diff --git a/New Instructions/AllFiles/Lab03/azuredeploydisk.bicep b/New Instructions/AllFiles/Lab03/azuredeploydisk.bicep deleted file mode 100644 index bfcbc010..00000000 --- a/New Instructions/AllFiles/Lab03/azuredeploydisk.bicep +++ /dev/null @@ -1,36 +0,0 @@ -@description('Name of the managed disk to be copied') -param managedDiskName string = 'diskname' - -@description('Disk size in GiB') -@minValue(4) -@maxValue(65536) -param diskSizeinGiB int = 8 - -@description('Disk IOPS value') -@minValue(100) -@maxValue(160000) -param diskIopsReadWrite int = 100 - -@description('Disk throughput value in MBps') -@minValue(1) -@maxValue(2000) -param diskMbpsReadWrite int = 10 - -@description('Location for all resources.') -param location string = resourceGroup().location - -resource managedDisk 'Microsoft.Compute/disks@2020-09-30' = { - name: managedDiskName - location: location - sku: { - name: 'UltraSSD_LRS' - } - properties: { - creationData: { - createOption: 'Empty' - } - diskSizeGB: diskSizeinGiB - diskIOPSReadWrite: diskIopsReadWrite - diskMBpsReadWrite: diskMbpsReadWrite - } -} diff --git a/New Instructions/AllFiles/Lab04/az104-04-parameters.json b/New Instructions/AllFiles/Lab04/az104-04-parameters.json deleted file mode 100644 index deb0c7a0..00000000 --- a/New Instructions/AllFiles/Lab04/az104-04-parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "virtualNetworks_ManufacturingVnet_name": { - "value": null - } - } -} diff --git a/New Instructions/AllFiles/Lab04/az104-04-template.json b/New Instructions/AllFiles/Lab04/az104-04-template.json deleted file mode 100644 index c70594f4..00000000 --- a/New Instructions/AllFiles/Lab04/az104-04-template.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "virtualNetworks_ManufacturingVnet_name": { - "defaultValue": "ManufacturingVnet", - "type": "String" - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2023-05-01", - "name": "[parameters('virtualNetworks_ManufacturingVnet_name')]", - "location": "westeurope", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "10.30.0.0/16" - ] - }, - "encryption": { - "enabled": false, - "enforcement": "AllowUnencrypted" - }, - "subnets": [ - { - "name": "SensorSubnet1", - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_ManufacturingVnet_name'), 'SensorSubnet1')]", - "properties": { - "addressPrefixes": [ - "10.30.10.0/24" - ], - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "defaultOutboundAccess": true - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "SensorSubnet2", - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_ManufacturingVnet_name'), 'SensorSubnet2')]", - "properties": { - "addressPrefixes": [ - "10.30.20.0/24" - ], - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "defaultOutboundAccess": true - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [], - "enableDdosProtection": false - } - }, - { - "type": "Microsoft.Network/virtualNetworks/subnets", - "apiVersion": "2023-05-01", - "name": "[concat(parameters('virtualNetworks_ManufacturingVnet_name'), '/SensorSubnet1')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_ManufacturingVnet_name'))]" - ], - "properties": { - "addressPrefixes": [ - "10.30.10.0/24" - ], - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "defaultOutboundAccess": true - } - }, - { - "type": "Microsoft.Network/virtualNetworks/subnets", - "apiVersion": "2023-05-01", - "name": "[concat(parameters('virtualNetworks_ManufacturingVnet_name'), '/SensorSubnet2')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_ManufacturingVnet_name'))]" - ], - "properties": { - "addressPrefixes": [ - "10.30.20.0/24" - ], - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled", - "defaultOutboundAccess": true - } - } - ] -} diff --git a/New Instructions/AllFiles/Lab06/az104-06-vms-parameters.json b/New Instructions/AllFiles/Lab06/az104-06-vms-parameters.json deleted file mode 100644 index 56c71555..00000000 --- a/New Instructions/AllFiles/Lab06/az104-06-vms-parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vmSize": { - "value": "Standard_D2s_v3" - }, - "adminUsername": { - "value": "localadmin" - } - } -} diff --git a/New Instructions/AllFiles/Lab06/az104-06-vms-template.json b/New Instructions/AllFiles/Lab06/az104-06-vms-template.json deleted file mode 100644 index 8e5f1ade..00000000 --- a/New Instructions/AllFiles/Lab06/az104-06-vms-template.json +++ /dev/null @@ -1,493 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "virtualMachines_az104_06_vm0_name": { - "defaultValue": "az104-06-vm0", - "type": "String" - }, - "virtualMachines_az104_06_vm1_name": { - "defaultValue": "az104-06-vm1", - "type": "String" - }, - "virtualMachines_az104_06_vm2_name": { - "defaultValue": "az104-06-vm2", - "type": "String" - }, - "virtualNetworks_az104_06_vnet1_name": { - "defaultValue": "az104-06-vnet1", - "type": "String" - }, - "networkInterfaces_az104_06_nic0_name": { - "defaultValue": "az104-06-nic0", - "type": "String" - }, - "networkInterfaces_az104_06_nic1_name": { - "defaultValue": "az104-06-nic1", - "type": "String" - }, - "networkInterfaces_az104_06_nic2_name": { - "defaultValue": "az104-06-nic2", - "type": "String" - }, - "networkSecurityGroups_az104_06_nsg1_name": { - "defaultValue": "az104-06-nsg1", - "type": "String" - }, - "adminPassword": { - "defaultValue": null, - "type": "securestring" - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2023-06-01", - "name": "[parameters('networkSecurityGroups_az104_06_nsg1_name')]", - "location": "[resourceGroup().location]", - "properties": { - "securityRules": [ - { - "name": "default-allow-rdp", - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_az104_06_nsg1_name'), 'default-allow-rdp')]", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "3389", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 1000, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "default-allow-http", - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_az104_06_nsg1_name'), 'default-allow-http')]", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "80", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 1100, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ] - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2023-06-01", - "name": "[parameters('virtualNetworks_az104_06_vnet1_name')]", - "location": "[resourceGroup().location]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "10.60.0.0/22" - ] - }, - "subnets": [ - { - "name": "subnet0", - "properties": { - "addressPrefix": "10.60.0.0/24", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet1", - "properties": { - "addressPrefix": "10.60.1.0/24", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet2", - "properties": { - "addressPrefix": "10.60.2.0/24", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [], - "enableDdosProtection": false - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2023-03-01", - "name": "[parameters('virtualMachines_az104_06_vm0_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic0_name'))]" - ], - "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-Datacenter", - "version": "latest" - }, - "osDisk": { - "osType": "Windows", - "name": "[concat(parameters('virtualMachines_az104_06_vm0_name'), '_disk1')]", - "createOption": "FromImage", - "caching": "ReadWrite", - "deleteOption": "Detach", - "diskSizeGB": 127 - }, - "dataDisks": [] - }, - "osProfile": { - "computerName": "[parameters('virtualMachines_az104_06_vm0_name')]", - "adminUsername": "localadmin", - "adminPassword": "[parameters('adminPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - }, - "enableVMAgentPlatformUpdates": false - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic0_name'))]", - "properties": { - "primary": true - } - } - ] - } - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2023-03-01", - "name": "[parameters('virtualMachines_az104_06_vm1_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic1_name'))]" - ], - "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-Datacenter", - "version": "latest" - }, - "osDisk": { - "osType": "Windows", - "name": "[concat(parameters('virtualMachines_az104_06_vm1_name'), '_disk1')]", - "createOption": "FromImage", - "caching": "ReadWrite", - "deleteOption": "Detach", - "diskSizeGB": 127 - }, - "dataDisks": [] - }, - "osProfile": { - "computerName": "[parameters('virtualMachines_az104_06_vm1_name')]", - "adminUsername": "localadmin", - "adminPassword": "[parameters('adminPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - }, - "enableVMAgentPlatformUpdates": false - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic1_name'))]", - "properties": { - "primary": true - } - } - ] - } - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2023-03-01", - "name": "[parameters('virtualMachines_az104_06_vm2_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic2_name'))]" - ], - "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-Datacenter", - "version": "latest" - }, - "osDisk": { - "osType": "Windows", - "name": "[concat(parameters('virtualMachines_az104_06_vm2_name'), '_disk1')]", - "createOption": "FromImage", - "caching": "ReadWrite", - "deleteOption": "Detach" - }, - "dataDisks": [] - }, - "osProfile": { - "computerName": "[parameters('virtualMachines_az104_06_vm2_name')]", - "adminUsername": "localadmin", - "adminPassword": "[parameters('adminPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - }, - "enableVMAgentPlatformUpdates": false - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic2_name'))]", - "properties": { - "primary": true - } - } - ] - } - } - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2023-03-01", - "name": "[concat(parameters('virtualMachines_az104_06_vm0_name'), '/customScriptExtension')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachines_az104_06_vm0_name'))]" - ], - "properties": { - "autoUpgradeMinorVersion": true, - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.7", - "settings": { - "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)" - }, - "protectedSettings": {} - } - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2023-03-01", - "name": "[concat(parameters('virtualMachines_az104_06_vm1_name'), '/customScriptExtension')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachines_az104_06_vm1_name'))]" - ], - "properties": { - "autoUpgradeMinorVersion": true, - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.7", - "settings": { - "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername) && powershell.exe New-Item -Path 'c:\\inetpub\\wwwroot' -Name 'image' -Itemtype 'Directory' && powershell.exe New-Item -Path 'c:\\inetpub\\wwwroot\\image\\' -Name 'iisstart.htm' -ItemType 'file' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\image\\iisstart.htm' -Value $('Image from: ' + $env:computername)" - }, - "protectedSettings": {} - } - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2023-03-01", - "name": "[concat(parameters('virtualMachines_az104_06_vm2_name'), '/customScriptExtension')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachines_az104_06_vm2_name'))]" - ], - "properties": { - "autoUpgradeMinorVersion": true, - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.7", - "settings": { - "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername) && powershell.exe New-Item -Path 'c:\\inetpub\\wwwroot' -Name 'video' -Itemtype 'Directory' && powershell.exe New-Item -Path 'c:\\inetpub\\wwwroot\\video\\' -Name 'iisstart.htm' -ItemType 'file' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\video\\iisstart.htm' -Value $('Video from: ' + $env:computername)" - }, - "protectedSettings": {} - } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-06-01", - "name": "[parameters('networkInterfaces_az104_06_nic0_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworks_az104_06_vnet1_name'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - ], - "kind": "Regular", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic0_name')), '/ipConfigurations/ipconfig1')]", - "etag": "W/\"2690d608-0b02-47be-a9c9-38f240a8bfbf\"", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.60.0.4", - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_az104_06_vnet1_name'), 'subnet0')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [] - }, - "enableIPForwarding": false, - "disableTcpStateTracking": false, - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - }, - "nicType": "Standard", - "auxiliaryMode": "None", - "auxiliarySku": "None" - } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-06-01", - "name": "[parameters('networkInterfaces_az104_06_nic1_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworks_az104_06_vnet1_name'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - ], - "kind": "Regular", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic1_name')), '/ipConfigurations/ipconfig1')]", - "etag": "W/\"a65f582b-ab26-4a99-aa7f-f5ff9c7c6756\"", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.60.1.4", - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_az104_06_vnet1_name'), 'subnet1')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [] - }, - "enableIPForwarding": false, - "disableTcpStateTracking": false, - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - }, - "nicType": "Standard", - "auxiliaryMode": "None", - "auxiliarySku": "None" - } - }, - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-06-01", - "name": "[parameters('networkInterfaces_az104_06_nic2_name')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworks_az104_06_vnet1_name'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - ], - "kind": "Regular", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_az104_06_nic2_name')), '/ipConfigurations/ipconfig1')]", - "etag": "W/\"52827e59-e77e-4722-89a1-e79cee3c4b41\"", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.62.0.4", - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworks_az104_06_vnet1_name'), 'subnet2')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [] - }, - "enableIPForwarding": false, - "disableTcpStateTracking": false, - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_az104_06_nsg1_name'))]" - }, - "nicType": "Standard", - "auxiliaryMode": "None", - "auxiliarySku": "None" - } - } - ] -} diff --git a/New Instructions/AllFiles/Lab07/az104-lab07-architecture-diagram.png b/New Instructions/AllFiles/Lab07/az104-lab07-architecture-diagram.png deleted file mode 100644 index 7b883425..00000000 Binary files a/New Instructions/AllFiles/Lab07/az104-lab07-architecture-diagram.png and /dev/null differ diff --git a/New Instructions/AllFiles/Lab10/az104-10-vms-edge-parameters.json b/New Instructions/AllFiles/Lab10/az104-10-vms-edge-parameters.json deleted file mode 100644 index e1e85508..00000000 --- a/New Instructions/AllFiles/Lab10/az104-10-vms-edge-parameters.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "adminUsername": { - "value": "localadmin" - }, - "vmNamePrefix": { - "value": "az104-10-vm" - }, - "nicNamePrefix": { - "value": "az104-10-nic" - }, - "imagePublisher": { - "value": "MicrosoftWindowsServer" - }, - "imageOffer": { - "value": "WindowsServer" - }, - "imageSKU": { - "value": "2019-Datacenter" - }, - "vmSize": { - "value": "Standard_D2s_v3" - }, - "virtualNetworkName": { - "value": "az104-10-vnet" - }, - "addressPrefix": { - "value": "10.0.0.0/24" - }, - "virtualNetworkResourceGroup": { - "value": "az104-10-rg10" - }, - "subnet0Name": { - "value": "subnet0" - }, - "subnet0Prefix": { - "value": "10.0.0.0/26" - } - } -} diff --git a/New Instructions/AllFiles/Lab10/az104-10-vms-edge-template.json b/New Instructions/AllFiles/Lab10/az104-10-vms-edge-template.json deleted file mode 100644 index 96f3c619..00000000 --- a/New Instructions/AllFiles/Lab10/az104-10-vms-edge-template.json +++ /dev/null @@ -1,258 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "adminUsername": { - "type": "string", - "metadata": { - "description": "Admin username" - } - }, - "adminPassword": { - "type": "securestring", - "metadata": { - "description": "Admin password" - } - }, - "vmNamePrefix": { - "type": "string", - "defaultValue": "az104-10-vm", - "metadata": { - "description": "VM name prefix" - } - }, - "pipNamePrefix": { - "type": "string", - "defaultValue": "az104-10-pip", - "metadata": { - "description": "Public IP address name prefix" - } - }, - "nicNamePrefix": { - "type": "string", - "defaultValue": "az104-10-nic", - "metadata": { - "description": "Nic name prefix" - } - }, - "imagePublisher": { - "type": "string", - "defaultValue": "MicrosoftWindowsServer", - "metadata": { - "description": "Image Publisher" - } - }, - "imageOffer": { - "type": "string", - "defaultValue": "WindowsServer", - "metadata": { - "description": "Image Offer" - } - }, - "imageSKU": { - "type": "string", - "defaultValue": "2019-Datacenter", - "allowedValues": [ - "2019-Datacenter", - "2019-Datacenter-Server-Core", - "2019-Datacenter-Server-Core-smalldisk" - ], - "metadata": { - "description": "Image SKU" - } - }, - "vmSize": { - "type": "string", - "defaultValue": "Standard_D2s_v3", - "metadata": { - "description": "VM size" - } - }, - "virtualNetworkName": { - "type": "string", - "defaultValue": "az104-10-vnet", - "metadata": { - "description": "Virtual network name" - } - }, - "addressPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/24", - "metadata": { - "description": "Virtual network address prefix" - } - }, - "virtualNetworkResourceGroup": { - "type": "string", - "defaultValue": "az104-10-rg10", - "metadata": { - "description": "Resource group of the VNet" - } - }, - "subnet0Name": { - "type": "string", - "defaultValue": "subnet0", - "metadata": { - "description": "VNet first subnet name" - } - }, - "subnet0Prefix": { - "type": "string", - "defaultValue": "10.0.0.0/26", - "metadata": { - "description": "VNet first subnet prefix" - } - }, - "nsgName": { - "type": "string", - "defaultValue": "az104-10-nsg01", - "metadata": { - "description": "Network security group name" - } - } - }, - "variables": { - "vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]", - "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet0Name'))]", - "numberOfInstances": 1, - "computeAPIVersion": "2018-10-01", - "networkAPIVersion": "2018-12-01" - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "name": "[concat(parameters('nicNamePrefix'), copyindex())]", - "apiVersion": "[variables('networkAPIVersion')]", - "location": "[resourceGroup().location]", - "copy": { - "name": "nicLoop", - "count": "[variables('numberOfInstances')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/',parameters('virtualNetworkName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups/',parameters('nsgName'))]", - "pipLoop" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[variables('subnetRef')]" - }, - "publicIpAddress": { - "id": "[resourceId('Microsoft.Network/publicIpAddresses',concat(parameters('pipNamePrefix'),copyindex()))]" - } - } - } - ], - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" - } - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "name": "[parameters('virtualNetworkName')]", - "apiVersion": "[variables('networkAPIVersion')]", - "location": "[resourceGroup().location]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[parameters('subnet0Name')]", - "properties": { - "addressPrefix": "[parameters('subnet0Prefix')]" - } - } - ] - } - }, - { - "type": "Microsoft.Network/publicIpAddresses", - "name": "[concat(parameters('pipNamePrefix'), copyindex())]", - "apiVersion": "[variables('networkApiVersion')]", - "copy": { - "name": "pipLoop", - "count": "[variables('numberOfInstances')]" - }, - "location": "[resourceGroup().location]", - "properties": { - "publicIpAllocationMethod": "Dynamic" - } - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "name": "[parameters('nsgName')]", - "apiVersion": "[variables('networkApiVersion')]", - "location": "[resourceGroup().location]", - "properties": { - "securityRules": [ - { - "name": "default-allow-rdp", - "properties": { - "priority": 1000, - "sourceAddressPrefix": "*", - "protocol": "Tcp", - "destinationPortRange": "3389", - "access": "Allow", - "direction": "Inbound", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "name": "[concat(parameters('vmNamePrefix'), copyindex())]", - "apiVersion": "[variables('computeAPIVersion')]", - "copy": { - "name": "virtualMachineLoop", - "count": "[variables('numberOfInstances')]" - }, - "location": "[resourceGroup().location]", - "dependsOn": [ - "nicLoop" - ], - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "[parameters('imagePublisher')]", - "offer": "[parameters('imageOffer')]", - "sku": "[parameters('imageSKU')]", - "version": "latest" - }, - "osDisk": { - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "Standard_LRS" - } - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(parameters('nicNamePrefix'),copyindex()))]" - } - ] - } - } - } - ] -} diff --git a/New Instructions/AllFiles/Lab11/az104-11-vm-template.json b/New Instructions/AllFiles/Lab11/az104-11-vm-template.json deleted file mode 100644 index 8dbee63b..00000000 --- a/New Instructions/AllFiles/Lab11/az104-11-vm-template.json +++ /dev/null @@ -1,279 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "adminUsername": { - "type": "string", - "metadata": { - "description": "Admin username" - } - }, - "adminPassword": { - "type": "securestring", - "metadata": { - "description": "Admin password" - } - }, - "vmNamePrefix": { - "type": "string", - "defaultValue": "az104-vm", - "metadata": { - "description": "VM name prefix" - } - }, - "pipNamePrefix": { - "type": "string", - "defaultValue": "az104-pip", - "metadata": { - "description": "Public IP address name