Location -Path $HOME/php-docs-hello-world/ + ``` + +1. From the Cloud Shell pane, run the following to add the remote git (make sure to replace the `[deployment_name]` and `[git_clone_url]` placeholders with the the value of the **Deployment Credentials** user name and **Git Clone Url**, respectively, which you identified in previous task): + + ``` + git remote add [deployment_user_name] [git_clone_url] + ``` + + >**Note**: The value following `git remote add` does not have to match the **Deployment Credentials** user name, but has to be unique + +1. From the Cloud Shell pane, run the following to push the sample web app code from the local repository to the Azure web app staging deployment slot (make sure to replace the `[deployment_user_name]` placeholder with the value of the **Deployment Credentials** user name, which you identified in previous task): + ``` + git push [deployment_user_name] master + ``` + +1. If prompted to authenticate, type the `[deployment_user_name]` and the corresponding password (**Pa55w0rd1234**). + +1. Close the Cloud Shell pane. + +1. On the staging slot blade, click **Overview** and then click the **URL** link to display the default web page in a new browser tab. + +1. Verify that the browser page displays the **Hello World!** message and close the new tab. + +#### Task 5: Swap the staging slots + +In this task, you wil swap the staging slot with the production slot + +1. Navigate back to the blade displaying the production slot of the web app. + +1. In the **Deployment** section, click **Deployment slots** and then, click **Swap** toolbar icon. + +1. On the **Swap** blade, review the default settings and click **Swap**. + +1. Click **Overview** on the production slot blade of the web app and then click the **URL** link to display the web site home page in a new browser tab. + +1. Verify the default web page has been replaced with the **Hello World!** page. + +# Task 6: Configure and test autoscaling of the Azure web app + +In this task, you will configure and test autoscaling of Azure web app. + +1. On the blade displaying the production slot of the web app, in the **Settings** section, click **Scale out (App Service plan)**. + +1. Click **Custom autoscale**. + + >**Note**: You also have the option of scaling the web app manually. + +1. Leave the default option **Scale based on a metric** selected and click **+ Add a rule** + +1. On the **Scale rule** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- |--- | + | Metric source | **Current resource** | + | Time aggregation | **Maximum** | + | Metric namespace | **App Service plans standard metrics** | + | Metric name | **CPU Percentage** | + | Operator | **Greater than** | + | Metric threshold to trigger scale action | **10** | + | Duration (in minutes) | **1** | + | Time grain statistic | **Maximum** | + | Operation | **Increase count by** | + | Instance count | **1** | + | Cool down (minutes) | **5** | + + >**Note**: Obviously these values do not represent a realistic configuration, since their purpose is to trigger autoscaling as soon as possible, without extended wait period. + +1. Click **Add** and, back on the **az10408vmss0 - Scaling** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- |--- | + | Instance limits Minimum | **1** | + | Instance limits Maximum | **2** | + | Instance limits Default | **1** | + +1. Click **Save**. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + +1. From the Cloud Shell pane, run the following to identify the URL of the Azure web app. + + ```pwsh + $rgName = 'az104-09a-rg1' + + $webapp = Get-AzWebApp -ResourceGroupName $rgName + ``` + +1. From the Cloud Shell pane, run the following to start and infinite loop that sends the HTTP requests to the web app: + + ```pwsh + while ($true) { Invoke-WebRequest -Uri $webapp.DefaultHostName } + ``` + +1. Minimize the Cloud Shell pane (but do not close it) and, on the web app blade, in the **Monitoring** section, click **Process explorer**. + + >**Note**: Process explorer facilitates monitoring the number of instances and their resource utilization. + +1. Monitor the utilization and the number of instances for a few minutes. + + >**Note**: You may need to **Refresh** the page. + +1. Once you notice that the number of instances has increased to 2, reopen the Cloud Shell pane and terminate the script by pressing **Ctrl+C**. + +1. Close the Cloud Shell pane. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-09a*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-09a*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Created an Azure web app +- Created a staging deployment slot +- Configured web app deployment settings +- Deployed code to the staging deployment slot +- Swapped the staging slots +- Configured and test autoscaling of the Azure web app \ No newline at end of file diff --git a/Instructions/Labs/LAB_09b-Implement_Azure_Container_Instances.md b/Instructions/Labs/LAB_09b-Implement_Azure_Container_Instances.md new file mode 100644 index 00000000..bf1aa923 --- /dev/null +++ b/Instructions/Labs/LAB_09b-Implement_Azure_Container_Instances.md @@ -0,0 +1,100 @@ +--- +lab: + title: '09b - Implement Azure Container Instances' + module: 'Module 09 - Serverless Computing' +--- + +# Lab 09b - Implement Azure Container Instances +# Student lab manual + +## Lab scenario + +Contoso wants to find a new platform for its virtualized workloads. You identified a number of container images that can be leveraged to accomplish this objective. Since you want to minimize container management, you plan to evaluate the use of Azure Container Instances for deployment of Docker images. + +## Objectives + +In this lab, you will: + ++ Task 1: Deploy a Docker image by using the Azure Container Instance ++ Task 2: Review the functionality of the Azure Container Instance + +## Instructions + +### Exercise 1 + +#### Task 1: Deploy a Docker image by using the Azure Container Instance + +In this task, you will create a new container instance for the web application. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, search for locate **Container instances** and then, on the **Container instances** blade, click **+ Add**. + +1. On the **Basics** tab of the **Create container instance** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-09b-rg1** | + | Container name | **az104-9b-c1** | + | Region | the name of a region where you can provision Azure container instances | + | Image type | **Public** | + | Image name | **microsoft/aci-helloworld** | + | OS type | **Linux** | + +1. Click **Next: Networking >** and, on the **Networking** tab of the **Create container instance** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | --- | --- | + | DNS name label | any valid, globally unique DNS host name | + + >**Note**: Your container will be publicly reachable at dns-name-label.region.azurecontainer.io. If you receive a **DNS name label not available** error message, specify a different value. + +1. Click **Next: Advanced >**, review the settings on the **Advanced** tab of the **Create container instance** blade without making any changes, click **Review + Create**, and then click **Create**. + + >**Note**: Wait for the deployment to complete. This should take about 3 minutes. + + >**Note**: While you wait, you may be interested in viewing the [code behind the sample application](https://github.com/Azure-Samples/aci-helloworld). To view it, browse the \app folder. + +#### Task 2: Review the functionality of the Azure Container Instance + +In this task, you will review the deployment of the container instance. + +1. On the deployment blade, click the **Go to resource** link. + +1. On the **Overview** blade of the container instance, verify that **Status** is reported as **Running**. + +1. Copy the value of the container instance **FQDN**, open an new browser tab, and navigate to the corresponding URL. + +1. Verify that the **Welcome to Azure Container Instance** page is displayed. + +1. Close the new browser tab, back in the Azure portal, in the **Settings** section of the container instance blade, click **Containers**, and then click **Logs**. + +1. Verify that you see the log entries representing the HTTP GET request generated by displaying the application in the browser. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-09b*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-09b*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Deployed a Docker image by using the Azure Container Instance +- Reviewed the functionality of the Azure Container Instance diff --git a/Instructions/Labs/LAB_09c-Implement_Azure_Kubernetes_Service.md b/Instructions/Labs/LAB_09c-Implement_Azure_Kubernetes_Service.md new file mode 100644 index 00000000..2c7468d4 --- /dev/null +++ b/Instructions/Labs/LAB_09c-Implement_Azure_Kubernetes_Service.md @@ -0,0 +1,238 @@ +--- +lab: + title: '09c - Implement Azure Kubernetes Service' + module: 'Module 09 - Serverless Computing' +--- + +# Lab 09c - Implement Azure Kubernetes Service +# Student lab manual + +## Lab scenario + +Contoso has a number of multi-tier applications that are not suitable to run by using Azure Container Instances. In order to determine whether they can be run as containerized workloads, you want to evaluate using Kubernetes as the container orchestrator. To further minimize management overhead, you want to test Azure Kubernetes Service, including its simplified deployment experience and scaling capabilities. + +## Objectives + +In this lab, you will: + ++ Task 1: Deploy an Azure Kubernetes Service cluster ++ Task 2: Deploy pods into the Azure Kubernetes Service cluster ++ Task 3: Scale containerized workloads in the Azure Kubernetes service cluster + +## Instructions + +### Exercise 1 + +#### Task 1: Deploy an Azure Kubernetes Service cluster + +In this task, you will deploy an Azure Kubernetes Services cluster by using the Azure portal. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, search for locate **Kubernetes services** and then, on the **Kubernetes services** blade, click **+ Add**. + +1. On the **Basics** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-09c-rg1** | + | Kubernetes cluster name | **az104-9c-aks1** | + | Region | the name of a region where you can provision a Kubernetes cluster | + | Kubernetes version | accept the default | + | DNS name prefix | any valid, globally unique DNS host name | + | Node size | accept the default | + | Node count | **1** | + +1. Click **Next: Scale >** and, on the **Scale** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | Virtual nodes | **Disabled** | + | VM scale sets | **Enabled** | + +1. Click **Next: Authentication >** and, on the **Authentication** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | Service principal | accept the default | + | Enable RBAC | **Yes** | + + +1. Click **Next: Networking >** and, on the **Networking** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | HTTP application routing | **No** | + | Load balancer | **Standard** | + | Network configuration | **Advanced** | + +1. Click **Next: Monitoring >**, on the **Monitoring** tab of the **Create Kubernetes cluster** blade, set **Enable container monitoring** to **No**, click **Review + create** and then click **Create**. + + >**Note**: In production scenarios, you would want to enable montioring. Monitoring is disabled in this case since it is not covered in the lab. + + >**Note**: Wait for the deployment to complete. This should take about 10 minutes. + + +#### Task 2: Deploy pods into the Azure Kubernetes Service cluster + +In this task, you will deploy a pod into the Azure Kubernetes Service cluster. + +1. On the deployment blade, click the **Go to resource** link. + +1. On the **az104-9c-aks1** Kubernetes service blade, in the **Settings** section, click **Node pools**. + +1. On the **az104-9c-aks1 - Node pools** blade, verify that the cluster consists of a single pool with one node. + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **Bash**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. From the Cloud Shell pane, run the following to retrieve the credentials to access the AKS cluster: + + ```sh + RESOURCE_GROUP='az104-09c-rg1' + + AKS_CLUSTER='az104-9c-aks1' + + az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER + ``` + +1. From the **Cloud Shell** pane, run the following to verify connectivity to the AKS cluster: + + ```sh + kubectl get nodes + ``` + +1. In the **Cloud Shell** pane, review the output and verify that the one node which the cluster consists of at this point is reporting the **Ready** status. + +1. From the **Cloud Shell** pane, run the following to deploy the **nginx** image from the Docker Hub: + + ```sh + kubectl create deployment nginx-deployment --image=nginx + ``` + + > **Note**: Make sure to use lower case letters when typing the name of the deployment (nginx-deployment) + +1. From the **Cloud Shell** pane, run the following to verify that a Kubernetes pod has been created: + + ```sh + kubectl get pods + ``` + +1. From the **Cloud Shell** pane, run the following to identify the state of the deployment: + + ```sh + kubectl get deployment + ``` + +1. From the **Cloud Shell** pane, run the following to make the pod available from Internet: + + ```sh + kubectl expose deployment nginx-deployment --port=80 --type=LoadBalancer + ``` + +1. From the **Cloud Shell** pane, run the following to identify whether a public IP address has been provisioned: + + ```sh + kubectl get service + ``` + +1. Re-run the command until the value in the **EXTERNAL-IP** column for the **nginx-deployment** entry changes from **\** to a public IP address, then press the **Ctrl-C** key combination. Note the public IP address in the **EXTERNAL-IP** column for **nginx-deployment**. + +1. Open a browser window and navigate to the IP address you obtained in the previous step. Verify that the browser page displays the **Welcome to nginx!