prefix" - } - }, - "nicNamePrefix": { - "type": "string", - "defaultValue": "az104-nic", - "metadata": { - "description": "Nic name prefix" - } - }, - "imagePublisher": { - "type": "string", - "defaultValue": "MicrosoftWindowsServer", - "metadata": { - "description": "Image Publisher" - } - }, - "imageOffer": { - "type": "string", - "defaultValue": "WindowsServer", - "metadata": { - "description": "Image Offer" - } - }, - "imageSKU": { - "type": "string", - "defaultValue": "2019-Datacenter", - "allowedValues": [ - "2019-Datacenter", - "2019-Datacenter-Server-Core", - "2019-Datacenter-Server-Core-smalldisk" - ], - "metadata": { - "description": "Image SKU" - } - }, - "vmSize": { - "type": "string", - "defaultValue": "Standard_D2s_v3", - "metadata": { - "description": "VM size" - } - }, - "virtualNetworkName": { - "type": "string", - "defaultValue": "az104-vnet", - "metadata": { - "description": "Virtual network name" - } - }, - "addressPrefix": { - "type": "string", - "defaultValue": "10.0.0.0/24", - "metadata": { - "description": "Virtual network address prefix" - } - }, - "virtualNetworkResourceGroup": { - "type": "string", - "defaultValue": "az104-rg11", - "metadata": { - "description": "Resource group of the VNet" - } - }, - "subnet0Name": { - "type": "string", - "defaultValue": "subnet0", - "metadata": { - "description": "VNet first subnet name" - } - }, - "subnet0Prefix": { - "type": "string", - "defaultValue": "10.0.0.0/26", - "metadata": { - "description": "VNet first subnet prefix" - } - }, - "nsgName": { - "type": "string", - "defaultValue": "az104-nsg01", - "metadata": { - "description": "Network security group name" - } - } - }, - "variables": { - "vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]", - "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet0Name'))]", - "storageAccountName": "[concat('az10411', uniqueString(subscription().subscriptionId))]", - "storageAccountType": "Standard_LRS", - "numberOfInstances": 1, - "computeAPIVersion": "2018-10-01", - "networkAPIVersion": "2018-12-01", - "storageAPIVersion": "2019-04-01" - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "name": "[concat(parameters('nicNamePrefix'), copyindex())]", - "apiVersion": "[variables('networkAPIVersion')]", - "location": "[resourceGroup().location]", - "copy": { - "name": "nicLoop", - "count": "[variables('numberOfInstances')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/',parameters('virtualNetworkName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups/',parameters('nsgName'))]", - "pipLoop" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[variables('subnetRef')]" - }, - "publicIpAddress": { - "id": "[resourceId('Microsoft.Network/publicIpAddresses',concat(parameters('pipNamePrefix'),copyindex()))]" - } - } - } - ], - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]" - } - } - }, - { - "type": "Microsoft.Network/virtualNetworks", - "name": "[parameters('virtualNetworkName')]", - "apiVersion": "[variables('networkAPIVersion')]", - "location": "[resourceGroup().location]", - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[parameters('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[parameters('subnet0Name')]", - "properties": { - "addressPrefix": "[parameters('subnet0Prefix')]" - } - } - ] - } - }, - { - "type": "Microsoft.Network/publicIpAddresses", - "name": "[concat(parameters('pipNamePrefix'), copyindex())]", - "apiVersion": "[variables('networkApiVersion')]", - "copy": { - "name": "pipLoop", - "count": "[variables('numberOfInstances')]" - }, - "location": "[resourceGroup().location]", - "properties": { - "publicIpAllocationMethod": "Dynamic" - } - }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "name": "[parameters('nsgName')]", - "apiVersion": "[variables('networkApiVersion')]", - "location": "[resourceGroup().location]", - "properties": { - "securityRules": [ - { - "name": "default-allow-rdp", - "properties": { - "priority": 1000, - "sourceAddressPrefix": "*", - "protocol": "Tcp", - "destinationPortRange": "3389", - "access": "Allow", - "direction": "Inbound", - "sourcePortRange": "*", - "destinationAddressPrefix": "*" - } - } - ] - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "name": "[variables('storageAccountName')]", - "apiVersion": "[variables('storageAPIVersion')]", - "location": "[resourceGroup().location]", - "sku": { - "name": "[variables('storageAccountType')]" - }, - "kind": "Storage", - "properties": {} - }, - { - "type": "Microsoft.Compute/virtualMachines", - "name": "[concat(parameters('vmNamePrefix'), copyindex())]", - "apiVersion": "[variables('computeAPIVersion')]", - "copy": { - "name": "virtualMachineLoop", - "count": "[variables('numberOfInstances')]" - }, - "location": "[resourceGroup().location]", - "dependsOn": [ - "nicLoop", - "[resourceId('Microsoft.Storage/storageAccounts/',variables('storageAccountName'))]" - ], - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "[parameters('imagePublisher')]", - "offer": "[parameters('imageOffer')]", - "sku": "[parameters('imageSKU')]", - "version": "latest" - }, - "osDisk": { - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "Standard_LRS" - } - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(parameters('nicNamePrefix'),copyindex()))]" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": "true", - "storageUri": "[concat('https://', variables('storageAccountName'), '.blob.core.windows.net')]" - } - } - } - } - ] -} diff --git a/New Instructions/Lab/LAB_01-Manage_Entra_ID_Identities.md b/New Instructions/Lab/LAB_01-Manage_Entra_ID_Identities.md deleted file mode 100644 index 1f81fa7e..00000000 --- a/New Instructions/Lab/LAB_01-Manage_Entra_ID_Identities.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -lab: - title: 'Lab 01: Manage Microsoft Entra ID Identities' - module: 'Administer Identity' ---- - -# Lab 01 - Manage Microsoft Entra ID Identities - -## Lab introduction - -This is the first in a series of labs for Azure Administrators. In this lab, you learn about users and groups. Users and groups are the basic building blocks for an identity solution. - -## Estimated timing: 30 minutes - -## Lab scenario - -Your organization is building a new lab environment for pre-production testing of apps and services. A few engineers are being hired to manage the lab environment, including the virtual machines. To allow the engineers to authenticate by using Microsoft Entra ID, you have been tasked with provisioning users and groups. To minimize administrative overhead, membership of the groups should be updated automatically based on job titles. - -## Interactive lab simulation - -This lab uses an interactive lab simulation. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - ->**Note:** This simulation is being updated. Microsoft Entra ID is the new name for Azure Active Directory (Azure AD). - -+ [Manage Entra ID Identities](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%201). Create and configure users and assign to groups. Create an Azure tenant and manage guest accounts. - -## Architecture diagram -![Diagram of the lab 01 architecture.](../media/az104-lab01-architecture.png) - -## Job skills - -+ Task 1: Create and configure user accounts. -+ Task 2: Create groups and add members. - -## Task 1: Create and configure user accounts - -In this task, you will create and configure user accounts. User accounts will store user data such as name, department, location, and contact information. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - - >**Note:** The Azure portal is used in all the labs. If you are new to the Azure, search for and select `Quickstart Center`. Take a few minutes to watch the **Getting started in the Azure portal** video. Even if you have used the portal before, you will find a few tips and tricks on navigating and customizing the interface. - -1. Search for and select `Microsoft Entra ID`. Microsoft Entra ID is Azure's cloud-based identity and access management solution. Take a few minutes to familiarize yourself with some of the features listed in the left pane. - -1. Select the **Overview** blade and then the **Manage tenants** tab. - - >**Did you know?** A tenant is a specific instance of Microsoft Entra ID containing accounts and groups. Depending on your situation, you can create more tenants and **Switch** between them. - -1. Return to the **Entra ID** page and select **Licenses**. From here you can purchase a license, manage the licenses you have, and assign licenses to users and groups. Select **Licensed features** to see what is available. - -### Create a new user - -1. Select **Users**, then in the **New user** drop-down select **Create new user**. - -1. Create a new user with the following settings (leave others with their defaults). On the **Properties** tab notice all the different types of information that can be included in the user account. - - | Setting | Value | - | --- | --- | - | User principal name | `az104-user1` | - | Display name | `az104-user1` | - | Auto-generate password | **checked** | - | Account enabled | **checked** | - | Job title (Properties tab) | `IT Lab Administrator` | - | Department (Properties tab) | `IT` | - | Usage location (Properties tab) | **United States** | - -1. Once you have finished reviewing, select **Review + create** and then **Create**. - -1. Refresh the page and confirm your new user was created. - -### Invite an external user - -1. In the **New user** drop-down select **Invite an external user**. - - | Setting | Value | - | --- | --- | - | Email | your email address | - | Display name | your name | - | Send invite message | **check the box** | - | Message | `Welcome to Azure and our group project` | - -1. Move to the **Properties** tab. Complete the basic information, including these fields. - - | Setting | Value | - | --- | --- | - | Job title | `IT Lab Administrator` | - | Department | `IT` | - | Usage location (Properties tab) | **United States** | - -1. Select **Review + invite**, and then **Invite**. - -1. **Refresh** the page and confirm the invited user was created. You should receive the invitation email shortly. - - >**Note:** It is unlikely you will be creating user accounts individually. Do you know how your organization plans to create and manage user accounts? - -### Task 2: Create groups and add members - -In this task, you create a group account. Group accounts can include user accounts or devices. These are two basic ways members are assigned to groups: Statically and Dynamically. Static groups require administrators to add and remove members manually. Dynamic groups update automatically based on the properties of a user account or device. For example, job title. - -1. In the Azure portal, search for and select `Groups`. - -1. Take a minute to familiarize yourself with the group settings in the left pane. - - + **Expiration** lets you configure a group lifetime in days. After that time the group must be renewed by the owner. - + **Naming policy** lets you configure blocked words and add a prefix or suffix to group names. - -1. In the **All groups** blade, select **+ New group** and create a new group. - - | Setting | Value | - | --- | --- | - | Group type | **Security** | - | Group name | `IT Lab Administrators` | - | Group description | `Administrators that manage the IT lab` | - | Membership type | **Assigned** | - - >**Note**: An Entra ID Premium P1 or P2 license is required for dynamic membership. If other **Membership types** are available, the options will show up in the drop-down. - - ![Screenshot of create assigned group.](../media/az104-lab01-create-assigned-group.png) - -1. Select **No owners selected**. - -1. In the **Add owners** page, search for and **select** yourself as the owner. Notice you can have more than one owner. - -1. Select **No members selected**. - -1. In the **Add members** pane, search for and **select** the **az104-user1** and the **guest user** you invited. Add both of the users to the group. - -1. Select **Create** to deploy the group. - -1. **Refresh** the page and ensure your group was created. - -1. Select the new group and review the **Members** and **Owners** information. - ->**Note:** You may be managing a large number of groups. Does your organization have a plan for creating groups and adding members? - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are some main takeways for this lab: - -+ A tenant represents your organization and helps you to manage a specific instance of Microsoft cloud services for your internal and external users. -+ Microsoft Entra ID has user and guest accounts. Each account has a level of access specific to the scope of work expected to be done. -+ Groups combine together related users or devices. There are two types of groups including Security and Microsoft 365. -+ Group membership can be statically or dynamically assigned. - - -## Learn more with self-paced training - -+ [Understand Microsoft Entra ID](https://learn.microsoft.com/training/modules/understand-azure-active-directory/). Compare Microsoft Entra ID to Active Directory DS, learn about Microsoft Entra ID P1 and P2, and explore Microsoft Entra Domain Services for managing domain-joined devices and apps in the cloud. -+ [Create Azure users and groups in Microsoft Entra ID](https://learn.microsoft.com//training/modules/create-users-and-groups-in-azure-active-directory/). Create users in Microsoft Entra ID. Understand different types of groups. Create a group and add members. Manage business-to-business guest accounts. -+ [Allow users to reset their password with Microsoft Entra self-service password reset](https://learn.microsoft.com/training/modules/allow-users-reset-their-password/). Evaluate self-service password reset to allow users in your organization to reset their passwords or unlock their accounts. Set up, configure, and test self-service password reset. - - - diff --git a/New Instructions/Lab/LAB_02a_Manage_Subscriptions_and_RBAC_Entra.md b/New Instructions/Lab/LAB_02a_Manage_Subscriptions_and_RBAC_Entra.md deleted file mode 100644 index b72ef26f..00000000 --- a/New Instructions/Lab/LAB_02a_Manage_Subscriptions_and_RBAC_Entra.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -lab: - title: 'Lab 02a: Manage Subscriptions and RBAC' - module: 'Administer Governance and Compliance' ---- - -# Lab 02a - Manage Subscriptions and RBAC - -## Lab introduction - -In this lab, you learn about role-based access control. You learn how to use permissions and scopes to control what actions identities can and cannot perform. You also learn how to make subscription management easier using management groups. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 30 minutes - -## Lab scenario - -To simplify management of Azure resources in your organization, you have been tasked with implementing the following functionality: - -- Creating a management group that includes all your Azure subscriptions. - -- Granting permissions to submit support requests for all subscriptions in the management group. The permissions should be limited only to: - - - Create and manage virtual machines - - Create support request tickets (do not include adding Azure providers) - - -## Interactive lab simulations - -There are some interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Manage access with RBAC](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2014). Assign built-in role to a user and monitor the activity logs. - -+ [Manage subscriptions and RBAC](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%202). Implement a management group and create and assign a custom RBAC role. - -+ [Open a support request](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2022). Review support plan options, then create and monitor a support request, technical or billing. - -## Architecture diagram - -![Diagram of lab tasks.](../media/az104-lab02a-architecture.png) - -## Job skills - -+ Task 1: Implement management groups. -+ Task 2: Review and assign a built-in Azure role. -+ Task 3: Create a custom RBAC role. -+ Task 4: Monitor role assignments with the Activity Log. - -## Task 1: Implement Management Groups - -In this task, you will create and configure management groups. Management groups are used to logically organize subscriptions. Subscriptions should be segmented and allow for RBAC and Azure Policy to be assigned and inherited to other management groups and subscriptions. For example, if your organization has a dedicated support team for Europe, you can organize European subscriptions into a management group to provide the support staff access to those subscriptions (without providing individual access to all subscriptions). In our scenario everyone at the Help Desk will need to create a support request across all subscriptions. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Microsoft Entra ID`. - -1. In the **Manage** blade, select **Properties**. - -1. Review the **Access management for Azure resources** area. Ensure you can manage access to all Azure subscriptions and management groups in the tenant. - -1. Search for and select `Management groups`. - -1. On the **Management groups** blade, click **+ Create**. - -1. Create a management group with the following settings. Select **Submit** when you are done. - - | Setting | Value | - | --- | --- | - | Management group ID | `az104-mg1` (must be unique in the directory) | - | Management group display name | `az104-mg1` | - -1. **Refresh** the management group page to ensure your new management group displays. This may take a minute. - - >**Note:** Did you notice the root management group? The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. After creating a management group, you would add any subscriptions that should be included in the group. - -## Task 2: Review and assign a built-in Azure role - -In this task, you will review the built-in roles and assign the VM Contributor role to a member of the Help Desk. Azure provides a large number of [built-in roles](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles). - -1. Select the **az104-mg1** management group. - -1. Select the **Access control (IAM)** blade, and then the **Roles** tab. - -1. Scroll through the built-in role definitions that are available. **View** a role to get detailed information about the **Permissions**, **JSON**, and **Assignments**. You will often use *owner*, *contributor*, and *reader*. - -1. Select **+ Add**, from the drop-down menu, select **Add role assignment**. - -1. On the **Add role assignment** blade, search for and select the **Virtual Machine Contributor**. The Virtual machine contributor role lets you manage virtual machines, but not access their operating system or manage the virtual network and storage account they are connected to. This is a good role for the Help Desk. Select **Next**. - - >**Did you know?** Azure originally provided only the **Classic** deployment model. This has been replaced by the **Azure Resource Manager** deployment model. As a best practice, do not use classic resources. - -1. On the **Members** tab, **Select Members**. - - >**Note:** The next step assigns the role to the **helpdesk** group. If you do not have a Help Desk group, take a minute to create it. - -1. Search for and select the `helpdesk` group. Click **Select**. - -1. Click **Review + assign** twice to create the role assignment. - -1. Continue on the **Access control (IAM)** blade. On the **Role assignments** tab, confirm the **helpdesk** group has the **Virtual Machine Contributor** role. - - >**Note:** As a best practice always assign roles to groups not individuals. - - >**Did you know?** This assignment might not actually grant you any additional privileges. If you already have the Owner role, that role includes all permissions associated with the VM Contributor role. - -## Task 3: Create a custom RBAC role - -In this task, you will create a custom RBAC role. Custom roles are a core part of implementing the principle of least privilege for an environment. Built-in roles might have too many permissions for your scenario. In this task we will create a new role and remove permissions that are not be necessary. Do you have a plan for managing overlapping permissions? - -1. Continue working on your management group. In the **Access control (IAM)** blade, select the **Check access** tab. - -1. In the **Create a custom role** box, select **Add**. - -1. On the Basics tab complete the configuration. - - | Setting | Value | - | --- | --- | - | Custom role name | `Custom Support Request` | - | Description | ``A custom contributor role for support requests.