** message. + +#### Task 3: Scale containerized workloads in the Azure Kubernetes service cluster + +In this task, you will scale horizontally the number of pods and then number of cluster nodes. + +1. From the **Cloud Shell** pane, run the following to scale the deployment by increasing of the number of pods to 2: + + ```sh + kubectl scale --replicas=2 deployment/nginx-deployment + ``` + +1. From the **Cloud Shell** pane, run the following to verify the outcome of scaling the deployment: + + ```sh + kubectl get pods + ``` + + > **Note**: Review the output of the command and verify that the number of pods increased to 2. + +1. From the **Cloud Shell** pane, run the following to scale out the cluster by increasing the number of nodes to 2: + + ```sh + az aks scale --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER --node-count 2 + ``` + + > **Note**: Wait for the provisioning of the additional node to complete. This might take about 3 minutes. If it fails, rerun the `az aks scale` command. + +1. From the **Cloud Shell** pane, run the following to verify the outcome of scaling the cluster: + + ```sh + kubectl get nodes + ``` + + > **Note**: Review the output of the command and verify that the number of nodes increased to 2. + +1. From the **Cloud Shell** pane, run the following to scale the deployment: + + ``` + kubectl scale --replicas=10 deployment/nginx-deployment + ``` + +1. From the **Cloud Shell** pane, run the following to verify the outcome of scaling the deployment: + + ``` + kubectl get pods + ``` + + > **Note**: Review the output of the command and verify that the number of pods increased to 10. + +1. From the **Cloud Shell** pane, run the following to review the pods distribution across cluster nodes: + + ``` + kubectl get pod -o=custom-columns=NODE:.spec.nodeName,POD:.metadata.name + ``` + + > **Note**: Review the output of the command and verify that the pods are distributed across both nodes. + +1. From the **Cloud Shell** pane, run the following to delete the deployment: + + ``` + kubectl delete deployment nginx-deployment + ``` + +1. Close the **Cloud Shell** pane. + + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **Bash** shell session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```sh + az group list --query "[?starts_with(name,'az104-09c')].name" --output tsv + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```sh + az group list --query "[?starts_with(name,'az104-09c')].[name]" --output tsv | xargs -L1 bash -c 'az group delete --name $0 --no-wait --yes' + ``` + + >**Note**: The command command executes asynchronously (as determined by the --nowait parameter), so while you will be able to run another Azure CLI command immediately afterwards within the same Bash session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Deployed an Azure Kubernetes Service cluster +- Deployed pods into the Azure Kubernetes Service cluster +- Scaled containerized workloads in the Azure Kubernetes service cluster \ No newline at end of file diff --git a/Instructions/Labs/LAB_10-Implement_Data_Protection.md b/Instructions/Labs/LAB_10-Implement_Data_Protection.md new file mode 100644 index 00000000..c85ff893 --- /dev/null +++ b/Instructions/Labs/LAB_10-Implement_Data_Protection.md @@ -0,0 +1,455 @@ +--- +lab: + title: '10 - Implement Data Protection' + module: 'Module 10 - Data Protection' +--- + +# Lab 10 - Backup virtual machines +# Student lab manual + +## Lab scenario + +You have been tasked with evaluating the use of Azure Recovery Services for backup and restore of files hosted on Azure virtual machines and on-premises computers. In addition, you want to identify methods of protecting data stored in the Recovery Services vault from accidental or malicious data loss. + +## Objectives + +In this lab, you will: + ++ Task 1: Provision the lab environment ++ Task 2: Create a Recovery Services vault ++ Task 3: Implement Azure virtual machine-level backup ++ Task 4: Implement File and Folder backup ++ Task 5: Perform file recovery by using Azure Recovery Services agent ++ Task 6: Perform file recovery by using Azure virtual machine snapshots ++ Task 7: Review the Azure Recovery Services soft delete functionality + +## Instructions + +### Exercise 1 + +#### Task 1: Provision the lab environment + +In this task, you will deploy two virtual machines that will be used to test different backup scenarios. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Labs\\10\\az104-10-vms-template.json** and **\\Allfiles\\Labs\\10\\az104-10-vms-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the resource group that will be hosting the virtual machines (replace the `[Azure_region]` placeholder with the name of an Azure region where you intend to deploy Azure virtual machines): + + ```pwsh + $location = '[Azure_region]' + + $rgName = 'az104-10-rg0' + + New-AzResourceGroup -Name $rgName -Location $location + ``` +1. From the Cloud Shell pane, run the following to create the first virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-10-vms-template.json ` + -TemplateParameterFile $HOME/az104-10-vms-parameters.json ` + -AsJob + ``` + +1. Minimize Cloud Shell (but do not close it). + + >**Note**: Do not wait for the deployment to complete but instead proceed to the next task. The deployment should take about 3 minutes. + +#### Task 2: Create a Recovery Services vault + +In this task, you will create a recovery services vault. + +1. In the Azure portal, search for and select **Recovery Services vaults** and, on the **Recovery Services vaults** blade, click **+ Add**. + +1. On the **Create Recovery Services vault** blade, specify the following settings: + + | Settings | Value | + | --- | --- | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-10-rg1** | + | Name | **az104-10-rsv1** | + | Region | the name of a region where you deployed the two virtual machines in the previous task | + + >**Note**: Make sure that you specify the same region into which you deployed virtual machines in the previous task. + +1. Click **Review + Create** and then click **Create**. + + >**Note**: Wait for the deployment to complete. The deployment should take less than 1 minute. + +1. When the deployment is completed, click **Go to Resource**. + +1. On the **az104-10-rsv1** Recovery Services vault blade, in the **Settings** section, click **Properties**. + +1. On the **az104-10-rsv1 - Properties** blade, click the **Update** link under **Backup Configuration** label. + +1. On the **Backup Configuration** blade, note that you can set the **Storage replication type** to either **Locally-redundant** or **Geo-redundant**. Leave the default setting of **Geo-redundant** in place and close the blade. + + >**Note**: This setting can be configured only if there are no existing backup items. + +1. Back on the **az104-10-rsv1 - Properties** blade, click the **Update** link under **Security Settings** label. + +1. On the **Security Settings** blade, note that **Soft Delete (For Azure Virtual Machines)** is **Enabled**. + +1. Close the **Security Settings** blade and, back on the **az104-10-rsv1** Recovery Services vault blade, click **Overview**. + +#### Task 3: Implement Azure virtual machine-level backup + +In this task, you will implement Azure virtual-machine level backup. + + >**Note**: Before you start this task, make sure that the deployment you initiated in the first task of this lab has successfully completed. + +1. On the **az104-10-rsv1** Recovery Services vault blade, click **+ Backup**. + +1. On the **Backup Goal** blade, specify the folowing settings: + + | Settings | Value | + | --- | --- | + | Where is your workload running? | **Azure** | + | What do you want to backup? | **Virtual machine** | + +1. On the **Backup Goal** blade, click **Backup**. + +1. On the **Backup policy**, review the **DefaultPolicy** settings, and, in the **Choose backup policy** drop-down list, select **Create New**. + +1. Define a new backup policy with the following settings (leave others with their default values): + + | Setting | Value | + | ---- | ---- | + | Policy name | **az104-10-backup-policy** | + | Frequency | **Daily** | + | Time | **12:00 AM** | + | Timezone | the name of your local time zone | + | Retain instant recovery snapshot(s) for | **2** Days(s) | + +1. Click **OK** to create the policy. This will automatically transition to the **Items to backup** step and open the **Select virtual machines** blade. + +1. On the **Select virtual machines** blade, select **az-104-10-vm0**, click **OK**, and, back on the **Backup** blade, click **Enable backup**. + + >**Note**: Wait for the backup to be enabled. This should take about 2 minutes. + +1. Navigate back to the **az104-10-rsv1** Recovery Services vault blade, in the **Protected items** section, click **Backup items**, and then click the **Azure virtal machines** entry. + +1. On the **Backup Items (Azure Virtual Machine)** blade of **az104-10-vm0**, review the values of the **Backup Pre-Check** and **Last Backup Status** entries, and click the **az104-10-vm0** entry. + +1. On the **az104-10-vm0** Backup Item blade, click **Backup now**, accept the default value in the **Retain Backup Till** drop-down list, and click **OK**. + + >**Note**: Do not wait for the backup to complete but instead proceed to the next task. + +#### Task 4: Implement File and Folder backup + +In this task, you will implement file and folder backup by using Azure Recovery Services. + +1. In the Azure portal, search for and select **Virtual machines**, and on the **Virtual machines** blade, click **az104-10-vm1**. + +1. On the **az104-10-vm1** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: Accept any warning prompts when connecting to the target virtual machines. + +1. When prompted, sign in by using the **Student** username and **Pa55w.rd1234** password. + +1. Within the Remote Desktop session to the **az104-10-vm1** Azure virtual machine, in the **Server Manager** window, click **Local Server**, click **IE Enhanced Security Configuration** and turn it **Off** for Administrators. + +1. Within the Remote Desktop session to the **az104-10-vm1** Azure virtual machine, start Internet Explorer, browse to the [Azure portal](https://portal.azure.com), and sign in using your credentials. + +1. In the Azure portal, search for and select **Recovery Services vaults** and, on the **Recovery Services vaults**, click **az104-10-rsv1**. + +1. On the **az104-10-rsv1** Recovery Services vault blade, click **+ Backup**. + +1. On the **Backup Goal** blade, specify the folowing settings: + + | Settings | Value | + | --- | --- | + | Where is your workload running? | **On-premises** | + | What do you want to backup? | **Files and folders** | + + >**Note**: Even though the virtual machine you are using in this task is running in Azure, you can leverage it to evaluate the backup capabilities applicable to any on-premises computer running Windows Server operating system. + +1. On the **Backup Goal** blade, click **Prepare infrastructure**. + +1. On the **Prepare infrastructure** blade, click the **Download Agent for Windows Server or Windows Client** link. + +1. When prompted, click **Run** to start installation of **MARSAgentInstaller.exe** with the default settings. + + >**Note**: On the **Microsoft Update Opt-In** page of the **Microsoft Azure Recovery Services Agent Setup Wizard**, select the **I do not want to use Microsoft Update** installation option. + +1. On the **Installation** page of the **Microsoft Azure Recovery Services Agent Setup Wizard**, click **Proceed to Registration**. This will start **Register Server Wizard**. + +1. Switch to the Internet Explorer window displaying the Azure portal, on the **Prepare infrastructure** blade, select the checkbox **Already downloaded or using the latest Recovery Server Agent**, and click **Download**. + +1. When prompted, whether to open or save the vault credentials file, click **Save**. This will save the vault credentials file to the local Downloads folder. + +1. Switch back to the **Register Server Wizard** window and, on the **Vault Identification** page, click **Browse**. + +1. In the **Select Vault Credentials** dialog box, browse to the **Downloads** folder, click the vault credentials file you downloaded, and click **Open**. + +1. Back on the **Vault Identification** page, click **Next**. + +1. On the **Encryption Setting** page of the **Register Server Wizard**, click **Generate Passphrase**. + +1. On the **Encryption Setting** page of the **Register Server Wizard**, click the **Browse** button next to the **Enter a location to save the passphrase** drop-down list. + +1. In the **Browse For Folder** dialog box, select the **Documents** folder and click **OK**. + +1. Click **Finish**, review the **Microsoft Azure Backup** warning and click **Yes**, and wait for the registration to complete. + + >**Note**: In a production environment, you should store the passphrase file in a secure location other than the server being backed up. + +1. On the **Server Registration** page of the **Register Server Wizard**, review the warning regarding the location of the passphrase file, ensure that the **Launch Microsoft Azure Recovery Services Agent** checkbox is selected and click **Close**. This will automatically open the **Microsoft Azure Backup** console. + +1. In the **Microsoft Azure Backup** console, in the **Actions** pane, click **Schedule Backup**. + +1. In the **Schedule Backup Wizard**, on the **Getting started** page, click **Next**. + +1. On the **Select Items to Backup** page, click **Add Items**. + +1. In the **Select Items** dialog box, expand **C:\\Windows\\System32\\drivers\\etc\\**, select **hosts**, and then click **OK**: + +1. On the **Select Items to Backup** page, click **Next**. + +1. On the **Specify Backup Schedule** page, ensure that the **Day** option is selected, in the first drop-down list box below the **At following times (Maximum allowed is three times a day)** box, select **4:30 AM**, and then click **Next**. + +1. On the **Select Retention Policy** page, accept the defaults, and then click **Next**. + +1. On the **Choose Initial Backup type** page, accept the defaults, and then click **Next**. + +1. On the **Confirmation** page, click **Finish**. When the backup schedule is created, click **Close**. + +1. In the **Microsoft Azure Backup** console, in the Actions pane, click **Back Up Now**. + + >**Note**: The option to run backup on demand becomes available once you create a scheduled backup. + +1. In the Back Up Now Wizard, on the **Select Backup Item** page, ensure that the **Files and Folders** option is selected and click **Next**. + +1. On the **Retain Backup Till** page, accept the default setting and click **Next**. + +1. On the **Confirmation** page, click **Back Up**. + +1. When the backup is complete, click **Close**, and then close Microsoft Azure Backup. + +1. Switch to the Internet Explorer window displaying the Azure portal, navigate back to the Recovery Services vault blade and click **Backup items**. + +1. On the **az104-10-rsv1 - Backup items** blade, click **Azure Backup Agent**. + +1. On the **Backup Items (Azure Backup Agent)** blade, verify that there is an entry referencing the **C:\\** drive of **az104-10-vm1.**. + +#### Task 5: Perform file recovery by using Azure Recovery Services agent + +In this task, you will perform file restore by using Azure Recovery Services agent. + +1. Within the Remote Desktop session to **az104-10-vm1**, open File Explorer, navigate to the **C:\\Windows\\System32\\drivers\\etc\\** folder and delete the **hosts** file. + +1. Switch to the Microsoft Azure Backup window and click **Recover data**. This will start **Recover Data Wizard**. + +1. On the **Getting Started** page of **Recover Data Wizard**, ensue that **This server (az104-10-vm1.)** option is selected and click **Next**. + +1. On the **Select Recovery Mode** page, ensure that **Individual files and folders** option is selected, and click **Next**. + +1. On the **Select Volume and Date** page, in the **Select the volume** drop down list, select **C:\\**, accept the default selection of the available backup, and click **Mount**. + + >**Note**: Wait for the mount operation to complete. This might take about 2 minutes. + +1. On the **Browse And Recover Files** page, note the drive letter of the recovery volume and review the tip regarding the use of robocopy. + +1. Click **Start**, expand the **Windows System** folder, and click **Command Prompt**. + +1. From the Command Prompt, run the following to copy the restore the **hosts** file to the original location (replace `[recovery_volume]` with the drive letter of the recovery volume you identified earlier): + + ``` + robocopy [recovery_volume]:\Windows\System32\drivers\etc C:\Windows\system32\drivers\etc hosts /r:1 /w:1 + ``` + +1. Switch back to the **Recover Data Wizard** and, on the **Browse and Recover File, click **Unmount** and, when prompted to confirm, click **Yes**. + +1. Terminate the Remote Desktop session. + +#### Task 6: Perform file recovery by using Azure virtual machine snapshots + +In this task, you will restore a file from the Azure virtual machine-level snapshot-based backup. + +1. Switch to the browser window running on your lab computer and displaying the Azure portal. + +1. In the Azure portal, search for and select **Virtual machines**, and on the **Virtual machines** blade, click **az104-10-vm0**. + +1. On the **az104-10-vm0** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: Accept any warning prompts when connecting to the target virtual machines. + +1. When prompted, sign in by using the **Student** username and **Pa55w.rd1234** password. + +1. Within the Remote Desktop session to the **az104-10-vm0** Azure virtual machine, in the **Server Manager** window, click **Local Server**, click **IE Enhanced Security Configuration** and turn it **Off** for Administrators. + +1. Within the Remote Desktop session to the **az104-10-vm0**, click **Start**, expand the **Windows System** folder, and click **Command Prompt**. + +1. From the Command Prompt, run the following to delete the **hosts** file: + + ``` + del C:\Windows\system32\drivers\etc\hosts + ``` + + >**Note**: You will restore this file from the Azure virtual machine-level snapshot-based backup later in this task. + +1. Within the Remote Desktop session to the **az104-10-vm0** Azure virtual machine, start Internet Explorer, browse to the [Azure portal](https://portal.azure.com), and sign in using your credentials. + +1. In the Azure portal, search for and select **Recovery Services vaults** and, on the **Recovery Services vaults**, click **az104-10-rsv1**. + +1. On the **az104-10-rsv1** Recovery Services vault blade, in the **Protected items** section, click **Backup items**. + +1. On the **az104-10-rsv1 - Backup items** blade, click **Azure Virtual Machine**. + +1. On the **Backup Items (Azure Virtual Machine)** blade, click **az104-10-vm0**. + +1. On the **az104-10-vm0** Backup Item blade, click **File Recovery**. + + >**Note**: You have the option of running recovery shortly after backup starts besed on the application consistent snapshot. + +1. On the **File Recovery** blade, accept the default recovery point and click **Download Executable**. + + >**Note**: The script mounts the disks from the selected recovery point as local drives within the operating system from which the script is run. + +1. Click **Download** and, when prompted whether to run or save **IaaSVMILRExeForWindows.exe**, click **Run**. + +1. When prompted to provide the password from the portal, copy the password from the **Password to run the script** text box on the **File Recovery** blade, paste it at the Command Prompt, and press **Enter**. + + >**Note**: This will open a Windows PowerShell window displaying the progress of the mount. + + >**Note**: If you receive an error message at this point, refresh the Internet Explorer window and repeat the last three steps. + +1. Wait for the mount process to complete, review the informational messages in the Windows PowerShell window, note the drive letter assigned to the volume hosting **Windows**, and start File Explorer. + +1. In File Explorer, navigate to the drive letter hosting the snapshot of the operating system volume you identified in the previous step and review its content. + +1. Switch to the **Command Prompt** window. + +1. From the Command Prompt, run the following to copy the restore the **hosts** file to the original location (replace `[os_volume]` with the drive letter of the operating system volume you identified earlier): + + ``` + robocopy [os_volume]:\Windows\System32\drivers\etc C:\Windows\system32\drivers\etc hosts /r:1 /w:1 + ``` + +1. Switch back to the **File Recovery** blade in the Azure portal and click **Unmount Disks**. + +1. Terminate the Remote Desktop session. + +#### Task 7: Review the Azure Recovery Services soft delete functionality + +1. On the lab computer, in the Azure portal, search for and select **Recovery Services vaults** and, on the **Recovery Services vaults**, click **az104-10-rsv1**. + +1. On the **az104-10-rsv1** Recovery Services vault blade, in the **Protected items** section, click **Backup items**. + +1. On the **az104-10-rsv1 - Backup items** blade, click **Azure Backup Agent**. + +1. On the **Backup Items (Azure Backup Agent)** blade, click the entry representing the backup of **az104-10-vm1**. + +1. On the **C:\\ on az104-10-vm1.** blade, click the **az104-10-vm1.** link. + +1. On the **az104-10-vm1.** Protected Servers blade, click **Delete**. + +1. On the **Delete** blade, specify the following settings. + + | Settings | Value | + | --- | --- | + | TYPE THE SERVER NAME | **az104-10-vm1.