` | - -1. For **Baseline permissions**, select **Clone a role**. In the **Role to clone** drop-down menu, select **Support Request Contributor**. - - ![Screenshot clone a role.](../media/az104-lab02a-clone-role.png) - -1. Select **Next** to move to the **Permissions** tab, and then select **+ Exclude permissions**. - -1. In the resource provider search field, enter `.Support` and select **Microsoft.Support**. - -1. In the list of permissions, place a checkbox next to **Other: Registers Support Resource Provider** and then select **Add**. The role should be updated to include this permission as a *NotAction*. - - >**Note:** An Azure resource provider is a set of REST operations that enable functionality for a specific Azure service. We do not want the Help Desk to be able to have this capability, so it is being removed from the cloned role. You could also selete and add other capabilities to the new role. - -1. On the **Assignable scopes** tab, ensure your management group is listed, then click **Next**. - -1. Review the JSON for the *Actions*, *NotActions*, and *AssignableScopes* that are customized in the role. - -1. Select **Review + Create**, and then select **Create**. - - >**Note:** At this point, you have created a custom role and assigned it to the management group. - -## Task 4: Monitor role assignments with the Activity Log - -In this task, you view the activity log to determine if anyone has created a new role. - -1. In the portal locate the **az104-mg1** resource and select **Activity log**. The activity log provides insight into subscription-level events. - -1. Review the activites for role assignments. The activity log can be filtered for specific operations. - - ![Screenshot of the Activity log page with configured filter.](../media/az104-lab02a-searchactivitylog.png) - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Management groups are used to logically organize subscriptions. -+ The built-in root management group includes all the management groups and subscriptions. -+ Azure has many built-in roles. You can assign these roles to control access to resources. -+ You can create new roles or customize existing roles. -+ Roles are defined in a JSON formatted file and include *Actions*, *NotActions*, and *AssignableScopes*. -+ You can use the Activity Log to monitor role assignments. - -## Learn more with self-paced training - -+ [Secure your Azure resources with Azure role-based access control (Azure RBAC)](https://learn.microsoft.com/training/modules/secure-azure-resources-with-rbac/). Use Azure RBAC to manage access to resources in Azure. -+ [Create custom roles for Azure resources with role-based access control (RBAC)](https://learn.microsoft.com/training/modules/create-custom-azure-roles-with-rbac/). Understand the structure of role definitions for access control. Identify the role properties to use that define your custom role permissions. Create an Azure custom role and assign to a user. - - - - - diff --git a/New Instructions/Lab/LAB_02b-Manage_Governance_via_Azure_Policy.md b/New Instructions/Lab/LAB_02b-Manage_Governance_via_Azure_Policy.md deleted file mode 100644 index fea05315..00000000 --- a/New Instructions/Lab/LAB_02b-Manage_Governance_via_Azure_Policy.md +++ /dev/null @@ -1,257 +0,0 @@ ---- -lab: - title: 'Lab 02b: Manage Governance via Azure Policy' - module: 'Administer Governance and Compliance' ---- - -# Lab 02b - Manage Governance via Azure Policy - -## Lab introduction - -In this lab, you learn how to implement your organization’s governance plans. You learn how Azure policies can ensure operational decisions are enforced across the organization. You learn how to use resource tagging to improve reporting. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 30 minutes - -## Lab scenario - -Your organization's cloud footprint has grown considerably in the last year. During a recent audit, you discovered a substantial number of resources that do not have a defined owner, project, or cost center. In order to improve management of Azure resources in your organization, you decide to implement the following functionality: - -- apply resource tags to attach important metadata to Azure resources - -- enforce the use of resource tags for new resources by using Azure policy - -- update existing resources with resource tags - -- use resource locks to protect configured resources - -## Interactive lab simulations - -There are several interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Manage resource locks](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2015). Add a resource lock and test to confirm. - -+ [Create an Azure policy](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2017). Create an Azure policy that restricts the location resources can be located. Create a new resource and ensure the policy is enforced. - -+ [Manage governance via Azure policy](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%203). Create and assign tags via the Azure portal. Create an Azure policy that requires tagging. Remediate non-compliant resources. - -## Architecture diagram - -![Diagram of the task architecture.](../media/az104-lab02b-architecture.png) - -## Job skills - -+ Task 1: Create and assign tags via the Azure portal. -+ Task 2: Enforce tagging via an Azure Policy. -+ Task 3: Apply tagging via an Azure Policy. -+ Task 4: Configure and test resource locks. - -## Task 1: Assign tags via the Azure portal - -In this task, you will create and assign a tag to an Azure resource group via the Azure portal. Tags are a critical component of a governance strategy as outlined by the Microsoft Well-Architected Framework and Cloud Adoption Framework. Tags can allow you to quickly identify resource owners, sunset dates, group contacts, and other name/value pairs that your organization deems important. For this task, you assign a tag identifying the resource role ('Infra' for 'Infrastructure'). - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Resource groups`. - -1. From the Resource groups, select **+ Create**. - - | Setting | Value | - | --- | --- | - | Subscription name | your subscription | - | Resource group name | `az104-rg2` | - | Location | **East US** | - - >**Note:** For each lab in this course you will create a new resource group. This lets you quickly locate and manage your lab resources. - -1. Select **Next: Tags** and create a new tag. - - | Setting | Value | - | --- | --- | - | Name | `Cost Center` | - | Value | `000` | - -1. Select **Review + Create**, and then select **Create**. - -## Task 2: Enforce tagging via an Azure Policy - -In this task, you will assign the built-in *Require a tag and its value on resources* policy to the resource group and evaluate the outcome. Azure Policy can be used to enforce configuration, and in this case, governance, to your Azure resources. - -1. In the Azure portal, search for and select `Policy`. - -1. In the **Authoring** blade, select **Definitions**. Take a moment to browse through the list of [built-in policy definitions](https://learn.microsoft.com/azure/governance/policy/samples/built-in-policies) that are available for you to use. Notice you can also search for a definition. - - ![Screenshot of the policy definition.](../media/az104-lab02b-policytags.png) - -1. Click the entry representing the **Require a tag and its value on resources** built-in policy. Take a minute to review the definition. - -1. On the **Require a tag and its value on resources** built-in policy definition blade, click **Assign**. - -1. Specify the **Scope** by clicking the ellipsis button and selecting the following values. Click **Select** when you are done. - - | Setting | Value | - | --- | --- | - | Subscription | *your subscription* | - | Resource Group | **az104-rg2** | - - >**Note**: You can assign policies on the management group, subscription, or resource group level. You also have the option of specifying exclusions, such as individual subscriptions, resource groups, or resources. In this scenario, we want the tag on all the resources in the resource group. - -1. Configure the **Basics** properties of the assignment by specifying the following settings (leave others with their defaults): - - | Setting | Value | - | --- | --- | - | Assignment name | `Require Cost Center tag with Default value`| - | Description | `Require Cost Center tag with default value for all resources in the resource group`| - | Policy enforcement | Enabled | - - >**Note**: The **Assignment name** is automatically populated with the policy name you selected, but you can change it. The **Description** is optional. Notice you can disable the policy at any time. - -1. Click **Next** twice and set **Parameters** to the following values: - - | Setting | Value | - | --- | --- | - | Tag Name | `Cost Center` | - | Tag Value | `000` | - -1. Click **Next** and review the **Remediation** tab. Leave the **Create a Managed Identity** checkbox unchecked. - -1. Click **Review + Create** and then click **Create**. - - >**Note**: Now you will verify that the new policy assignment is in effect by attempting to create an Azure Storage account in the resource group. You will create the storage account without adding the required tag. - - >**Note**: It might take between 5 and 10 minutes for the policy to take effect. - -1. In the portal, search for and select `Storage Account`, and select **+ Create**. - -1. On the **Basics** tab of the **Create storage account** blade, complete the configuration. - - | Setting | Value | - | --- | --- | - | Resource group | **az104-rg2** | - | Storage account name | *any globally unique combination of between 3 and 24 lower case letters and digits, starting with a letter* | - -1. Select **Review** and then click **Create**: - -1. Once you create the deployment, you should see the **Deployment failed** message in the **Notifications** list of the portal. From the **Notifications** list, navigate to the deployment overview and click the **Deployment failed. Click here for details** message to identify the reason for the failure. - - ![Screenshot of the disallowed policy error.](../media/az104-lab02b-policyerror.png) - - >**Note**: Verify the error message states that the resource deployment was disallowed by the policy. - - >**Note**: By clicking the **Raw Error** tab, you can find more details about the error, including the name of the role definition **Require Cost Center tag with Default value**. The deployment failed because the storage account you attempted to create did not have a tag named **Cost Center** with its value set to **Default**. - -## Task 3: Apply tagging via an Azure policy - -In this task, we will use the new policy definition to remediate any non-compliant resources. In this scenario, we will make any child resources of a resource group inherit the **Cost Center** tag that was defined on the resource group. - -1. In the Azure portal, search for and select `Policy`. - -1. In the **Authoring** section, click **Assignments**. - -1. In the list of assignments, click the ellipsis icon in the row representing the **Require Cost Center tag with Default value** policy assignment and use the **Delete assignment** menu item to delete the assignment. - -1. Click **Assign policy** and specify the **Scope** by clicking the ellipsis button and selecting the following values: - - | Setting | Value | - | --- | --- | - | Subscription | your Azure subscription | - | Resource Group | `az104-rg2` | - -1. To specify the **Policy definition**, click the ellipsis button and then search for and select `Inherit a tag from the resource group if missing`. - -1. Select **Add** and then configure the remaining **Basics** properties of the assignment. - - | Setting | Value | - | --- | --- | - | Assignment name | `Inherit the Cost Center tag and its value 000 from the resource group if missing` | - | Description | `Inherit the Cost Center tag and its value 000 from the resource group if missing` | - | Policy enforcement | Enabled | - -1. Click **Next** twice and set **Parameters** to the following values: - - | Setting | Value | - | --- | --- | - | Tag Name | `Cost Center` | - -1. Click **Next** and, on the **Remediation** tab, configure the following settings (leave others with their defaults): - - | Setting | Value | - | --- | --- | - | Create a remediation task | enabled | - | Policy to remediate | **Inherit a tag from the resource group if missing** | - - >**Note**: This policy definition includes the **Modify** effect. So, a managed identity is required. - - ![Screenshot of the policy remediation page. ](../media/az104-lab02b-policyremediation.png) - -1. Click **Review + Create** and then click **Create**. - - >**Note**: To verify that the new policy assignment is in effect, you will create another Azure storage account in the same resource group without explicitly adding the required tag. - - >**Note**: It might take between 5 and 10 minutes for the policy to take effect. - -1. Search for and select `Storage Account`, and click **+ Create**. - -1. On the **Basics** tab of the **Create storage account** blade, verify that you are using the Resource Group that the Policy was applied to and specify the following settings (leave others with their defaults) and click **Review**: - - | Setting | Value | - | --- | --- | - | Storage account name | *any globally unique combination of between 3 and 24 lower case letters and digits, starting with a letter* | - -1. Verify that this time the validation passed and click **Create**. - -1. Once the new storage account is provisioned, click **Go to resource**. - -1. On the **Tags** blade, note that the tag **Cost Center** with the value **000** has been automatically assigned to the resource. - - >**Did you know?** If you search for and select **Tags** in the portal, you can view the resources with a specific tag. - -## Task 4: Configure and test resource locks - -In this task, you configure and test a resource lock. Locks prevent either deletions or modifications of a resource. - -1. Search for and select your resource group. - -1. In the **Settings** blade, select **Locks**. - -1. Select **Add** and complete the resource lock information. When finished select **Ok**. - - | Setting | Value | - | --- | --- | - | Lock name | `rg-lock` | - | Lock type | **delete** (notice the selection for read-only) | - -1. Navigate to the resource group **Overview** blade, and select **Delete resource group**. - -1. In the **Enter resource group name to confirm deletion** textbox provide the resource group name, `az104-rg2`. Notice you can copy and paste the resource group name. - -1. Notice the warning: Deleting this resource group and its dependent resources is a permanent action and cannot be undone. Select **Delete**. - -1. You should receive a notification denying the deletion. - - ![Screenshot of the failure to delete message.](../media/az104-lab02b-failuretodelete.png) - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure tags are metadata that consists of a key-value pair. Tags describe a particular resource in your environment. In particular, tagging in Azure enables you to label your resources in a logical manne. -+ Azure Policy establishes conventions for resources. Policy definitions describe resource compliance conditions and the effect to take if a condition is met. A condition compares a resource property field or a value to a required value. There are many built-in policy definitions and you can customize the policies. -+ The Azure Policy remediation task feature is used to bring resources into compliance based on a definition and assignment. Resources that are non-compliant to a modify or deployIfNotExist definition assignment, can be brought into compliance using a remediation task. -+ You can configure a resource lock on a subscription, resource group, or resource. The lock can protect a resource from accidental user deletions and modifications. The lock overrides any user permissions. -+ Azure Policy is pre-deployment security practice. RBAC and resource locks are post-deployment security practice. - -## Learn more with self-paced training - -+ [Design an enterprise governance strategy](https://learn.microsoft.com/training/modules/enterprise-governance/). Use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals. - - diff --git a/New Instructions/Lab/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md b/New Instructions/Lab/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md deleted file mode 100644 index 6896b663..00000000 --- a/New Instructions/Lab/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md +++ /dev/null @@ -1,276 +0,0 @@ ---- -lab: - title: 'Lab 03: Manage Azure resources by using Azure Resource Manager Templates' - module: 'Administer Azure Resources' ---- - -# Lab 03 - Manage Azure resources by using Azure Resource Manager Templates - -## Lab introduction - -In this lab, you learn how to automate resource deployments. You learn about Azure Resource Manager templates and Bicep templates. You learn about the different ways of deploying the templates. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 50 minutes - -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Manage Azure resources by using Azure Resource Manager templates](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%205). Review, create, and deploy a managed disks with a template. - -+ [Create a virtual machine with a template](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%209). Deploy a virtual machine with a QuickStart template. - -## Lab scenario - -Your team wants to look at ways to automate and simplify resource deployments. Your organization is looking for ways to reduce administrative overhead, reduce human error and increase consistency. - -## Architecture diagram - -![Diagram of the tasks.](../media/az104-lab03-architecture.png) - -## Job skills - -+ Task 1: Create an Azure Resource Manager template. -+ Task 2: Edit an Azure Resource Manager template and redeploy the template. -+ Task 3: Configure the Cloud Shell and deploy a template with Azure PowerShell. -+ Task 4: Deploy a template with the CLI. -+ Task 5: Deploy a resource by using Azure Bicep. - -## Task 1: Create an Azure Resource Manager template - -In this task, we will create a managed disk in the Azure portal. Managed disks are storage designed to be used with virtual machines. Once the disk is deployed you will export a template that you can use in other deployments. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Disks`. - -1. On the Disks page, select **Create**. - -1. On the **Create a managed disk** page, configure the disk and then select **Ok**. - - | Setting | Value | - | --- | --- | - | Subscription | *your subscription* | - | Resource Group | `az104-rg3` (If necessary, select **Create new**.) - | Disk name | `az104-disk1` | - | Region | **East US** | - | Availability zone | **No infrastructure redundancy required** | - | Source type | **None** | - | Performance | **Standard HDD** (change size) | - | Size | **32 Gib** | - - >**Note:** We are creating a simple managed disk so you can practice with templates. Azure managed disks are block-level storage volumes that are managed by Azure. - -1. Click **Review + Create** then select **Create**. - -1. Monitor the notifications (upper right) and after the deployment select **Go to resource**. - -1. In the **Automation** blade, select **Export template**. - -1. Take a minute to review the **Template** and **Parameters** files. - -1. Click **Download** and save the templates to the local drive. This creates a compressed zipped file. - -1. Use File Explorer to extract the content of the downloaded file into the **Downloads** folder on your computer. Notice there are two JSON files (template and parameters). - - >**Did you know?** You can export an entire resource group or just specific resources within that resource group. - -## Task 2: Edit an Azure Resource Manager template and then redeploy the template - -In this task, you use the downloaded template to deploy a new managed disk. This task outlines how to quicky and easily repeat deployments. - -1. In the Azure portal, search for and select `Deploy a custom template`. - -1. On the **Custom deployment** blade, notice there is the ability to use a **Quickstart template**. There are many built-in templates as shown in the drop-down menu. - -1. Instead of using a Quickstart, select **Build your own template in the editor**. - -1. On the **Edit template** blade, click **Load file** and upload the **template.json** file you downloaded to the local disk. - -1. Within the editor pane, make these changes. - - + Change **disks_az104_disk1_name** to `disk_name` (two places to change) - + Change **az104_disk1** to `az102_disk2` (one place to change) - -1. Notice this is a **Standard** disk. The location is **eastus**. The disk size is **32GB**. - -1. **Save** your changes. - -1. Dpn't forget the parameters file. Select **Edit parameters**, click **Load file** and upload the **parameters.json**. - -1. Make this change so it matches the template file. - - Change **disks_az104_disk1_name** to **disk_name** (one place to change) - -1. **Save** your changes. - -1. Complete the custom deployment settings: - - | Setting | Value | - | --- |--- | - | Subscription | *your subscription* | - | Resource Group | `az104-rg3` | - | Region | **(US) East US)** | - | Disk_name | `az104-disk2` | - -1. Select **Review + Create** and then select **Create**. - -1. Select **Go to resource**. Verify **az104-disk2** was created. - -1. On the **Overview** blade, select the resource group, **az104-rg3**. You should now have two disks. - -1. In the **Settings** section, click **Deployments**. - - >**Note:** All deployments details are documented in the resource group. It is a good practice to review the first few template-based deployments to ensure success prior to using the templates for large-scale operations. - -1. Select a deployment and review the content of the **Input** and **Template** blades. - -## Task 3: Configure the Cloud Shell and deploy a template with Azure PowerShell - -In this task, you work with the Azure Cloud Shell and Azure PowerShell. Azure Cloud Shell is an interactive, authenticated, browser-accessible terminal for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. In this task, you use PowerShell to deploy a template. - -1. Select the **Cloud Shell** icon in the top right of the Azure Portal. Alternately, you can navigate directly to `https://shell.azure.com`. - - ![Screenshot of cloud shell icon.](../media/az104-lab03-cloudshell-icon.png) - -1. When prompted to select either **Bash** or **PowerShell**, select **PowerShell**. - - >**Did you know?** If you mostly work with Linux systems, Bash (CLI) feels more familiar. If you mostly work with Windows systems, Azure PowerShell feels more familiar. - -1. On the **You have no storage mounted** screen select **Show advanced settings** and provide the required information. - - >**Note:** As you work with the Cloud Shell a storage account and file share is required. - - | Settings | Values | - | -- | -- | - | Resource Group | **az104-rg3** | - | Storage account (Create new) | `sacloudshell` (must be globally unique, between 3 and 24 characters in length and use numbers and lower case letters only) | - | File share (Create new) | `fs-cloudshell` | - -1. When completed select **Create storage**. You only need to do this the first time you use the Cloud Shell. It will take a couple of minutes to provision the storage. - -1. Use the **Upload/Download files** icon to upload the template and parameters file from the downloads directory. You will need to upload each file separately. - -1. Verify your files are available in the Cloud Shell storage. - - ```powershell - dir - ``` - >**Note**: If you need to, you can use **cls** to clear the command window. You can use the arrow keys to move the command history. - -1. Select the **Editor** (curly brackets) icon and navigate to the parameters JSON file. - -1. Make a change. For example, change the disk name to **az104-disk3**. Use **Ctrl +S** to save your changes. - - >**Note**: You can target your template deployment to a resource group, subscription, management group, or tenant. Depending on the scope of the deployment, you use different commands. - -1. To deploy to a resource group, use **New-AzResourceGroupDeployment**. - - ```powershell - New-AzResourceGroupDeployment -ResourceGroupName az104-rg3 -TemplateFile template.json -TemplateParameterFile parameters.json - ``` -1. Ensure the command completes and the ProvisioningState is **Succeeded**. - -1. Confirm the disk was created. - - ```powershell - Get-AzDisk - ``` - -## Task 5: Deploy a template with the CLI - -1. Continue in the **Cloud Shell** select **Bash**. **Confirm** your choice. - -1. Verify your files are available in the Cloud Shell storage. If you completed the previous task your template files should be available. - - ```sh - ls - ``` - -1. Select the **Editor** (curly brackets) icon and navigate to the parameters JSON file. - -1. Make a change. For example, change the disk name to **az104-disk4**. Use **Ctrl +S** to save your changes. - - >**Note**: You can target your template deployment to a resource group, subscription, management group, or tenant. Depending on the scope of the deployment, you use different commands. - -1. To deploy to a resource group, use **az deployment group create**. - - ```sh - az deployment group create --resource-group az104-rg3 --template-file template.json --parameters parameters.json - ``` - -1. Ensure the command completes and the ProvisioningState is **Succeeded**. - -1. Confirm the disk was created. - - ```sh - az disk list --output table - ``` - -## Task 6: Deploy a resource by using Azure Bicep - -In this task, you will use a Bicep file to deploy a managed disk. Bicep is a declarative automation tool that is built on ARM templates. - -1. Continue working in the **Cloud Shell** in a **Bash** session. - -1. Locate and download the **\Allfiles\Lab03\azuredeploydisk.bicep** file. - -1. **Upload** the bicep file to the Cloud Shell. - -1. Select the **Editor** (curly brackets) icon and navigate to the file. - -1. Take a minute to read through the bicep template file. Notice how the disk resource is defined. - -1. Make the following changes: - - + Change the **managedDiskName** value to `Disk4`. - + Change the **sku name** value to `StandardSSD_LRS`. - + Change the **diskSizeinGiB** value to `32`. - -1. Use **Ctrl +S** to save your changes. - -1. Now, deploy the template. - - ``` - az deployment group create --resource-group az104-rg3 --template-file azuredeploydisk.bicep - ``` - -1. Confirm the disk was created. - - ```sh - az disk list --output table - ``` - - >**Note:** You have successfully deployed five managed disks, each in a different way. Nice job! - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure Resource Manager templates let you deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. -+ An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that lets you manage your infrastructure declaratively rather than with scripts. -+ Rather than passing parameters as inline values in your template, you can use a separate JSON file that contains the parameter values. -+ Azure Resource Manager templates can be deployed in a variety of ways including the Azure portal, Azure PowerShell, and CLI. -+ Bicep is an alternative to Azure Resource Manager templates. Bicep uses a declarative syntax to deploy Azure resources. - -Bicep provides concise syntax, reliable type safety, and support for code reuse. Bicep offers a first-class authoring experience for your infrastructure-as-code solutions in Azure. - -## Learn more with self-paced training - -+ [Deploy Azure infrastructure by using JSON ARM templates](https://learn.microsoft.com/training/modules/create-azure-resource-manager-template-vs-code/). Write JSON Azure Resource Manager templates (ARM templates) by using Visual Studio Code to deploy your infrastructure to Azure consistently and reliably. -+ [Review the features and tools for Azure Cloud Shell](https://learn.microsoft.com/training/modules/review-features-tools-for-azure-cloud-shell/). Cloud Shell features and tools. -+ [Manage Azure resources with Windows PowerShell](https://learn.microsoft.com/training/modules/manage-azure-resources-windows-powershell/). This module explains how to install the necessary modules for cloud services management and use PowerShell commands to perform simple administrative tasks on cloud resources like Azure virtual machines, Azure subscriptions and Azure storage accounts. -+ [Introduction to Bash](https://learn.microsoft.com/training/modules/bash-introduction/). Use Bash to manage IT infrastructure. -+ [Build your first Bicep template](https://learn.microsoft.com/training/modules/build-first-bicep-template/). Define Azure resources within a Bicep template. Improve the consistency and reliability of your deployments, reduce the manual effort required, and scale your deployments across environments. Your template will be flexible and reusable by using parameters, variables, expressions, and modules. - - diff --git a/New Instructions/Lab/LAB_04-Implement_Virtual_Networking.md b/New Instructions/Lab/LAB_04-Implement_Virtual_Networking.md deleted file mode 100644 index f5e59eb1..00000000 --- a/New Instructions/Lab/LAB_04-Implement_Virtual_Networking.md +++ /dev/null @@ -1,365 +0,0 @@ ---- -lab: - title: 'Lab 04: Implement Virtual Networking' - module: 'Implement Virtual Networking' ---- - -# Lab 04 - Implement Virtual Networking - -## Lab introduction - -This lab is the first of three labs that focuses on virtual networking. In this lab, you learn the basics of virtual networking and subnetting. You learn how to protect your network with network security groups and application security groups. You also learn about DNS zones and records. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated time: 50 minutes - -## Lab scenario - -Your global organization plans to implement virtual networks. The immediate goal is to accommodate all the existing resources. However, the organization is in a growth phase and wants to ensure there is additional capacity for the growth. - -The **CoreServicesVnet** virtual networkhas the largest number of resources. A large amount of growth is anticipated, so a large address space is necessary for this virtual network. - -The **ManufacturingVnet** virtual network contains systems for the operations of the manufacturing facilities. The organization is anticipating a large number of internal connected devices for their systems to retrieve data from. - -## Interactive lab simulations - -There are several interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Secure network traffic](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2013). Create a virtual machine, a virtual network, and a network security group. Add network security group rules to allow and disallow traffic. - -+ [Create a simple virtual network](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%204). Create a virtual network with two virtual machines. Demonstrate the virtual machines can communicate. - -+ [Design and implement a virtual network in Azure](https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulation%20-%20Design%20and%20implement%20a%20virtual%20network%20in%20Azure). Create a resource group and create virtual networks with subnets. - -+ [Implement virtual networking](https://mslabs.cloudguides.com/en-us/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%208). Create and configure a virtual network, deploy virtual machines, configure network security groups, and configure Azure DNS. - -## Architecture diagram - -![Network layout](../media/az104-lab04-architecture.png) - -These virtual networks and subnets are structured in a way that accommodates existing resources yet allows for the projected growth. Let's create these virtual networks and subnets to lay the foundation for our networking infrastructure. - ->**Did you know?**: It is a good practice to avoid overlapping IP address ranges to reduce issues and simplify troubleshooting. Overlapping is a concern across the entire network, whether in the cloud or on-premises. Many organizations design an enterprise-wide IP addressing scheme to avoid overlapping and plan for future growth. - -## Job skills - -+ Task 1: Create a virtual network with subnets using the portal. -+ Task 2: Create a virtual network and subnets using a template. -+ Task 3: Create and configure communication between an Application Security Group and a Network Security Group. -+ Task 4: Configure public and private Azure DNS zones. - -## Task 1: Create a virtual network with subnets using the portal - -The organization plans a large amount of growth for core services. In this task, you create the virtual network and the associated subnets to accommodate the existing resources and planned growth. In this task, you will use the Azure portal. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Virtual Networks`. - -1. Select **Create** on the Virtual networks page. - -1. Complete the **Basics** tab for the CoreServicesVnet. - - | **Option** | **Value** | - | ------------------ | -------------------- | - | Resource Group | `az104-rg4` (if necessary, create new) | - | Name | `CoreServicesVnet` | - | Region | (US) **East US** | - -1. Move to the **IP Addresses** tab. - - | **Option** | **Value** | - | ------------------ | -------------------- | - - | IPv4 address space | `10.20.0.0/16` (separate the entries) | - -1. Select **+ Add a subnet**. Complete the name and address information for each subnet. Be sure to select **Add** for each new subnet. - - | **Subnet** | **Option** | **Value** | - | ---------------------- | -------------------- | ---------------------- | - | SharedServicesSubnet | Subnet name | `SharedServicesSubnet` | - | | Starting address | `10.20.10.0` | - | | Size | `/24` | - | DatabaseSubnet | Subnet name | `DatabaseSubnet` | - | | Starting address | `10.20.20.0` | - | | Size | `/24` | - - >**Note:** Every virtual network must have at least one subnet. Reminder that five IP addresses will always be reserved, so consider that in your planning. - -1. To finish creating the CoreServicesVnet and its associated subnets, select **Review + create**. - -1. Verify your configuration passed validation, and then select **Create**. - -1. Wait for the virtual network to deploy and then select **Go to resource**. - -1. Take a minute to verify the **Address space** and the **Subnets**. Notice your other choices in the **Settings** blade. - -1. In the **Automation** section, select **Export template**, and then wait for the template to be generated. - -1. **Download** the template. - -1. Navigate on the local machine to the **Downloads** folder and **Extract all** the files in the downloaded zip file. - -1. Before proceeding, ensure you have the **template.json** file. You will use this template to create the ManufacturingVnet in the next task. - -## Task 2: Create a virtual network and subnets using a template - -In this task, you create the ManufacturingVnet virtual network and associated subnets. The organization anticipates growth for the manufacturing offices so the subnets are sized for the expected growth. For this task, you use a template to create the resources. - -1. Locate the **template.json** file exported in the previous task. It should be in your **Downloads** folder. - -1. Edit the file using the editor of your choice. Many editors have a *change all occurrences* feature. If you are using Visual Studio Code be sure you are working in a **trusted window** and not in the **restricted mode**. Consult the architecture diagram to verify the details. - -### Make changes for the ManufacturingVnet virtual network - -1. Replace all occurrences of **CoreServicesVnet** with `ManufacturingVnet`. - -1. Replace all occurrences of **10.20.0.0/16** with `10.30.0.0/16`. - -### Make changes for the ManufacturingVnet subnets - -1. Change all occurrences of **SharedServicesSubnet** to `SensorSubnet1`. - -1. Change all occurrences of **10.20.10.0/24** to `10.30.20.0/24`. - -1. Change all occurrences of **DatabaseSubnet** to `SensorSubnet2`. - -1. Change all occurrences of **10.20.20.0/24** to `10.30.21.0/24`. - -1. Read back through the file and ensure everything looks correct. - -1. Be sure to **Save** your changes. - ->**Note:** There is a completed template files in the lab files directory. - -### Make changes to the parameters file - -1. Locate the **template.json** file exported in the previous task. It should be in your **Downloads** folder. - -1. Edit the file using the editor of your choice. - -1. Replace the one occurrence of **CoreServicesVnet** with `ManufacturingVnet`. - -1. **Save** your changes. - -### Deploy the custom template - -1. In the portal, search for and select **Deploy a custom template**. - -1. Select **Build your own template in the editor** and then **Load file**. - -1. Select the **templates.json** file with your Manufacturing changes, then select **Save**. - -1. Select **Review + create** and then **Create**. - -1. Wait for the template to deploy, then confirm (in the portal) the Manufacturing virtual network and subnets were created. - ->**Note:** If you have to deploy more than one time you may find some resources were successfully completed and the deployment is failing. You can manually remove those resources and try again. - -## Task 3: Create and configure communication between an Application Security Group and a Network Security Group - -In this task, we create an Application Security Group and a Network Security Group. The NSG will have an inbound security rule that allows traffic from the ASG. The NSG will also have an outbound rule that denies access to the internet. - -### Create the Application Security Group (ASG) - -1. In the Azure portal, search for and select `Application security groups`. - -1. Click **Create** and provide the basic information. - - | Setting | Value | - | -- | -- | - | Subscription | *your subscription* | - | Resource group | **az104-rg4** | - | Name | `asg-web` | - | Region | **East US** | - -1. Click **Review + create** and then after the validation click **Create**. - -### Create the Network Security Group and associate it with the ASG subnet - -1. In the Azure portal, search for and select `Network security groups`. - -1. Select **+ Create** and provide information on the **Basics** tab. - - | Setting | Value | - | -- | -- | - | Subscription | *your subscription* | - | Resource group | **az104-rg4** | - | Name | `myNSGSecure` | - | Region | **East US** | - -1. Click **Review + create** and then after the validation click **Create**. - -1. After the NSG is deployed, click **Go to resource**. - -1. Under **Settings** click **Subnets** and then **Associate**. - - | Setting | Value | - | -- | -- | - | Virtual network | **CoreServicesVnet (az104-rg4)** | - | Subnet | **SharedServicesSubnet** | - -1. Click **OK** to save the association. - -### Configure an inbound security rule to allow ASG traffic - -1. Continue working with your NSG. In the **Settings** area, select **Inbound security rules**. - -1. Review the default inbound rules. Notice that only other virtual networks and load balancers are allowed access. - -1. Select **+ Add**. - -1. On the **Add inbound security rule** blade, use the following information to add an inbound port rule. This rule allows ASG traffic. When you are finished, select **Add**. - - | Setting | Value | - | -- | -- | - | Source | **Application security group** | - | Source application security groups | **asg-web** | - | Source port ranges | * | - | Destination | **Any** | - | Service | **Custom** (notice your other choices) | - | Destination port ranges | **80,443** | - | Protocol | **TCP** | - | Action | **Allow** | - | Priority | **100** | - | Name | `AllowASG` | - -### Configure an outbound NSG rule that denies Internet access - -1. After creating your inbound NSG rule, select **Outbound security rules**. - -1. Notice the **AllowInternetOutboundRule** rule. Also notice the rule cannot be deleted and the priority is 65001. - -1. Select **+ Add** and then configure an outbound rule that denies access to the internet. When you are finished, select **Add**. - - | Setting | Value | - | -- | -- | - | Source | **Any** | - | Source port ranges | * | - | Destination | **Service tag** | - | Destination service tag | **Internet** | - | Service | **Custom** | - | Destination port ranges | **8080** | - | Protocol | **Any** | - | Action | **Deny** | - | Priority | **4096** | - | Name | **DenyAnyCustom8080Outbound** | - - -## Task 4: Configure public and private Azure DNS zones - -In this task, you will create and configure public and private DNS zones. - -### Configure a public DNS zone - -You can configure Azure DNS to resolve host names in your public domain. For example, if you purchased the contoso.xyz domain name from a domain name registrar, you can configure Azure DNS to host the `contoso.com` domain and resolve www.contoso.xyz to the IP address of your web server or web app. - -1. In the portal, search for and select `DNS zones`. - -1. Select **+ Create**. - -1. Configure the **Basics** tab. - - | Property | Value | - |:---------|:---------| - | Subscription | **Select your subscription** | - | Resource group | **az04-rg4** | - | Name | `contoso.com` (if reserved adjust the name) | - | Region |**East US** (review the informational icon) | - -1. Select **Review create** and then **Create**. - -1. Wait for the DNS zone to deploy and then select **Go to resource**. - -1. On the **Overview** blade notice the names of the four Azure DNS name servers assigned to the zone. **Copy** one of the name server addresses. You will need it in a future step. - -1. Select **+ Record set**. You add a virtual network link record for each virtual network that needs private name-resolution support. - - | Property | Value | - |:---------|:---------| - | Name | **www** | - | Type | **A** | - | TTL | **1** | - | IP address | **10.1.1.4** | - ->**Note:** In a real-world scenario, you'd enter the public IP address of your web server. - -1. Select **OK** and verify **contoso.com** has an A record set named **www**. - -1. Open a command prompt, and run the following command: - - ```sh - nslookup www.contoso.com - ``` -1. Verify the host name www.contoso.com resolves to the IP address you provided. This confirms name resolution is working correctly. - -### Configure a private DNS zone - -A private DNS zone provides name resolution services within virtual networks. A private DNS zone is only accessible from the virtual networks that it is linked to and can't be accessed from the internet. - -1. In the portal, search for and select `Private dns zones`. - -1. Select **+ Create**. - -1. On the **Basics** tab of Create private DNS zone, enter the information as listed in the table below: - - | Property | Value | - |:---------|:---------| - | Subscription | **Select your subscription** | - | Resource group | **az04-rg4** | - | Name | `private.contoso.com` (adjust if you had to rename) | - | Region |**East US** | - -1. Select **Review create** and then **Create**. - -1. Wait for the DNS zone to deploy and then select **Go to resource**. - -1. Notice on the **Overview** blade there are no name server records. - -1. Select **+ Virtual network links** and then select **+ Add**. - - | Property | Value | - |:---------|:---------| - | Link name | `manufacturing-link` | - | Virtual network | `ManufacturingVnet` | - -1. Select **OK** and wait for the link to create. - -1. From the **Overview** blade select **+ Record set**. You would now add a record for each virtual machine that needs private name-resolution support. - - | Property | Value | - |:---------|:---------| - | Name | **sensorvm** | - | Type | **A** | - | TTL | **1** | - | IP address | **10.1.1.4** | - - >**Note:** In a real-world scenario, you'd enter the IP address for a specific manufacturing virtual machine. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ A virtual network is a representation of your own network in the cloud. -+ When designing virtual networks it is a good practice to avoid overlapping IP address ranges. This will reduce issues and simplify troubleshooting. -+ A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. -+ A network security group contains security rules that allow or deny network traffic. There are default incoming and outgoing rules which you can customize to your needs. -+ Application security groups are used to protect groups of servers with a common function, such as web servers or database servers. -+ Azure DNS is a hosting service for DNS domains that provides name resolution. You can configure Azure DNS to resolve host names in your public domain. You can also use private DNS zones to assign DNS names to virtual machines (VMs) in your Azure virtual networks. - -## Learn more with self-paced training - -+ [Introduction to Azure Virtual Networks](https://learn.microsoft.com/training/modules/introduction-to-azure-virtual-networks/). Design and implement core Azure Networking infrastructure such as virtual networks, public and private IPs, DNS, virtual network peering, routing, and Azure Virtual NAT. -+ [Design an IP addressing scheme](https://learn.microsoft.com/training/modules/design-ip-addressing-for-azure/). Identify the private and public IP addressing capabilities of Azure and on-premises virtual networks. -+ [Secure and isolate access to Azure resources by using network security groups and service endpoints](https://learn.microsoft.com/training/modules/secure-and-isolate-with-nsg-and-service-endpoints/). Network security groups and service endpoints help you secure your virtual machines and Azure services from unauthorized network access. -+ [Host your domain on Azure DNS](https://learn.microsoft.com/training/modules/host-domain-azure-dns/). Create a DNS zone for your domain name. Create DNS records to map the domain to an IP address. Test that the domain name resolves to your web server. - diff --git a/New Instructions/Lab/LAB_05-Implement_Intersite_Connectivity.md b/New Instructions/Lab/LAB_05-Implement_Intersite_Connectivity.md deleted file mode 100644 index b337278a..00000000 --- a/New Instructions/Lab/LAB_05-Implement_Intersite_Connectivity.md +++ /dev/null @@ -1,302 +0,0 @@ ---- -lab: - title: 'Lab 05: Implement Intersite Connectivity' - module: 'Administer Intersite Connectivity' ---- - -# Lab 05 - Implement Intersite Connectivity - -## Lab introduction - -In this lab you explore communication between virtual networks. You implement virtual network peering and test connections. You will also create a custom route. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated time: 50 minutes - -## Lab scenario - -Your organization segments core IT apps and services (such as DNS and security services) from other parts of the business, including your manufacturing department. However, in some scenarios, apps and services in the core area need to communicate with apps and services in the manufacturing area. In this lab, you configure connectivity between the segmented areas. This is a common scenario for separating production from development or separating one subsidiary from another. - -## Interactive lab simulations - -There are several interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Connect two Azure virtual networks using global virtual network peering](https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulation%20-%20Connect%20two%20Azure%20virtual%20networks%20using%20global%20virtual%20network%20peering). Test the connection between two virtual machines in different virtual networks. Create a virtual network peering and retest. - -+ [Configure monitoring for virtual networks](https://learn.microsoft.com/training/modules/configure-monitoring-virtual-networks/). Understand how to use Azure Network Watcher Connection Monitor, flow logs, NSG diagnostics, and packet capture to monitor connectivity across your Azure IaaS network resources. - -+ [Implement intersite connectivity](https://mslabs.cloudguides.com/en-us/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%209). Run a template to create a virtual network infrastructure with several virtual machines. Configure virtual network peerings and test the connections. - -## Architecture diagram - -![Lab 05 architecture diagram](../media/az104-lab05-architecture.png) - -## Job skills - -+ Task 1: Create a virtual machine in a virtual network. -+ Task 2: Create a virtual machine in a different virtual network. -+ Task 3: Use Network Watcher to test the connection between virtual machines. -+ Task 4: Configure virtual network peerings between different virtual networks. -+ Task 5: Use Azure PowerShell to test the connection between virtual machines. -+ Task 6: Create a custom route. - -## Task 1: Create a core services virtual machine and virtual network - -In this task, you create a core services virtual network with a virtual machine. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Virtual Machines`. - -1. From the virtual machines page, select **Create** then select **Azure Virtual Machine**. - -1. On the Basics tab, use the following information to complete the form, and then select **Next: Disks >**. For any setting not specified, leave the default value. - - | Setting | Value | - | --- | --- | - | Subscription | *your subscription* | - | Resource group | `az104-rg5` (If necessary, **Create new**. ) - | Virtual machine name | `CoreServicesVM` | - | Region | **(US) East US** | - | Availability options | No infrastructure redundancy required | - | Security type | **Standard** | - | Image | **Windows Server 2019 Datacenter: x64 Gen2** (notice your other choices) | - | Size | **Standard_DS2_v3** | - | Username | `localadmin` | - | Password | **Provide a complex password** | - - ![Screenshot of Basic virtual machine creation page. ](../media/az104-lab05-createcorevm.png) - -1. On the **Disks** tab take the defaults and then select **Next: Networking >**. - -1. On the **Networking** tab, for Virtual network, select **Create new**. - -1. Use the following information to configure the virtual network, and then select **Ok**. If necessary, remove or replace the existing information. - - | Setting | Value | - | --- | --- | - | Name | `CoreServicesVNet` (Create new) | - | Address range | `10.0.0.0/16` | - | Subnet Name | `Core` | - | Subnet address range | `10.0.0.0/24` | - -1. Select the **Monitoring** tab. For Boot Diagnostics, select **Disable**. - -1. Select **Review + Create**, and then select **Create**. - -1. You do not need to wait for the resources to be created. Continue on to the next task. - - >**Note:** Did you notice in this task you created the virtual network as you created the virtual machine? You could also create the virtual network infrastructure then add the virtual machines. - -## Task 2: Create a virtual machine in a different virtual network - -In this task, you create a manufacturing services virtual network with a virtual machine. - -1. From the Azure portal, search for and navigate to **Virtual Machines**. - -1. From the virtual machines page, select **Create** then select **Azure Virtual Machine**. - -1. On the Basics tab, use the following information to complete the form, and then select **Next: Disks >**. For any setting not specified, leave the default value. - - | Setting | Value | - | --- | --- | - | Subscription | *your subscription* | - | Resource group | `az104-rg5` | - | Virtual machine name | `ManufacturingVM` | - | Region | **(US) East US** | - | Security type | **Standard** | - | Availability options | No infrastructure redundancy required | - | Image | **Windows Server 2019 Datacenter: x64 Gen2** | - | Size | **Standard_DS2_v3** | - | Username | `localadmin` | - | Password | **Provide a complex password** | - -1. On the **Disks** tab take the defaults and then select **Next: Networking >**. - -1. On the Networking tab, for Virtual network, select **Create new**. - -1. Use the following information to configure the virtual network, and then select **Ok**. If necessary, remove or replace the existing address range. - - | Setting | Value | - | --- | --- | - | Name | `ManufacturingVNet` | - | Address range | `172.16.0.0/16` | - | Subnet Name | `Manufacturing` | - | Subnet address range | `172.16.0.0/24` | - -1. Select the **Monitoring** tab. For Boot Diagnostics, select **Disable**. - -1. Select **Review + Create**, and then select **Create**. - -## Task 3: Use Network Watcher to test the connection between virtual machines - - -In this task, you verify that resources in peered virtual networks can communicate with each other. Network Watcher will be used to test the connection. Before continuing, ensure both virtual machines have been deployed and are running. - -1. From the Azure portal, search for and select `Network Watcher`. - -1. From Network Watcher, in the Network diagnostic tools menu, select **Connection troubleshoot**. - -1. Use the following information to complete the fields on the **Connection troubleshoot** page. - - | Field | Value | - | --- | --- | - | Source type | **Virtual machine** | - | Virtual machine | **CoreServicesVM** | - | Destination type | **Virtual machine** | - | Virtual machine | **ManufacturingVM** | - | Preferred IP Version | **Both** | - | Protocol | **TCP** | - | Destination port | `3389` | - | Source port | *Blank* | - | Diagnostic tests | *Defaults* | - - ![Azure Portal showing Connection Troubleshoot settings.](../media/az104-lab05-connection-troubleshoot.png) - -1. Select **Run diagnostic tests**. - - >**Note**: It may take a couple of minutes for the results to be returned. The screen selections will be greyed out while the results are being collected. Notice the **Connectivity test** shows **UnReachable**. This makes sense because the virtual machines are in different virtual networks. - - -## Task 4: Configure virtual network peerings between virtual networks - -In this task, you create a virtual network peering to enable communications between resources in the virtual networks. - -1. In the Azure portal, select the `CoreServicesVnet` virtual network. - -1. In CoreServicesVnet, under **Settings**, select **Peerings**. - -1. On CoreServicesVnet | Peerings, select **+ Add**. - -1. Use the information in the following table to create the peering. - -| **Parameter** | **Value** | -| --------------------------------------------- | ------------------------------------- | -| **This virtual network** | | -| Peering link name | `CoreServicesVnet-to-ManufacturingVnet` | -| Allow CoreServicesVNet to access the peered virtual network | selected (default) | -| Allow CoreServicesVNet to receive forwarded traffic from the peered virtual network | selected | -| Allow gateway in CoreServicesVNet to forward traffic to the peered virtual network | Not selected (default) | -| Enable CoreServicesVNet to use the peered virtual networks' remote gateway | Not selected (default) | -| **Remote virtual network** | | -| Peering link name | `ManufacturingVnet-to-CoreServicesVnet` | -| Virtual network deployment model | **Resource manager** | -| I know my resource ID | Not selected | -| Subscription | *your subscription* | -| Virtual network | **ManufacturingVnet** | -| Allow ManufacturingVNet to access CoreServicesVNet | selected (default) | -| Allow ManufacturingVNet to receive forwarded traffic from CoreServicesVNet | selected | -| Allow gateway in CoreServicesVNet to forward traffic to the peered virtual network | Not selected (default) | -| Enable ManufacturingVNet to use CoreServicesVNet's remote gateway | Not selected (default) | - -1. Review your settings and select **Add**. - - ![Screenshot of peering page.](../media/az104-lab05-peering.png) - -1. In CoreServicesVnet | Peerings, verify that the **CoreServicesVnet-to-ManufacturingVnet** peering is listed. Refresh the page to ensure the **Peering status** is **Connected**. - -1. Switch to the **ManufacturingVnet** and verify the **ManufacturingVnet-to-CoreServicesVnet** peering is listed. Ensure the **Peering status** is **Connected**. You may need to **Refresh** the page. - - -## Task 5: Use Azure PowerShell to test the connection between virtual machines - -In this task, you retest the connection between the virtual machines in different virtual networks. - -### Verify the private IP address of the CoreServicesVM - -1. From the Azure portal, search for and select the `CoreServicesVM` virtual machine. - -1. On the **Overview** blade, in the **Networking** section, record the **Private IP address** of the machine. You need this information to test the connection. - -### Test the connection to the CoreServicesVM from the **ManufacturingVM**. - ->**Did you know?** There are many ways to check connections. In this task, you use **Run command**. You could also continue to use Network Watcher. Or you could use a [Remote Desktop Connection](https://learn.microsoft.com/azure/virtual-machines/windows/connect-rdp#connect-to-the-virtual-machine) to the access the virtual machine. Once connected, use **test-connection**. As you have time, give RDP a try. - -1. Switch to the `ManufacturingVM` virtual machine. - -1. In the **Operations** blade, select the **Run command** blade. - -1. Select **RunPowerShellScript** and run the **Test-NetConnection** command. Be sure to use the private IP address of the **CoreServicesVM**. - - ```Powershell - Test-NetConnection -port 3389 - ``` -1. It may take a couple of minutes for the script to time out. The top of the page shows an informational message *Script execution in progress.* - - -1. The test connection should succeed because peering has been configured. Your computer name and remote address in this graphic may be different. - - ![PowerShell window with Test-NetConnection succeeded.](../media/az104-lab05-success.png) - -## Task 6: Create a custom route - -In this task, you want to control network traffic between the perimeter subnet and the internal core services subnet. A virtual network appliance will be installed in the core services subnet and all traffic should be routed there. - -1. Search for select the `CoreServicesVnet`. - -1. Select **Subnets** and then **+ Create**. Be sure to **Save** your changes. - - | Setting | Value | - | --- | --- | - | Name | `perimeter` | - | Subnet address range | `10.0.1.0/24` | - - -1. In the Azure portal, search for and select `Route tables`, and then select **Create**. - - | Setting | Value | - | --- | --- | - | Subscription | your subscription | - | Resource group | `az104-rg5` | - | Region | **East US** | - | Name | `rt-CoreServices` | - | Propagate gateway routes | **No** | - -1. After the route table deploys, select **Go to resource**. - -1. Select **Routes** and then **+ Add**. Create a route from the future NVA to the CoreServices virtual network. - - | Setting | Value | - | --- | --- | - | Route name | `PerimetertoCore` | - | Destination type | **IP Addresses** | - | Destination IP addresses | `10.0.0.0/16` (core services virtual network) | - | Next hop type | **Virtual appliance** (notice your other choices) | - | Next hop address | `10.0.1.7` (future NVA) | - -1. Select **+ Add** when the route is completed. The last thing to do is associate the route with the subnet. - -1. Select **Subnets** and then **Associate**. Complete the configuration. - - | Setting | Value | - | --- | --- | - | Virtual network | **CoreServicesVnet** | - | Subnet | **Core** | - ->**Note**: You have created a user defined route to direct traffic from the DMZ to the new NVA. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ By default, resources in different virtual networks cannot communicate. -+ Virtual network peering enables you to seamlessly connect two or more virtual networks in Azure. -+ Peered virtual networks appear as one for connectivity purposes. -+ The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. -+ System defined routes are automatically created for each subnet in a virtual network. User-defined routes override or add to the default system routes. -+ Azure Network Watcher provides a suite of tools to monitor, diagnose, and view metrics and logs for Azure IaaS resources. - -## Learn more with self-paced training - -+ [Distribute your services across Azure virtual networks and integrate them by using virtual network peering](https://learn.microsoft.com/en-us/training/modules/integrate-vnets-with-vnet-peering/). Use virtual network peering to enable communication across virtual networks in a way that's secure and minimally complex. -+ [Manage and control traffic flow in your Azure deployment with routes](https://learn.microsoft.com/training/modules/control-network-traffic-flow-with-routes/). Learn how to control Azure virtual network traffic by implementing custom routes. diff --git a/New Instructions/Lab/LAB_06-Implement_Network_Traffic_Management.md b/New Instructions/Lab/LAB_06-Implement_Network_Traffic_Management.md deleted file mode 100644 index 73a008df..00000000 --- a/New Instructions/Lab/LAB_06-Implement_Network_Traffic_Management.md +++ /dev/null @@ -1,340 +0,0 @@ ---- -lab: - title: 'Lab 06: Implement Traffic Management' - module: 'Administer Network Traffic Management' ---- - -# Lab 06 - Implement Traffic Management - -## Lab introduction - -In this lab, you learn how to configure and test a public Load Balancer and an Application Gateway. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 50 minutes - -## Lab scenario - -Your organization has a public website. You need to load balance incoming public requests across different virtual machines. You also need to provide images and videos from different virtual machines. You plan on implementing an Azure Load Balancer and an Azure Application Gateway. All resources are in the same region. - -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Create and configure and Azure load balancer](https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulation%20-%20Create%20and%20configure%20an%20Azure%20load%20balancer). Create a virtual network, backend servers, load balancer, and then test the load balancer. -+ [Deploy Azure Application Gateway](https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulation%20-%20Deploy%20Azure%20Application%20Gateway). Create an application gateway, create virtual machines, create the backend pool, and test the gateway. -+ [Implement traffic management](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2010). Implement complete hub and spoke network including virtual machines, virtual networks, peering, load balancer, and application gateway. - -## Job skills - -+ Task 1: Use a template to provision an infrastructure. -+ Task 2: Configure an Azure Load Balancer. -+ Task 3: Configure an Azure Application Gateway. - -## Task 1: Use a template to provision an infrastructure - -In this task, you will use a template to deploy one virtual network, one network security group, and two virtual machines. - -1. Download the **\\Allfiles\\Lab06** lab files (template and parameters). - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Deploy a custom template`. - -1. On the custom deployment page, select **Build you own template in the editor**. - -1. On the edit template page, select **Load file**. - -1. Locate and select the **\\Allfiles\\Lab06\\az104-06-vms-template.json** file and select **Open**. - -1. Select **Save**. - -1. Select **Edit parameters** and load the **\\Allfiles\\Lab06\\az104-06-vms-parameters.json** file. - -1. Select **Save**. - -1. Use the following information to complete the fields on the custom deployment page, leaving all other fields with the default value. - - | Setting | Value | - | --- | --- | - | Subscription | your Azure subscription | - | Resource group | `az104-rg6` (If necessary, select **Create new**) | - | Password | Provide a secure password | - - >**Note**: If you receive an error that the VM size is unavailable, select a SKU that is available in your subscription and has at least 2 cores. - -1. Select **Review + Create** and then select **Create**. - - >**Note**: Wait for the deployment to complete before moving to the next task. The deployment should take approximately 5 minutes. - - >**Note**: Review the resources being deployed. There will be one virtual network with three subnets. Each subnet will have a virtual machine. - -## Task 2: Configure an Azure Load Balancer - -In this task, you implement an Azure Load Balancer in front of the two Azure virtual machines in the virtual network. Load Balancers in Azure provide layer 4 connectivity across resources, such as virtual machines. Load Balancer configuration includes a front-end IP address to accept connections, a backend pool, and rules that define how connections should traverse the load balancer. - -## Architecture diagram - Load Balancer - ->**Note**: Notice the Load Balancer is distributing across two virtual machines in the same virtual network. - -![Diagram of the lab tasks.](../media/az104-lab06-lb-architecture.png) - -1. In the Azure portal, search for and select `Load balancers` and, on the **Load balancers** blade, click **+ Create**. - -1. Create a load balancer with the following settings (leave others with their default values) then click **Next: Frontend IP configuration**: - - | Setting | Value | - | --- | --- | - | Subscription | your Azure subscription | - | Resource group | **az104-rg6** | - | Name | `az104-lb` | - | Region | The **same** region that you deployed the VMs | - | SKU | **Standard** | - | Type | **Public** | - | Tier | **Regional** | - - ![Screenshot of the create load balancer page.](../media/az104-lab06-create-lb1.png) - -1. On the **Frontend IP configuration** tab, click **Add a frontend IP configuration** and use the following settings: - - | Setting | Value | - | --- | --- | - | Name | `az104-fe` | - | IP type | IP address | - | Gateway Load Balancer | None | - | Public IP address | Select **Create new** (use the instructions in the next step) | - -1. On the **Add a public IP address** popup, use the following settings before clicking **OK** and then **Add**. When completed click **Next: Backend pools**. - - | Setting | Value | - | --- | --- | - | Name | `az104-lbpip` | - | SKU | Standard | - | Tier | Regional | - | Assignment | Static | - | Routing Preference | **Microsoft network** | - - >**Note:** The Standard SKU provides a static IP address. Static IP addresses are assigned with the resource is created and released when the resource is deleted. - -1. On the **Backend pools** tab, click **Add a backend pool** with the following settings (leave others with their default values). Click **+ Add** (twice) and then click **Next: Inbound rules**. - - | Setting | Value | - | --- | --- | - | Name | `az104-be` | - | Virtual network | **az104-06-vnet1** | - | Backend Pool Configuration | **NIC** | - | Click **Add** to add a virtual machine | | - | az104-06-vm0 | **check the box** | - | az104-06-vm1 | **check the box** | - -1. As you have time, review the other tabs, then click **Review and create**. Ensure there are no validation errors, then click **Create**. - -1. Wait for the load balancer to deploy then click **Go to resource**. - -**Add a rule to determine how incoming traffic is distributed** - -1. In the **Settings** blade, select **Load balancing rules**. - -1. Select **Add a load balancing rule**. Add a load balancing rule with the following settings (leave others with their default values). As you configure the rule use the informational icons to learn about each setting. When finished click **Save**. - - | Setting | Value | - | --- | --- | - | Name | `az104-lbrule` | - | IP Version | **IPv4** | - | Frontend IP Address | **az104-fe** | - | Backend pool | **az104-be** | - | Protocol | **TCP** | - | Port | `80` | - | Backend port | `80` | - | Health probe | **Create new** | - | Name | `az104-hp` | - | Protocol | **TCP** | - | Port | `80` | - | Interval | `5` | - | Close the create health probe window | **Save** | - | Session persistence | **None** | - | Idle timeout (minutes) | `4` | - | TCP reset | **Disabled** | - | Floating IP | **Disabled** | - | Outbound source network address translation (SNAT) | **Recommended** | - -1. Select **Frontend IP configuration** from the Load Balancer page. Copy the public IP address. - -1. Open another browser tab and navigate to the IP address. Verify that the browser window displays the message **Hello World from az104-06-vm0** or **Hello World from az104-06-vm1**. - -1. Refresh the window to verify the message changes to the other virtual machine. This demonstrates the load balancer rotating through the virtual machines. - - > **Note**: You may need to refresh more than once or open a new browser window in InPrivate mode. - -## Task 3: Configure an Azure Application Gateway - -In this task, you implement an Azure Application Gateway in front of two Azure virtual machines. An Application Gateway provides layer 7 load balancing, Web Application Firewall (WAF), SSL termination, and end-to-end encryption to the resources defined in the backend pool. The Application Gateway routes images to one virtual machine and videos to the other virtual machine. - -## Architecture diagram - Application Gateway - ->**Note**: This Application Gateway is working in the same virtual network as the Load Balancer. This may not be typical in a production environment. - -![Diagram of the lab tasks.](../media/az104-lab06-gw-architecture.png) - -1. In the Azure portal, search and select `Virtual networks`. - -1. On the **Virtual networks** blade, in the list of virtual networks, click **az104-vnet1**. - -1. On the **az104-vnet1** virtual network blade, in the **Settings** section, click **Subnets**, and then click **+ Subnet**. - -1. Add a subnet with the following settings (leave others with their default values). - - | Setting | Value | - | --- | --- | - | Name | `subnet-appgw` | - | Subnet address range | `10.60.3.224/27` | - -1. Click **Save** - - > **Note**: This subnet will be used by the Azure Application Gateway. The Application Gateway requires a dedicated subnet of /27 or larger size. - -1. In the Azure portal, search and select `Application Gateways` and, on the **Application Gateways** blade, click **+ Create**. - -1. On the **Basics** tab, specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Subscription | your Azure subscription | - | Resource group | `az104-rg6` | - | Application gateway name | `az104-appgw` | - | Region | The **same** Azure region that you used in Task 1 | - | Tier | **Standard V2** | - | Enable autoscaling | **No** | - | Minimum instance count | `2` | - | Availability zone | **None** | - | HTTP2 | **Disabled** | - | Virtual network | **az104-06-vnet1** | - | Subnet | **subnet-appgw (10.60.3.224/27)** | - - ![Screenshot of the create app gateway page.](../media/az104-lab06-create-appgw.png) - -1. Click **Next: Frontends >** and specify the following settings (leave others with their default values). When complete, click **OK**. - - | Setting | Value | - | --- | --- | - | Frontend IP address type | **Public** | - | Public IP address| **Add new** | - | Name | `az104-gwpip` | - | Availability zone | **None** | - - >**Note:** The Application Gateway can have both a public and private IP address. - -1. Click **Next: Backends >** and then **Add a backend pool**. Specify the following settings (leave others with their default values). When completed click **Add**. - - | Setting | Value | - | --- | --- | - | Name | `az104-appgwbe` | - | Add backend pool without targets | **No** | - | Virtual machine | **az104-rg6-nic1 (10.60.1.4)** | - | Virtual machine | **az104-rg6-nic2 (10.60.2.4)** | - -1. Click **Add a backend pool**. This is the backend pool for **images**. Specify the following settings (leave others with their default values). When completed click **Add**. - - | Setting | Value | - | --- | --- | - | Name | `az104-imagebe` | - | Add backend pool without targets | **No** | - | Virtual machine | **az104-rg6-nic1 (10.60.1.4)** | - -1. Click **Add a backend pool**. This is the backend pool for **video**. Specify the following settings (leave others with their default values). When completed click **Add**. - - | Setting | Value | - | --- | --- | - | Name | `az104-videobe` | - | Add backend pool without targets | **No** | - | Virtual machine | **az104-rg6-nic2 (10.60.2.4)** | - -1. Select **Next: Configuration** and then **Add routing rules**. Complete the information. - - | Setting | Value | - | --- | --- | - | Rule name | `az104-gwrule` | - | Priority | `10` | - | Listener name | `az104-listener` | - | Frontend IP | **Public** | - | Protocol | **HTTP** | - | Port | `80` | - | Listener type | **Basic** | - -1. Move to the **Backend targets** tab. Select **Add** after completing the basic information. - - | Setting | Value | - | --- | --- | - | Backend target | `az104-appgwbe` | - | Backend settings | `az104-http` (create new) | - - >**Note:** Take a minute to read the information about **Cookie-based affinity** and **Connection draining**. - -1. In the **Path based routing** section, select **Add multiple targets to create a path-based rule**. You will create two rules. Click **Add** after the first rule and then add the second rule. - - **Rule - routing to the images backend** - - | Setting | Value | - | --- | --- | - | Path | `/image/*` | - | Target name | `images` | - | Backend settings | **az104-http** | - | Backend target | `az104-imagebe` | - - **Rule - routing to the videos backend** - - | Setting | Value | - | --- | --- | - | Path | `/video/*` | - | Target name | `videos` | - | Backend settings | **az104-http** | - | Backend target | `az104-videobe` | - -1. Select **Add** twice then select **Next: Tags >**. No changes are needed. - -1. Select **Next: Review + create >** and then click **Create**. - - > **Note**: Wait for the Application Gateway instance to be created. This will take approximately 5-10 minutes. While you wait consider reviewing some of the self-paced training links at the end of this page. - -1. After the application gateway deploys, search for and select **az104-appgw**. - -1. In the **Application Gateway** resource, in the **Monitoring** section, select **Backend health**. - -1. Ensure both servers in the backend pool display **Healthy**. - -1. On the **Overview** blade, copy the value of the **Frontend public IP address**. - -1. Start another browser window and test this URL - `http:///image/`. - -1. Verify you are directed to the image server (vm1). - -1. Start another browser window and test this URL - `http:///video/`. - -1. Verify you are directed to the video server (vm2). - -> **Note**: You may need to refresh more than once or open a new browser window in InPrivate mode. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure Load Balancer is an excellent choice for distributing network traffic across multiple virtual machines at the transport layer (OSI layer 4 - TCP and UDP). -+ Public Load Balancers are used to load balance internet traffic to your VMs. An internal (or private) load balancer is used where private IPs are needed at the frontend only. -+ The Basic load balancer is for small-scale applications that don't need high availability or redundancy. The Standard load balancer is for high performance and ultra-low latency. -+ Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. -+ The Application Gateway Standard tier offers all the L7 functionality, including load balancing, The WAF tier adds a firewall to check for malicious traffic. -+ An Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. - -## Learn more with self-paced training - -+ [Improve application scalability and resiliency by using Azure Load Balancer](https://learn.microsoft.com/training/modules/improve-app-scalability-resiliency-with-load-balancer/). Discuss the different load balancers in Azure and how to choose the right Azure load balancer solution to meet your requirements. -+ [Load balance your web service traffic with Application Gateway](https://learn.microsoft.com/training/modules/load-balance-web-traffic-with-application-gateway/). Improve application resilience by distributing load across multiple servers and use path-based routing to direct web traffic. diff --git a/New Instructions/Lab/LAB_07-Manage_Azure_Storage.md b/New Instructions/Lab/LAB_07-Manage_Azure_Storage.md deleted file mode 100644 index 7b1c91fa..00000000 --- a/New Instructions/Lab/LAB_07-Manage_Azure_Storage.md +++ /dev/null @@ -1,261 +0,0 @@ ---- -lab: - title: 'Lab 07: Manage Azure storage' - module: 'Administer Azure Storage' ---- - -# Lab 07 - Manage Azure Storage - -## Lab introduction - -In this lab you learn to create storage accounts for Azure blobs and Azure files. You learn to configure and secure blob containers. You also learn to use Storage Browser to configure and secure Azure file shares. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 50 minutes - -## Lab scenario - -Your organization is currently storing data in on-premises data stores. Most of these files are not accessed frequently. You would like to minimize the cost of storage by placing infrequently accessed files in lower-priced storage tiers. You also plan to explore different protection mechanisms that Azure Storage offers, including network access, authentication, authorization, and replication. Finally, you want to determine to what extent Azure Files is suitable for hosting your on-premises file shares. - -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Create blob storage](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%205). Create a storage account, manage blob storage, and monitor storage activities. - -+ [Manage Azure storage](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2011). Create a storage account and review the configuration. Manage blob storage containers. Configure storage networking. - -## Architecture diagram - -![Diagram of the tasks.](../media/az104-lab07-architecture.png) - -## Job skills - -+ Task 1: Create and configure a storage account. -+ Task 2: Create and configure secure blob storage. -+ Task 3: Create and configure secure Azure file storage. - -## Task 1: Create and configure a storage account. - -In this task, you will create and configure a storage account. The storage account will use geo-redundant storage and will not have public access. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Storage accounts`, and then click **+ Create**. - -1. On the **Basics** tab of the **Create a storage account** blade, specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Subscription | the name of your Azure subscription | - | Resource group | **az104-rg7** (create new) | - | Storage account name | any globally unique name between 3 and 24 in length consisting of letters and digits | - | Region | **(US) East US** | - | Performance | **Standard** (notice the Premium option) | - | Redundancy | **Geo-redundant storage** (notice the other options)| - | Make read access to data in the event of regional availability | Check the box | - ->**Did you know?** You should use the Standard performance tier for most applications. Use the Premium performance tier for enterprise or high-performance applications. - -1. On the **Advanced** tab, use the informational icons to learn more about the choices. Take the defaults. - -1. On the **Networking** tab, review the available options, select **Disable public access and use private access.**. - -1. Review the **Data protection** tab. Notice 7 days is the default soft delete retention policy. Note you can enable blob versioning. Accept the defaults. - -1. Review the **Encryption** tab. Notice the additional security options. Accept the defaults. - -1. Select **Review**, wait for the validation process to complete, and then click **Create**. - -1. Once the storage account is deployed, select **Go to resource**. - -1. Review the **Overview** blade and the additional configurations that can be changed. These are global settings for the storage account. Notice the storage account can be used for Blob containers, File shares, Queues, and Tables. - -1. In the **Security + Networking** section, select **Networking**. Notice public network access is disabled. - - + Change the **public access level** to **Enabled from selected virtual networks and IP addresses**. - + In the **Firewall** section, check the box for **Add your client IP address.** - + Be sure to **Save** your changes. - -1. In the **Data management** section, view the **Redundancy** blade. Notice the information about your primary and secondary data center locations. - -1. In the **Data management** section, select **Lifecycle management**, and then select **Add a rule**. - - + **Name** the rule `Movetocool`. Notice your options for limiting the scope of the rule. - - + On the **Base blobs** tab, *if* based blobs were last modified more than `30 days` ago *then* **move to cool storage**. Notice your other choices. - - + Notice you can configure other conditions. Select **Add** when you are done exploring. - - ![Screenshot move to cool rule conditions.](../media/az104-lab07-movetocool.png) - -## Task 2: Create and configure secure blob storage - -In this task, you will create a blob container and upload an image. Blob containers are directory-like structures that store unstructured data. - -### Create a blob container and a time-based retention policy - -1. Continue in the Azure portal, working with your storage account. - -1. In the **Data storage** section, click **Containers**. - -1. Click **+ Container** and **Create** a container with the following settings: - - | Setting | Value | - | --- | --- | - | Name | `data` | - | Public access level | Notice the access level is set to private | - - ![Screenshot of create a container.](../media/az104-lab07-create-container.png) - -1. On your container, scroll to the ellipsis (...) on the far right, select **Access Policy**. - -1. In the **Immutable blob storage** area, select **Add policy**. - - | Setting | Value | - | --- | --- | - | Policy type | **Time-based retention** | - | Set retention period for | `180` days | - -1. Select **Save**. - -### Manage blob uploads - -1. Return to the containers page, select your **data** container and then click **Upload**. - -1. On the **Upload blob** blade, expand the **Advanced** section. - - >**Note**: Locate a file to upload. This can be any type of file, but a small file is best. A sample file can be downloaded from the AllFiles directory. - - | Setting | Value | - | --- | --- | - | Browse for files | add the file you have selected to upload | - | Select **Advanced** | | - | Blob type | **Block blob** | - | Block size | **4 MiB** | - | Access tier | **Hot** (notice the other options) | - | Upload to folder | `securitytest` | - | Encryption scope | Use existing default container scope | - -1. Click **Upload**. - -1. Confirm you have a new folder, and your file was uploaded. - -1. Select your upload file and review the options including **Download**, **Delete**, **Change tier**, and **Acquire lease**. - -1. Copy the file **URL** and paste into a new **Inprivate** browsing window. - -1. You should be presented with an XML-formatted message stating **ResourceNotFound** or **PublicAccessNotPermitted**. - - > **Note**: This is expected, since the container you created has the public access level set to **Private (no anonymous access)**. - -### Configure limited access to the blob storage - -1. Select your uploaded file and then on the **Generate SAS** tab. You can also use the ellipsis (...) to the far right. Specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Signing key | **Key 1** | - | Permissions | **Read** (notice your other choices) | - | Start date | yesterday's date | - | Start time | current time | - | Expiry date | tomorrow's date | - | Expiry time | current time | - | Allowed IP addresses | leave blank | - -1. Click **Generate SAS token and URL**. - -1. Copy the **Blob SAS URL** entry to the clipboard. - -1. Open another InPrivate browser window and navigate to the Blob SAS URL you copied in the previous step. - - >**Note**: You should be able to view the content of the file. - -## Task 3: Create and configure an Azure File storage - -In this task, you will create and configure Azure File shares. You will use Storage Browser to manage the file share. - -### Create the file share and upload a file - -1. In the Azure portal, navigate back to your storage account, in the **Data storage** section, click **File shares**. - -1. Click **+ File share** and on the **Basics** tab give the file share a name, `share1`. - -1. Notice the **Tier** options. Keep the default **Transaction optimized**. - -1. Move to the **Backup** tab and ensure **Enable Backup** is **not** checked. We are disabling backup to simplify the lab configuration. - -1. Click **Review + create**, and then **Create**. Wait for the file share to deploy. - - ![Screenshot of the create file share page.](../media/az104-lab07-create-share.png) - -### Explore Storage Browser and upload a file - -1. Return to your storage account and select **Storage Browser**. The Azure Storage Browser is a portal tool that lets you quickly view all the storage services under your account. - -1. Select **File shares** and verify your **share1** directory is present. - -1. Select your **share1** directory and notice you can **+ Add directory**. This lets you create a folder structure. - -1. Select **Upload**. Browse to a file of your choice, and then click **Upload**. - - >**Note**: You can view file shares and manage those shares in the Storage Browser. There are currently no restrictions. - -### Restrict network access to the storage account - -1. In the portal, search for and select **Virtual networks**. - -1. Select **+ Create**. Select your resource group. and give the virtual network a **name**, `vnet1`. - -1. Take the defaults for other parameters, select **Review + create**, and then **Create**. - -1. Wait for the virtual network to deploy, and then select **Go to resource**. - -1. In the **Settings** section, select the **Subnets** blade. - + Select the **default** subnet. - + In the **Service endpoints** section choose **Microsoft.Storage** in the **Services** drop-down. - + Do not make any other changes. - + Be sure to **Save** your changes. - -1. Return to your storage account. - -1. In the **Security + networking** section, select the **Networking** blade. - -1. Select **add existing virtual network** and select **vnet1** and **default** subnet, select **Add**. - -1. In the **Firewall** section, **Delete** your machine IP address. Allowed traffic should only come from the virtual network. - -1. Be sure to **Save** your changes. - - >**Note:** The storage account should now only be accessed from the virtual network you just created. - -1. Select the **Storage browser** and **Refresh** the page. Navigate to your file share or blob content. - - >**Note:** You should receive a message *not authorized to perform this operation*. You are not connecting from the virtual network. It may take a couple of minutes for this to take effect. - - -![Screenshot unauthorized access.](../media/az104-lab07-notauthorized.png) - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ An Azure storage account contains all your Azure Storage data objects: blobs, files, queues, and tables. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. -+ Azure storage provides several redundancy models including Locally redundant storage (LRS), Zone-redundant storage (ZRS), and Geo-redundant storage (GRS). -+ Azure blob storage allows you to store large amounts of unstructured data on Microsoft's data storage platform. Blob stands for Binary Large Object, which includes objects such as images and multimedia files. -+ Azure file Storage provides shared storage for structured data. The data can be organized in folders. -+ Immutable storage provides the capability to store data in a write once, read many (WORM) state. Immutable storage policies can be time-based or legal-hold. - -## Learn more with self-paced training - -+ [Optimize your cost with Azure Blob Storage](https://learn.microsoft.com/training/modules/optimize-your-cost-azure-blob-storage/). Learn how to optimize your cost with Azure Blob Storage. -+ [Control access to Azure Storage with shared access signatures](https://learn.microsoft.com/training/modules/control-access-to-azure-storage-with-sas/). Grant access to data stored in your Azure Storage accounts securely by using shared access signatures. diff --git a/New Instructions/Lab/LAB_08-Manage_Virtual_Machines.md b/New Instructions/Lab/LAB_08-Manage_Virtual_Machines.md deleted file mode 100644 index d4dada2c..00000000 --- a/New Instructions/Lab/LAB_08-Manage_Virtual_Machines.md +++ /dev/null @@ -1,432 +0,0 @@ ---- -lab: - title: 'Lab 08: Manage Virtual Machines' - module: 'Administer Virtual Machines' ---- - -# Lab 08 - Manage Virtual Machines - -## Lab introduction - -In this lab, you create and compare virtual machines to virtual machine scale sets. You learn how to create, configure and resize a single virtual machine. You learn how to create a virtual machine scale set and configure autoscaling. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 50 minutes - -## Lab scenario - -Your organization wants to explore deploying and configuring Azure virtual machines. First, you implement an Azure virtual machine with manual scaling. Next, you implement a Virtual Machine Scale Set and explore autoscaling. - -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Create a virtual machine in the portal](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%201). Create a virtual machine, connect and install the web server role. - -+ [Deploy a virtual machine with a template](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%209). Explore the QuickStart gallery and locate a virtual machine template. Deploy the template and verify the deployment. - -+ [Create a virtual machine with PowerShell](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2010). Use Azure PowerShell to deploy a virtual machine. Review Azure Advisor recommendations. - -+ [Create a virtual machine with the CLI](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%2011). Use the CLI to deploy a virtual machine. Review Azure Advisor recommendations. - -## Job skills - -+ Task 1: Deploy zone-resilient Azure virtual machines by using the Azure portal. -+ Task 2: Manage compute and storage scaling for virtual machines. -+ Task 3: Create and configure Azure Virtual Machine Scale Sets. -+ Task 4: Scale Azure Virtual Machine Scale Sets. -+ Task 5: Create a virtual machine using Azure PowerShell (optional 1). -+ Task 6: Create a virtual machine using the CLI (optional 2). - -## Tasks 1 and 2: Azure Virtual Machines Architecture Diagram - -![Diagram of the vm architecture tasks.](../media/az104-lab08-vm-architecture.png) - -## Task 1: Deploy zone-resilient Azure virtual machines by using the Azure portal - -In this task, you will deploy two Azure virtual machines into different availability zones by using the Azure portal. Availability zones offer the highest level of uptime SLA for virtual machines at 99.99%. To achieve this SLA, you must deploy at least two virtual machines across different availability zones. - -1. Sign in to the Azure portal - `https://portal.azure.com`. - -1. Search for and select `Virtual machines`, on the **Virtual machines** blade, click **+ Create**, and then select in the drop-down **+ Azure virtual machine**. Notice your other choices. - -1. On the **Basics** tab, in the **Availability zone** drop down menu, place a checkmark next to **Zone 2**. This should select both **Zone 1** and **Zone 2**. - - >**Note**: This will deploy two virtual machines in the selected region, one in each zone. You achieve the 99.99% uptime SLA because you have at least two VMs distributed across at least two zones. In the scenario where you might only need one VM, it is a best practice to still deploy the VM to another zone. - -1. On the Basics tab, continue completing the configuration: - - | Setting | Value | - | --- | --- | - | Subscription | the name of your Azure subscription | - | Resource group | **az104-rg8** (If necessary, click **Create new**) | - | Virtual machine names | `az104-vm1` and `az104-vm2` (After selecting both availability zones, select **Edit names** under the VM name field.) | - | Region | **East US** | - | Availability options | **Availability zone** | - | Availability zone | **Zone 1, 2** (read the note about using virtual machine scale sets) | - | Security type | **Standard** | - | Image | **Windows Server 2019 Datacenter - x64 Gen2** | - | Azure Spot instance | **unchecked** | - | Size | **Standard D2s v3** | - | Username | `localadmin` | - | Password | **Provide a secure password** | - | Public inbound ports | **None** | - | Would you like to use an existing Windows Server license? | **Unchecked** | - - ![Screenshot of the create vm page.](../media/az104-lab08-create-vm.png) - -1. Click **Next: Disks >** , specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | OS disk type | **Premium SSD** | - | Delete with VM | **checked** (default) | - | Enable Ultra Disk compatibility | **Unchecked** | - -1. Click **Next: Networking >** take the defaults but do not provide a load balancer. - - | Setting | Value | - | --- | --- | - | Delete public IP and NIC when VM is deleted | **Checked** | - | Load balancing options | **None** | - - -1. Click **Next: Management >** and specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Patch orchestration options | **Azure orchestrated** | - -1. Click **Next: Monitoring >** and specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Boot diagnostics | **Disable** | - -1. Click **Next: Advanced >**, take the defaults, then click **Review + Create**. - -1. After the validation, click **Create**. - - >**Note:** Notice as the virtual machine deploys the NIC, disk, and public IP address (if configured) are independently created and managed resources. - -1. Wait for the deployment to complete, then select **Go to resource**. - - >**Note:** Monitor the **Notification** messages. - -## Task 2: Manage compute and storage scaling for virtual machines - -In this task, you will scale a virtual machine by adjusting its size to a different SKU. Azure provides flexibility in VM size selection so that you can adjust a VM for periods of time if it needs more (or less) compute and memory allocated. This concept is extended to disks, where you can modify the performance of the disk, or increase the allocated capacity. - -1. On the **az104-vm1** virtual machine, in the **Availability + scale** blade, select **Size**. - -1. Set the virtual machine size to **DS1_v2** and click **Resize**. When prompted, confirm the change. - - >**Note**: Choose another size if **Standard DS1_v2** is not available. Resizing is also known as vertical scaling, up or down. - - ![Screenshot of the resize the virtual machine.](../media/az104-lab08-resize-vm.png) - -1. In the **Settings** area, select **Disks**. - -1. Under **Data disks** select **+ Create and attach a new disk**. Configure the settings (leave other settings at their default values). - - | Setting | Value | - | --- | --- | - | Disk name | `vm1-disk1` | - | Storage type | **Standard HDD** | - | Size (GiB) | `32` | - -1. Click **Apply**. - -1. After the disk has been created, click **Detach** (if necessary, scroll to the right to view the detach icon), and then click **Apply**. - - >**Note**: Detaching removes the disk from the VM but keeps it in storage for later use. - -1. Search for and select `Disks`. From the list of disks, select the **vm1-disk1** object. - - >**Note:** The **Overview** blade also provides performance and usage information for the disk. - -1. In the **Settings** blade, select **Size + performance**. - -1. Set the storage type to **Standard SSD**, and then click **Save**. - -1. Navigate back to the **az104-vm1** virtual machine and select **Disks**. - -1. Verify the disk is now **Standard SSD**. - - >**Note:** You have now created a virtual machine, scaled the SKU and the data disk size. In the next task we use Virtual Machine Scale Sets to automate the scaling process. - -## Task 3 and 4: Azure Virtual Machine Scale Sets Architecture Diagram - -![Diagram of the vmss architecture tasks.](../media/az104-lab08-vmss-architecture.png) - -## Task 3: Create and configure Azure Virtual Machine Scale Sets - -In this task, you will deploy an Azure virtual machine scale set across availability zones. VM Scale Sets reduce the administrative overhead of automation by enabling you to configure metrics or conditions that allow the scale set to horizontally scale, scale in or scale out. - -1. In the Azure portal, search for and select `Virtual machine scale sets` and, on the **Virtual machine scale sets** blade, click **+ Create**. - -1. On the **Basics** tab of the **Create a virtual machine scale set** blade, specify the following settings (leave others with their default values) and click **Next : Spot >**: - - | Setting | Value | - | --- | --- | - | Subscription | the name of your Azure subscription | - | Resource group | **az104-rg8** | - | Virtual machine scale set name | `vmss1` | - | Region | **(US)East US** | - | Availability zone | **Zones 1, 2, 3** | - | Orchestration mode | **Uniform** | - | Security type | **Standard** | - | Image | **Windows Server 2019 Datacenter - x64 Gen2** | - | Run with Azure Spot discount | **Unchecked** | - | Size | **Standard D2s_v3** | - | Username | `localadmin` | - | Password | **Provide a secure password** | - | Already have a Windows Server license? | **Unchecked** | - - >**Note**: For the list of Azure regions which support deployment of Windows virtual machines to availability zones, refer to [What are Availability Zones in Azure?](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview) - - ![Screenshot of the create vmss page. ](../media/az104-lab08-create-vmss.png) - -1. On the **Spot** tab, accept the defaults and select **Next: Disks >**. - -1. On the **Disks** tab, accept the default values and click **Next : Networking >**. - -1. On the **Networking** page, click the **Create virtual network** link below the **Virtual network** textbox and create a new virtual network with the following settings (leave others with their default values). When finished, select **OK**. - - | Setting | Value | - | --- | --- | - | Name | `vmss-vnet` | - | Address range | `10.82.0.0/20` (change what is there) | - | Subnet name | `subnet0` | - | Subnet range | `10.82.0.0/24` | - -1. In the **Networking** tab, click the **Edit network interface** icon to the right of the network interface entry. - -1. For **NIC network security group** section, select **Advanced** and then click **Create new** under the **Configure network security group** drop-down list. - -1. On the **Create network security group** blade, specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Name | **vmss1-nsg** | - -1. Click **Add an inbound rule** and add an inbound security rule with the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Source | **Any** | - | Source port ranges | * | - | Destination | **Any** | - | Service | **HTTP** | - | Action | **Allow** | - | Priority | **1010** | - | Name | `allow-http` | - -1. Click **Add** and, back on the **Create network security group** blade, click **OK**. - -1. In the **Edit network interface** blade, in the **Public IP address** section, click **Enabled** and click **OK**. - -1. In the **Networking** tab, under the **Load balancing** section, specify the following (leave others with their default values). - - | Setting | Value | - | --- | --- | - | Load balancing options | **Azure load balancer** | - | Select a load balancer | **Create a load balancer** | - -1. On the **Create a load balancer** page, specify the load balancer name and take the defaults. Click **Create** when you are done then **Next : Scaling >**. - - | Setting | Value | - | --- | --- | - | Load balancer name | `vmss-lb` | - - >**Note:** Pause for a minute and review what you done. At this point, you have configured the virtual machine scale set with disks and networking. In the network configuration you have created a network security group and allowed HTTP. You have also created a load balancer with a public IP address. - -1. On the **Scaling** tab, specify the following settings (leave others with their default values) and click **Next : Management >**: - - | Setting | Value | - | --- | --- | - | Initial instance count | `2` | - | Scaling policy | **Manual** | - -1. On the **Management** tab, specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | Boot diagnostics | **Disable** | - -1. Click **Next : Health >**. - -1. On the **Health** tab, review the default settings without making any changes and click **Next : Advanced >**. - -1. On the **Advanced** tab, click **Review + create**. - -1. On the **Review + create** tab, ensure that the validation passed and click **Create**. - - >**Note**: Wait for the virtual machine scale set deployment to complete. This should take approximately 5 minutes. While you wait review the [documentation](https://learn.microsoft.com/azure/virtual-machine-scale-sets/overview). - -## Task 4: Scale Azure Virtual Machine Scale Sets - -In this task, you scale the virtual machine scale set using a custom scale rule. - -1. Select **Go to resource** or search for and select the **vmss1** scale set. - -1. Choose **Scaling** from the menu on the left-hand side of the scale set window. - ->**Did you know?** You can **Manual scale** or **Custom autoscale**. In scale sets with a small number of VM instances, increasing or decreasing the instance count (Manual scale) may be best. In scale sets with a large number of VM instances, scaling based on metrics (Custom autoscale) may be more appropriate. - -### Scale out rule - -1. Select **Custom autoscale**. then change the **Scale mode** to **Scale based on metric**. And then select **Add rule**. - -1. Let's create a rule that automatically increases the number of VM instances. This rule scales out when the average CPU load is greater than 70% over a 10-minute period. When the rule triggers, the number of VM instances is increased by 20%. - - | Setting | Value | - | --- | --- | - | Metric source | **Current resource (vmss1)** | - | Metric namespace | **Virtual Machine Host** | - | Metric name | **Percentage CPU** (review your other choices) | - | Operator | **Greater than** | - | Metric threshold to trigger scale action | **70** | - | Duration (minutes) | **10** | - | Time grain statistic | **Average** | - | Operation | **Increase percent by** (review other choices) | - | Cool down (minutes) | **5** | - | Percentage | **20** | - - ![Screenshot of the scaling add rule page.](../media/az104-lab08-scale-rule.png) - -1. Be sure to **Save** your changes. - -### Scale in rule - -1. During evenings or weekends, demand may decrease so it is important to create a scale in rule. - -1. Let's create a rule that decreases the number of VM instances in a scale set. The number of instances should decrease when the average CPU load drops below 30% over a 10-minute period. When the rule triggers, the number of VM instances is decreased by 20%. - -1. Select **Add a rule**, adjust the settings, then select **Add**. - - | Setting | Value | - | --- | --- | - | Operator | **Less than** | - | Threshold | **30** | - | Operation | **decrease percentage by** (review your other choices) | - | Percentage | **20** | - -1. Be sure to **Save** your changes. - -### Set the instance limits - -1. When your autoscale rules are applied, instance limits make sure that you do not scale out beyond the maximum number of instances or scale in beyond the minimum number of instances. - -1. **Instance limits** are shown on the **Scaling** page after the rules. - - | Setting | Value | - | --- | --- | - | Minimum | **2** | - | Maximum | **10** | - | Default | **2** | - -1. Be sure to **Save** your changes - -1. On the **vmss1** page, select **Instances**. This is where you would monitor the number of virtual machine instances. - - >**Note:** If you are interested in using Azure PowerShell for virtual machine creation, try Task 5. If you are interested in using the CLI to create virtual machines, try Task 6. - -## Task 5: Create a virtual machine using Azure PowerShell (option 1) - -1. Use the icon (top right) to launch a **Cloud Shell** session. Alternately, navigate directly to `https://shell.azure.com`. - -1. Be sure to select **PowerShell**. If necessary, use the **Show advanced settings** and configure the shell storage. - -1. Run the following command to create a virtual machine. When prompted, provide a username and password for the VM. While you wait check out the [New-AzVM](https://learn.microsoft.com/powershell/module/az.compute/new-azvm?view=azps-11.1.0) command reference for all the parameters associated with creating a virtual machine. - - ```powershell - New-AzVm ` - -ResourceGroupName 'az104-rg8' ` - -Name 'myPSVM' ` - -Location 'East US' ` - -Image 'Win2019Datacenter' ` - -Zone '1' ` - -Size 'Standard_D2s_v3' - -Credential '(Get-Credential)' ` - ``` - -1. Once the command completes, use **Get-AzVM** to list the virtual machines in your resource group. - - ```powershell - Get-AzVM ` - -ResourceGroupName 'az104-rg8' ` - -Status - ``` - -1. Verify your new virtual machine is listed and the **Status** is **Running**. - -1. Use **Stop-AzVM** to deallocate your virtual machine. Type **Yes** to confirm. - - ```powershell - Stop-AzVM ` - -ResourceGroupName 'az104-rg8' ` - -Name 'myPSVM' ` - ``` - -1. Use **Get-AzVM** with the **-Status** parameter to verify the machine is **deallocated**. - - >**Did you know?** When you use Azure to stop your virtual machine, the status is *deallocated*. This means that any non-static public IPs are released, and you stop paying for the VM’s compute costs. - -## Task 6: Create a virtual machine using the CLI (option 2) - -1. Use the icon (top right) to launch a **Cloud Shell** session. Alternately, navigate directly to `https://shell.azure.com`. - -1. Be sure to select **Bash**. If necessary, use the **Show advanced settings** and configure the shell storage. - -1. Run the following command to create a virtual machine. When prompted, provide a username and password for the VM. While you wait check out the [az vm create](https://learn.microsoft.com/cli/azure/vm?view=azure-cli-latest#az-vm-create) command reference for all the parameters associated with creating a virtual machine. - - ```sh - az vm create --name myCLIVM --resource-group az104-rg8 --image Ubuntu2204 --admin-username localadmin --generate-ssh-keys - ``` - -1. Once the command completes, use **az vm show** to verify your machine was created. - - ```sh - az vm show --name myCLIVM --resource-group az104-rg8 --show-details - ``` - -1. Verify the **powerState** is **VM Running**. - -1. Use **az vm deallocate** to deallocate your virtual machine. Type **Yes** to confirm. - - ```sh - az vm deallocate --resource-group az104-rg8 --name myCLIVM - ``` - -1. Use **az vm show** to ensure the **powerState** is **VM deallocated**. - - >**Did you know?** When you use Azure to stop your virtual machine, the status is *deallocated*. This means that any non-static public IPs are released, and you stop paying for the VM’s compute costs. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure virtual machines are on-demand, scalable computing resources. -+ Azure virtual machines provide both vertical and horizontal scaling options. -+ Configuring Azure virtual machines includes choosing an operating system, size, storage and networking settings. -+ Azure Virtual Machine Scale Sets let you create and manage a group of load balanced VMs. -+ The virtual machines in a Virtual Machine Scale Set are created from the same image and configuration. -+ In a Virtual Machine Scale Set the number of VM instances can automatically increase or decrease in response to demand or a defined schedule. - -## Learn more with self-paced training - -+ [Create a Windows virtual machine in Azure](https://learn.microsoft.com/training/modules/create-windows-virtual-machine-in-azure/). Create a Windows virtual machine using the Azure portal. Connect to a running Windows virtual machine using Remote Desktop -+ [Build a scalable application with Virtual Machine Scale Sets](https://learn.microsoft.com/training/modules/build-app-with-scale-sets/). Enable your application to automatically adjust to changes in load while minimizing costs with Virtual Machine Scale Sets. -+ [Connect to virtual machines through the Azure portal by using Azure Bastion](https://learn.microsoft.com/en-us/training/modules/connect-vm-with-azure-bastion/). Deploy Azure Bastion to securely connect to Azure virtual machines directly within the Azure portal to effectively replace an existing jumpbox solution, monitor remote sessions by using diagnostic logs, and manage remote sessions by disconnecting a user session. - diff --git a/New Instructions/Lab/LAB_09a-Implement_Web_Apps.md b/New Instructions/Lab/LAB_09a-Implement_Web_Apps.md deleted file mode 100644 index 2cb45210..00000000 --- a/New Instructions/Lab/LAB_09a-Implement_Web_Apps.