** | + | Reason | **Recycling Dev/Test server** | + | Comments | **az104 10 lab** | + + >**Note**: Make sure to include the trailing period when typing the server name + +1. Enable the checkbox next to the label **There is backup data of 1 backup items associated with this server.I understand that clicking "Confirm" will permanently delete all the cloud backup data. This action cannot be undone. An alert may be sent to the administrators of this subscription notifying them of this deletion** and click **Delete**. + +1. Navigate back to the **az104-10-rsv1 - Backup items** blade and click **Azure Virtual Machines**. + +1. On the **az104-10-rsv1 - Backup items** blade, click **Azure Virtual Machine**. + +1. On the **Backup Items (Azure Virtual Machine)** blade, click **az104-10-vm0**. + +1. On the **az104-10-vm0** Backup Item blade, click **Stop backup**. + +1. On the **Stop backup** blade, select **Delete Backup Data**, specify the following settings and click **Stop backup**: + + | Settings | Value | + | --- | --- | + | Type the name of Backup item | **az104-10-vm0** | + | Reason | **Others** | + | Comments | **az104 10 lab** | + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **Bash**. + + >**Note**: Wait until both backup items are removed. This should take no more than 3 minutes. + +1. Navigate back to the **az104-10-rsv1 - Backup items** blade and click **Refresh**. + + >**Note**: The **Azure Virtual Machine** entry is still lists **1** backup item. + +1. Click the **Azure Virtual Machine** entry and, on the **Backup Items (Azure Virtual Machine)** blade, click the **az104-10-vm0** entry. + +1. On the **az104-10-vm0** Backup Item blade, note that you have the option to **Undelete** the deleted backup. + + >**Note**: This functionality is provided by the soft-delete feature, which is, by default, enabled for Azure virtual machine backups. + +1. Navigate back to the **az104-10-rsv1** Recovery Services vault blade, and in the **Settings** section, click **Properties**. + +1. On the **az104-10-rsv1 - Properties** blade, click the **Update** link under **Security Settings** label. + +1. On the **Security Settings** blade, Disable **Soft Delete (For Azure Virtual Machines)** and click **Save**. + + >**Note**: This will not affect items already in soft delete state. + +1. Close the **Security Settings** blade and, back on the **az104-10-rsv1** Recovery Services vault blade, click **Overview**. + +1. Navigate back to the **az104-10-vm0** Backup Item blade and click **Undelete**. + +1. On the **Undelete az104-10-vm0** blade, click **Undelete**. + +1. Wait for the undelete operation to complete, refresh the browser page, if needed, navigate back to the **az104-10-vm0** Backup Item blade, and click **Delete backup data**. + +1. On the **Delete Backup Data** blade, specify the following settings and click **Delete**: + + | Settings | Value | + | --- | --- | + | Type the name of Backup item | **az104-10-vm0** | + | Reason | **Others** | + | Comments | **az104 10 lab** | + + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-10*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-10*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Provisioned the lab environment +- Created a Recovery Services vault +- Implemented Azure virtual machine-level backup +- Implemented File and Folder backup +- Performed file recovery by using Azure Recovery Services agent +- Performed file recovery by using Azure virtual machine snapshots +- Reviewed the Azure Recovery Services soft delete functionality \ No newline at end of file diff --git a/Instructions/Labs/LAB_11-Implement_Monitoring.md b/Instructions/Labs/LAB_11-Implement_Monitoring.md new file mode 100644 index 00000000..eea38ddd --- /dev/null +++ b/Instructions/Labs/LAB_11-Implement_Monitoring.md @@ -0,0 +1,334 @@ +--- +lab: + title: '11 - Implement Monitoring' + module: 'Module 11 - Monitoring' +--- + +# Lab 11 - Implement Monitoring +# Student lab manual + +## Lab scenario + +You need to evaluate Azure functionality that would provide insight into performance and configuration of Azure resources, focusing in particular on Azure virtual machines. To accomplish this, you intend to examine the capabilities of Azure Monitor, including Log Analytics. + +## Objectives + +In this lab, you will: + ++ Task 1: Provision the lab environment ++ Task 2: Create and configure an Azure Log Analytics workspace and Azure Automation-based solutions ++ Task 3: Review default monitoring settings of Azure virtual machines ++ Task 4: Configure Azure virtual machine diagnostic settings ++ Task 5: Review Azure Monitor functionality ++ Task 6: Review Azure Log Analytics functionality + +## Instructions + +### Exercise 1 + +#### Task 1: Provision the lab environment + +In this task, you will deploy a virtual machine that will be used to test monitoring scenarios. + +1. Sign in to the [Azure portal](https://portal.azure.com). + +1. In the Azure portal, open the **Azure Cloud Shell** by clicking on the icon in the top right of the Azure Portal. + +1. If prompted to select either **Bash** or **PowerShell**, select **PowerShell**. + + >**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**. + +1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Labs\\11\\az104-11-vm-template.json** and **\\Allfiles\\Labs\\11\\az104-11-vm-parameters.json** into the Cloud Shell home directory. + +1. From the Cloud Shell pane, run the following to create the resource group that will be hosting the virtual machines (replace the `[Azure_region]` placeholder with the name of an Azure region where you intend to deploy Azure virtual machines): + + >**Note**: Make sure to choose one of the regions listed as **Log Analytics Workspace Region** in the referenced in [Workspace mappings documentation](https://docs.microsoft.com/en-us/azure/automation/how-to/region-mappings) + + ```pwsh + $location = '[Azure_region]' + + $rgName = 'az104-11-rg0' + + New-AzResourceGroup -Name $rgName -Location $location + ``` + +1. From the Cloud Shell pane, run the following to create the first virtual network and deploy a virtual machine into it by using the template and parameter files you uploaded: + + ```pwsh + New-AzResourceGroupDeployment ` + -ResourceGroupName $rgName ` + -TemplateFile $HOME/az104-11-vm-template.json ` + -TemplateParameterFile $HOME/az104-11-vm-parameters.json ` + -AsJob + ``` + +1. Minimize Cloud Shell pane (but do not close it). + + >**Note**: Do not wait for the deployment to complete but instead proceed to the next task. The deployment should take about 3 minutes. + +#### Task 2: Create and configure an Azure Log Analytics workspace and Azure Automation-based solutions + +In this task, you will create and configure an Azure Log Analytics workspace and Azure Automation-based solutions + +1. In the Azure portal, search for and select **Log Analytics workspaces** and, on the **Log Analytics workspaces** blade, click **+ Add**. + +1. On the **Log Analytics workspace** blade, ensure that the **Create New** option is selected, specify the following settings, and click **OK**: + + | Settings | Value | + | --- | --- | + | Log Analytics Workspace | any unique name | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | the name of a new resource group **az104-11-rg1** | + | Location | the name of the Azure region into which you deployed the virtual machine in the previous task | + | Pricing tier | **Pay-as-you-go** | + + >**Note**: Make sure that you specify the same region into which you deployed virtual machines in the previous task. + + >**Note**: Wait for the deployment to complete. The deployment should take about 1 minute. + +1. In the Azure portal, search for and select **Automation Accounts**, and on the **Automation Accounts** blade, click **+ Add**. + +1. On the **Add Automation Account** blade, specify the following settings, and click **Create**: + + | Settings | Value | + | --- | --- | + | Name | any unique name | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-11-rg1** | + | Location | the name of the Azure region determined based on [Workspace mappings documentation](https://docs.microsoft.com/en-us/azure/automation/how-to/region-mappings) | + | Creat Azure Run As account | **Yes** | + + >**Note**: Make sure that you specify the Azure region based on the [Workspace mappings documentation](https://docs.microsoft.com/en-us/azure/automation/how-to/region-mappings) + + >**Note**: Wait for the deployment to complete. The deployment might take about 3 minutes. + +1. On the **Add Automation Account** blade, click **Refresh** and then click the entry representing your newly created Automation account. + +1. On the Automation account blade, in the **Configuration Management** section, click **Inventory**. + +1. In the **Inventory** pane, in the **Log Analytics workspace** drop-down list, select the Log Analytics workspace you created earlier in this task and click **Enable**. + + >**Note**: Wait for the installation of the corresponding Log Analytics solution to complete. This might take about 3 minutes. + + >**Note**: This automatically installs the **Change tracking** solution as well. + +1. On the Automation account blade, in the **Update Management** section, click **Update management** and click **Enable**. + + >**Note**: Wait for the installation to complete. This might take about 5 minutes. + +#### Task 3: Review default monitoring settings of Azure virtual machines + +In this task, you will review default monitoring settings of Azure virtual machines + +1. In the Azure portal, search for and select **Virtual machines**, and on the **Virtual machines** blade, click **az104-11-vm0**. + +1. On the **az104-11-vm0** blade, in the **Monitoring** section, click **Metrics**. + +1. On the **az104-11-vm0 - Metrics** blade, on the default chart, note that the only available **METRICS NAMESPACE** is **Virtual Machine Host**. + + >**Note**: This is expected, since no guest-level diagnostic settings have been configured yet. + +1. In the **METRICS** drop-down list, review the list of available metrics. + + >**Note**: The list includes a range of CPU, disk, and network-related metrics that can be collected from the virtual machine host, without having access into guest-level metrics. + +1. In the **METRICS** drop-down list, select **Percentage CPU**, in the **AGGREGATION** drop-down list, select **Avg**, and review the resulting chart. + +#### Task 4: Configure Azure virtual machine diagnostic settings + +In this task, you will configure Azure virtual machine diagnostic settings. + +1. On the **az104-11-vm0** blade, in the **Monitoring** section, click **Diagnostic settings**. + +1. On the **Overview** tab of the **az104-11-vm0 - Diagnostic settings** blade, click **Enable guest-level monitoring**. + + >**Note**: Wait for the operation to take effect. This might take about 3 minutes. + +1. Switch to the **Performance counters** tab of the **az104-11-vm0 - Diagnostic settings** blade and review the available counters. + + >**Note**: By default, CPU, memory, disk, and network counters are enabled. You can switch to the **Custom** view for more detailed listing. + +1. Switch to the **Logs** tab of the **az104-11-vm0 - Diagnostic settings** blade and review the available event log collection options. + + >**Note**: By default, log collection includes critical, error, and warning entries from the Application Log and System log, as well as Audit failure entries from the Security log. Here as well you can switch to the **Custom** view for more detailed configuration settings. + +1. On the **az104-11-vm0** blade, in the **Monitoring** section, click **Logs**. + +1. On the **az104-11-vm0 - Logs** blade, ensure that the Log Analytics workspace you created earlier in this lab is selected in the **Choose a Log Analytics Workspace** drop-down list and click **Enable**. + + >**Note**: Do not wait for the operation to complete but instead proceed to the next step. The operation might take about 5 minutes. + +1. On the **az104-11-vm0 - Logs** blade, in the **Monitoring** section, click **Metrics**. + +1. On the **az104-11-vm0 - Metrics** blade, on the default chart, note that at this point, the **METRICS NAMESPACE** drop-down list, in addition to the **Virtual Machine Host** entry includes also the **Guest (classic)** entry. + + >**Note**: This is expected, since you enabled guest-level diagnostic settings. + +1. In the **METRICS** drop-down list, review the list of available metrics. + + >**Note**: The list includes additional guest-level metrics not available when relying on the host-level monitoring only. + +1. In the **METRICS** drop-down list, select **Memory\Available Bytes**, in the **AGGREGATION** drop-down list, select **Avg**, and review the resulting chart. + +#### Task 5: Review Azure Monitor functionality + +1. In the Azure portal, search for and select **Monitor** and, on the **Montor - Overview** blade, click **Metrics**. + +1. In the chart pane on the right hand side of the blade, in the **SCOPE** drop-down list, click **+ Select a scope**. + +1. On the **Select a scope** blade, on the **Browse** tab, navigate to the **az104-11-rg0** resource group, expand it, select the **az104-11-vm0** virtual machine within that resource group, and click **Apply**. + + >**Note**: This gives you the same view and options as those available from the **az104-11-vm0 - Metrics** blade. + +1. On the **Monitor - Metrics** blade, click **New alert rule**. + + >**Note**: Creating an alert rule from Metrics is not supported for metrics from the Guest (classic) metric namespace. This can be accomplished by using Azure Resource Manager templates, as described in the document [Send Guest OS metrics to the Azure Monitor metric store using a Resource Manager template for a Windows virtual machine](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-custom-metrics-guestos-resource-manager-vm) + +1. On the **Create rule** blade, in the **RESOURCE** section, click **Select**, on the **Select a resource** blade, navigate to the **az104-11-vm0** virtual machine entry, select the checkbox next to it, and click **Done**. + +1. On the **Create rule** blade, in the **CONDITION** section, click **Add**. + +1. On the **Configure signal logic** blade, in the list of signals, click **Percentage CPU**, in the **Alert logic** section, specify the following settings (leave others with their default values) and click **Done**: + + | Settings | Value | + | --- | --- | + | Threshold | **Static** | + | Operator | **Greater than** | + | Aggregation type | **Average** | + | Threshold value | **2** | + | Aggregation granularity (Period) | **1 minute** | + | Frequency of evaluation | **Every 1 Minute** | + +1. On the **Create rule** blade, in the **ACTION GROUPS (optional)** section, click **Create**. + +1. On the **Add action group** blade, specify the following settings (leave others with their default values): + + | Settings | Value | + | --- | --- | + | Action group name | **az104-11-ag1** | + | Short name | **az104-11-ag1** | + | Subscription | the name of the Azure subscription you are using in this lab | + | Resource group | **az104-11-rg1** | + +1. On the **Add action group** blade, in the **Actions** section, specify the following settings (leave others with their default values): + + | Settings | Value | + | --- | --- | + | Action group name | **az104-11-ag1 email** | + | Action Type | **Email/SMS/Push/Voice** | + +1. In the **az104-11-ag1 email** action row, click **Edit details** + +1. On the **Email/SMS/Push/Voice** blade, select the **Email** checkbox, type your email address in the **Email** textbox, leave others with their default values, click **OK**, and back on the **Add action group** blade, click **OK** again. + +1. Back on the **Create rule** blade, specify the following settings (leave others with their default values): + + | Settings | Value | + | --- | --- | + | Alert rule name | **CPU Percentage above the test threshold** | + | Description | **CPU Percentage above the test threshold** | + | Severity | **Sev 3** | + | Enable rule upon creation | **Yes** | + +1. Click **Create alert rule** and close the **Create rule** blade. + + >**Note**: It can take up to 10 minutes for a metric alert rule to become active. + +1. In the Azure portal, search for and select **Virtual machines**, and on the **Virtual machines** blade, click **az104-11-vm0**. + +1. On the **az104-11-vm0** blade, click **Connect**, click **Download RDP File** and follow the prompts to start the Remote Desktop session. + + >**Note**: Accept any warning prompts when connecting to the target virtual machines. + +1. When prompted, sign in by using the **Student** username and **Pa55w.rd1234** password. + +1. Within the Remote Desktop session, click **Start**, expand the **Windows System** folder, and click **Command Prompt**. + +1. From the Command Prompt, run the following to copy the restore the **hosts** file to the original location: + + ``` + for /l %a in (0,0,1) do echo a + ``` + + >**Note**: This will initiate the infinite loop that should increase the CPU utilization above the threshold of the newly created alert rule. + +1. Leave the Remote Desktop session open and switch back to the browser window displaying the Azure portal on your lab computer. + +1. In the Azure portal, navigate back to the **Monitor** blade and click **Alerts**. + +1. Note the number of **Sev 3** alerts and then click the **Sev 3** row. + + >**Note**: You might need to wait for a few minutes and click **Refresh**. + +1. On the **All Alerts** blade, review each of the alerts. + +#### Task 6: Review Azure Log Analytics functionality + +1. In the Azure portal, navigate back to the **Monitor** blade, click **Logs**. + + >**Note**: You might need to click **Get Started** if this is the first time you access Log Analytics. + +1. On the **Select a scope** blade, navigate to the **az104-11-rg0** resource group, expand it, select **a104-11-vm0**, and click **Apply**. + +1. Click **Sample queries** in the toolbar, in the **Get started with sample queries** pane, review each tab, locate **Virtual machine available memory**, and click **Run**. + +1. Review the resulting chart and remove the line containing the following text: + + ``` + | where TimeGenerated > ago(1h) + ``` + + >**Note**: As the result, the **Time range** entry in the toolbar changed from **Set in query** to **Last 24 hours**. + +1. Rerun the query and examine the resulting chart. + +1. On the **New Query 1** tab, on the **Tables** tab, review the list of **Virtual machines** tables. + +1. In the list of tables in the **Virtual machines** section, hover the mouse over the **Update** entry and click the **Preview data** icon. + +1. If any data is available, in the **Update** pane, click **See in query editor**. + + >**Note**: You might need to wait a few minutes before the update data becomes available. + +1. Examine output displayed in the query results. + +1. Click **Sample queries** in the toolbar, in the **Get started with sample queries** pane, review each tab, locate **Missing security or critical updates**, and click **Run**. + +1. If any results are displayed, in the query pane, remove the line containing the following text: + + ``` + | summarize count() by Classification + ``` + +1. Rerun the query and examine the details regarding missing security or critical updates. + +#### Clean up resources + + >**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges. + +1. In the Azure portal, open the **PowerShell** session within the **Cloud Shell** pane. + +1. List all resource groups created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-11*' + ``` + +1. Delete all resource groups you created throughout the labs of this module by running the following command: + + ```pwsh + Get-AzResourceGroup -Name 'az104-11*' | Remove-AzResourceGroup -Force -AsJob + ``` + + >**Note**: The command command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed. + +#### Review + +In this lab, you have: + +- Provisioned the lab environment +- Created and configured an Azure Log Analytics workspace and Azure Automation-based solutions +- Reviewed default monitoring settings of Azure virtual machines +- Configured Azure virtual machine diagnostic settings +- Reviewed Azure Monitor functionality +- Reviewed Azure Log Analytics functionality \ No newline at end of file diff --git a/Instructions/Labs/LAB_AK_01_deploying_arm_templates.md b/Instructions/Labs/LAB_AK_01_deploying_arm_templates.md deleted file mode 100644 index 5e253942..00000000 --- a/Instructions/Labs/LAB_AK_01_deploying_arm_templates.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -lab: - title: 'Lab: Deploying Azure Resource Manager templates' - type: 'Answer Key' - module: 'Module 1: Exploring Azure Resource Manager' ---- - -# Lab: Deploying Azure Resource Manager templates -# Student lab answer key - -## Instructions - -### Before you start - -#### Setup Task - -1. Integer dolor purus, gravida eu sem id, efficitur aliquet neque. - -1. Suspendisse viverra mauris in metus laoreet consectetur. - -1. Sed diam risus, convallis quis condimentum at, egestas malesuada libero. - -### Exercise 0: - -#### Task 0: - -1. Quisque dictum convallis metus, vitae vestibulum turpis dapibus non. - - 1. Suspendisse commodo tempor convallis. - - 1. Nunc eget quam facilisis, imperdiet felis ut, blandit nibh. - - 1. Phasellus pulvinar ornare sem, ut imperdiet justo volutpat et. - -1. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. - -1. Vestibulum hendrerit orci urna, non aliquet eros eleifend vitae. - -1. Curabitur nibh dui, vestibulum cursus neque commodo, aliquet accumsan risus. - - ``` - Sed at malesuada orci, eu volutpat ex - ``` - -1. In ac odio vulputate, faucibus lorem at, sagittis felis. - -1. Fusce tincidunt sapien nec dolor congue facilisis lacinia quis urna. - - > **Note**: Ut feugiat est id ultrices gravida. - -1. Phasellus urna lacus, luctus at suscipit vitae, maximus ac nisl. - - - Morbi in tortor finibus, tempus dolor a, cursus lorem. - - - Maecenas id risus pharetra, viverra elit quis, lacinia odio. - - - Etiam rutrum pretium enim. - -1. Curabitur in pretium urna, nec ullamcorper diam. - -#### Review - -Maecenas fringilla ac purus non tincidunt. Aenean pellentesque velit id suscipit tempus. Cras at ullamcorper odio.