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -lab: - title: 'Lab 09a: Implement Web Apps' - module: 'Administer PaaS Compute Options' ---- - -# Lab 09a - Implement Web Apps - - -## Lab introduction - -In this lab, you learn about Azure web apps. You learn to configure a web app to display a Hello World application in an external GitHub repository. You learn to create a staging slot and swap with the production slot. You also learn about autoscaling to accommodate demand changes. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using East US. - -## Estimated timing: 20 minutes - -## Lab scenario - -Your organization is interested in Azure Web apps for hosting your company websites. The websites are currently hosted in an on-premises data center. The websites are running on Windows servers using the PHP runtime stack. The hardware is nearing end-of-life and will soon need to be replaced. Your organization wants to avoid new hardware costs by using Azure to host the websites. - -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Create a web app](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%202). Create a web app that runs a Docker container. - -+ [Implement Azure web apps](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2013). Create an Azure web app, manage the deployment, and scale the app. - -## Architecture diagram - -![Diagram of the tasks.](../media/az104-lab09a-architecture.png) - -## Job skills - -+ Task 1: Create and configure an Azure web app. -+ Task 2: Create and configure a deployment slot. -+ Task 3: Configure web app deployment settings. -+ Task 4: Swap deployment slots. -+ Task 5: Configure and test autoscaling of the Azure web app. - -## Task 1: Create and configure an Azure web app - -In this task, you create an Azure web app. Azure App Services is a Platform As a Service (PAAS) solution for web, mobile, and other web-based applications. Azure web apps is part Azure App Services hosting most runtime environments, such as PHP, Java, and .NET. The app service plan that you select determines the web app compute, storage, and features. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `App services`. - -1. Select **+ Create**, from drop-down menu, **Web App**. Notice the other choices. - -1. On the **Basics** tab of the **Create Web App** blade, specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | ---| - | Subscription | your Azure subscription | - | Resource group | `az104-rg9` (If necessary, select **Create new**) | - | Web app name | any globally unique name | - | Publish | **Code** | - | Runtime stack | **PHP 8.2** | - | Operating system | **Linux** | - | Region | **East US** | - | Pricing plans | accept the defaults | - | Zone redundancy | accept the defaults | - - 1. Click **Review + create**, and then **Create**. - - >**Note**: Wait until the Web App is created before you proceed to the next task. This should take about a minute. - -1. After the deployment, select **Go to resource**. - -## Task 2: Create and configure a deployment slot - -In this task, you will create a staging deployment slot. Deployment slots enable you to perform testing prior to making your app available to the public (or your end users). After you have performed testing, you can swap the slot from development or staging to production. Many organizations use slots to perform pre-production testing. Additionally, many organizations run multiple slots for every application (for example, development, QA, test, and production). - -1. On the blade of the newly deployed Web App, click the **Default domain** link to display the default web page in a new browser tab. - -1. Close the new browser tab and, back in the Azure portal, in the **Deployment** section of the Web App blade, click **Deployment slots**. - - >**Note**: The Web App, at this point, has a single deployment slot labeled **PRODUCTION**. - -1. Click **+ Add slot**, and add a new slot with the following settings: - - | Setting | Value | - | --- | ---| - | Name | `staging` | - | Clone settings from | **Do not clone settings**| - -1. Select **Add**. - -1. Back on the **Deployment slots** blade of the Web App, click the entry representing the newly created staging slot. - - >**Note**: This will open the blade displaying the properties of the staging slot. - -1. Review the staging slot blade and note that its URL differs from the one assigned to the production slot. - -## Task 3: Configure Web App deployment settings - -In this task, you will configure Web App deployment settings. Deployment settings allow for continuous deployment. This ensures that the app service has the latest version of the application. - -1. In the staging slot, select **Deployment Center** and then select **Settings**. - - >**Note:** Make sure you are on the staging slot blade (instead than the production slot). - -1. In the **Source** drop-down list, select **External Git**. Notice the other choices. - -1. In the repository field, enter `https://github.com/Azure-Samples/php-docs-hello-world` - -1. In the branch field, enter `master`. - -1. Select **Save**. - -1. From the staging slot, select **Overview**. - -1. Select the **Default domain** link, and open the URL in a new tab. - -1. Verify that the staging slot displays **Hello World**. - ->**Note:** The deployment may take a minute. Be sure to **Refresh** the application page. - -## Task 4: Swap deployment slots - -In this task, you will swap the staging slot with the production slot. Swapping a slot allows you to use the code that you have tested in your staging slot, and move it to production. The Azure portal will also prompt you if you need to move other application settings that you have customized for the slot. Swapping slots is a common task for application teams and application support teams, especially those deploying routine app updates and bug fixes. - -1. Navigate back to the **Deployment slots** blade, and then select **Swap**. - -1. Review the default settings and click **Swap**. - -1. On the **Overview** blade of the Web App select the **Default domain** link to display the website home page. - -1. Verify the production web page displays the **Hello World!** page. - - >**Note:** Copy the Default domain **URL** you will need it for load testing in the next task. - -## Task 5: Configure and test autoscaling of the Azure Web App - -In this task, you will configure autoscaling of Azure Web App. Autoscaling enables you to maintain optimal performance for your web app when traffic to the web app increases. To determine when the app should scale you can monitor metrics like CPU usage, memory, or bandwidth. - -1. In the **Settings** section, select **Scale out (App Service plan)**. - - >**Note:** Ensure you are working on the production slot not the staging slot. - -1. From the **Scaling** section, select **Automatic**. Notice the **Rules Based** option. Rules based scaling can be configured for different app metrics. - -1. In the **Maximum burst** field, select **2**. - - ![Screenshot of the autoscale page.](../media/az104-lab09a-autoscale.png) - -1. Select **Save**. - -1. Select **Diagnose and solve problems** (left pane). - -1. In the **Load Test your App** box, select **Create Load Test**. - - + Select **+ Create** and give your load test a **name**. The name must be unique. - + Select **Review + create** and then **Create**. - -1. Wait for the load test to create, and then select **Go to resource**. - -1. From the **Overview** | **Add HTTP requests**, select **Create**. - -1. For the **Test URL**, paste in your **Default domain** URL. Ensure this is properly formatted and begins with **https://**. - -1. Select **Review + create** and **Create**. - - >**Note:** It may take a couple of minutes to create the test. - -1. Review the test results including **Virtual users**, **Response time**, and **Requests/sec**. - -1. Select **Stop** to complete the test run. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure App Services lets you quickly build, deploy, and scale web apps. -+ App Service includes support for many developer environments including ASP.NET, Java, PHP, and Python. -+ Deployment slots allow you to create separate environments for deploying and testing your web app. -+ You can manually or automatically scale a web app to handle additional demand. -+ A wide variety of diagnostics and testing tools are available. - -## Learn more with self-paced training - -+ [Stage a web app deployment for testing and rollback by using App Service deployment slots](https://learn.microsoft.com/training/modules/stage-deploy-app-service-deployment-slots/). Use deployment slots to streamline deployment and roll back a web app in Azure App Service. -+ [Scale an App Service web app to efficiently meet demand with App Service scale up and scale out](https://learn.microsoft.com/training/modules/app-service-scale-up-scale-out/). Respond to periods of increased activity by incrementally increasing the resources available and then, to reduce costs, decreasing these resources when activity drops. diff --git a/New Instructions/Lab/LAB_09b-Implement_Azure_Container_Instances.md b/New Instructions/Lab/LAB_09b-Implement_Azure_Container_Instances.md deleted file mode 100644 index 80de5895..00000000 --- a/New Instructions/Lab/LAB_09b-Implement_Azure_Container_Instances.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -lab: - title: 'Lab 09b: Implement Azure Container Instances' - module: 'Administer PaaS Compute Options' ---- - -# Lab 09b - Implement Azure Container Instances - -## Lab introduction - -In this lab, you learn how to implement and deploy Azure Container Instances. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 15 minutes - -## Lab scenario - -Your organization has a web application that runs on a virtual machine in your on-premises data center. The organization wants to move all applications to the cloud but doesn't want to have a large number of servers to manage. You decide to evaluate Azure Container Instances and Docker. -## Interactive lab simulations - -There are interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Deploy Azure Container Instances](https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals%20Exercise%203). Create, configure, and deploy a Docker container with Azure Container Instances. - -+ [Implement Azure Container Instances](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2014). Deploy a Docker image using Azure Container Instances. - -## Job skills - -- Task 1: Deploy an Azure Container Instance using a Docker image. -- Task 2: Test and verify deployment of an Azure Container Instance. - - -## Architecture diagram - -![Diagram of the tasks.](../media/az104-lab09b-aci-architecture.png) - -## Task 1: Deploy an Azure Container Instance using a Docker image - -In this task, you will create a simple web application using a Docker image. Docker is a platform that provides the ability to package and run applications in isolated environments called containers. Azure Container Instances provides the compute environment for the container image. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. In the Azure portal, search for and select `Container instances` and then, on the **Container instances** blade, click **+ Create**. - -1. On the **Basics** tab of the **Create container instance** blade, specify the following settings (leave others with their default values): - - | Setting | Value | - | ---- | ---- | - | Subscription | Select your Azure subscription | - | Resource group | `az104-rg9` (If necessary, select **Create new**) | - | Container name | `az104-c1` | - | Region | **East US** (or a region available near you)| - | Image Source | **Quickstart images** | - | Image | **mcr.microsoft.com/azuredocs/aci-helloworld:latest (Linux)** | - -1. Click **Next: Networking >** and specify the following settings (leave others with their default values): - - | Setting | Value | - | --- | --- | - | DNS name label | any valid, globally unique DNS host name | - - >**Note**: Your container will be publicly reachable at dns-name-label.region.azurecontainer.io. If you receive a **DNS name label not available** error message, specify a different value. - -1. Click **Next: Advanced >**, review the settings without making any changes. - - 1. Click **Review + Create**, ensure that the validation passed and then select **Create**. - - >**Note**: Wait for the deployment to complete. This should take 2-3 minutes. - - >**Note**: While you wait, you may be interested in viewing the [code behind the sample application](https://github.com/Azure-Samples/aci-helloworld). To view the code, browse the \\app folder. - -## Task 2: Test and verify deployment of an Azure Container Instance - -In this task, you review the deployment of the container instance. By default, the Azure Container Instance is accessible over port 80. After the instance has been deployed, you can navigate to the container using the DNS name that you provided in the previous task. - -1. On the deployment blade, click the **Go to resource** link. - -1. On the **Overview** blade of the container instance, verify that **Status** is reported as **Running**. - -1. Copy the value of the container instance **FQDN**, open a new browser tab, and navigate to the corresponding URL. - - ![Screenshot of the ACI overview page in the portal.](../media/az104-lab09b-aci-overview.png) - -1. Verify that the **Welcome to Azure Container Instance** page is displayed. Refresh the page several times to create some log entries then close the browser tab. - -1. In the **Settings** section of the container instance blade, click **Containers**, and then click **Logs**. - -1. Verify that you see the log entries representing the HTTP GET request generated by displaying the application in the browser. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure Container Instances (ACI) is a service that enables you to deploy containers on the Microsoft Azure public cloud. -+ ACI doesn't require you to provision or manage any underlying infrastructure. -+ ACI supports both Linux containers and Windows containers. -+ Workloads on ACI are usually started and stopped by some kind of process or trigger and are usually short-lived. - -## Learn more with self-paced training - -+ [Run container images in Azure Container Instances](https://learn.microsoft.com/training/modules/create-run-container-images-azure-container-instances/). Learn how Azure Container Instances can help you quickly deploy containers, how to set environment variables, and specify container restart policies. - - diff --git a/New Instructions/Lab/LAB_09c-Implement-Azure-Container-Apps.md b/New Instructions/Lab/LAB_09c-Implement-Azure-Container-Apps.md deleted file mode 100644 index 750c795b..00000000 --- a/New Instructions/Lab/LAB_09c-Implement-Azure-Container-Apps.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -lab: - title: 'Lab 09c: Implement Azure Container Apps' - module: 'Administer PaaS Compute Options' ---- - -# Lab 09c - Implement Azure Container Apps - -## Lab introduction - -In this lab, you learn how to implement and deploy Azure Container Apps. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 15 minutes - -## Lab scenario - -Your organization has a web application that runs on a virtual machine in your on-premises data center. The organization wants to move all applications to the cloud but doesn't want to have a large number of servers to manage. You decide to evaluate Azure Container Apps. - -## Interactive lab simulations - -There are no interactive lab simulations for this topic. - -## Job skills - -- Task 1: Create and configure an Azure Container App and environment. -- Task 2: Test and verify deployment of the Azure Container App. - -## Architecture diagram - -![Diagram of the tasks.](../media/az104-lab09b-aca-architecture.png) - -## Task 1: Create and configure an Azure Container App and environment - -Azure Container Apps take the concept of a managed Kubernetes cluster a step further and manages the cluster environment as well as provides other managed services on top of the cluster. Unlike an Azure Kubernetes cluster, where you must still manage the cluster, an Azure Container Apps instance removes some of the complexity to setting up a Kubernetes cluster. - -1. From the Azure portal, search for and select `Container Apps`. - -1. From **Container Apps**, select **Create**. - -1. Use the following information to fill out the details on the **Basics** tab.*. - - | Setting | Action | - |---|---| - | Subscription | Select your Azure subscription | - | Resource group | `az104-rg9` | - | Container app name | `my-app` | - | Region | **East US** (Or a region available near you) | - | Container Apps Environment | Leave default | - -1. On the **Container** tab, ensure that **Use quickstart image** is enabled and that the quickstart image is set to **Simple hello world container**. - -1. Select the **Review and create** and then **Create**. - - >**Note:** Wait for the container app to deploy. This will take a couple of minutes. - -## Task 2: Test and verify deployment of the Azure Container App - -By default, the Azure container app that you create will accept traffic on port 80 using the sample Hello World application. Azure Container Apps will provide a DNS name for the application. Copy and navigate to this URL to ensure that the application is up and running. - -1. Select **Go to resource** to view your new container app. - -1. Select the link next to *Application URL* to view your application. - - ![Screenshot of the ACA overview page in the portal.](../media/az104-lab09b-aca-overview.png) - -1. Verify you receive the **Your Azure Container Apps app is live** message. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure Container Apps (ACA) is a serverless platform that allows you to maintain less infrastructure and save costs while running containerized applications. -+ Container Apps provides server configuration, container orchestration, and deployment details. -+ Workloads on ACA are usually long-running processes like a Web App. - -## Learn more with self-paced training - -+ [Configure a container app in Azure Container Apps](https://learn.microsoft.com/training/modules/configure-container-app-azure-container-apps/). Examines the features and capabilities of Azure Container Apps, and then focuses on how to create, configure, scale, and manage container apps using Azure Container Apps. - diff --git a/New Instructions/Lab/LAB_10-Implement_Data_Protection.md b/New Instructions/Lab/LAB_10-Implement_Data_Protection.md deleted file mode 100644 index cbd316a6..00000000 --- a/New Instructions/Lab/LAB_10-Implement_Data_Protection.md +++ /dev/null @@ -1,302 +0,0 @@ ---- -lab: - title: 'Lab 10: Implement Data Protection' - module: 'Administer Data Protection' ---- - -# Lab 10 - Implement Data Protection - -## Lab introduction - -In this lab, you learn about backup and recovery of Azure virtual machines. You learn to create a Recovery Service vault and a backup policy for Azure virtual machines. You learn about disaster recovery with Azure Site Recovery. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the regions, but the steps are written using **East US** and **West US**. - -## Estimated timing: 50 minutes - -## Lab scenario - -Your organization is evaluating how to backup and restore Azure virtual machines from accidental or malicious data loss. Additionally, the organization wants to explore using Azure Site Recovery for disaster recovery scenarios. - -## Interactive lab simulation - -There is an interactive lab simulation that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ **[Backup virtual machines and on-premises files.](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2016)**. Create a recovery services vault and implement an Azure virtual machine backup. Implement on-premises file and folder backup using the Microsoft Azure Recovery Services agent. On-premises backups are outside the scope of this lab but it might be helpful to view those steps. - -## Job skills - -+ Task 1: Use a template to provision an infrastructure. -+ Task 2: Create and configure a Recovery Services vault. -+ Task 3: Configure Azure virtual machine-level backup. -+ Task 4: Monitor Azure Backup. -+ Task 5: Enable virtual machine replication. - -## Estimated timing: 40 minutes - -## Architecture diagram - -![Diagram of the architecture tasks.](../media/az104-lab10-architecture.png) - -## Task 1: Use a template to provision an infrastructure - -In this task, you will use a template to deploy a virtual machine. The virtual machine will be used to test different backup scenarios. - -1. Download the **\\Allfiles\\Lab10\\** lab files. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. Search for and select `Deploy a custom template`. - -1. On the custom deployment page, select **Build you own template in the editor**. - -1. On the edit template page, select **Load file**. - -1. Locate and select the **\\Allfiles\\Lab10\\az104-10-vms-edge-template.json** file and select **Open**. - - >**Note:** Take a moment to review the template. We are deploying a virtual network and virtual machine so we can demonstrate backup and recovery. - -1. **Save** your changes. - -1. Select **Edit parameters** and then **Load file**. - -1. Load and select the **\\Allfiles\\Lab10\\az104-10-vms-edge-parameters.json** file. - -1. **Save** your changes. - -1. Use the following information to complete the custom deployment fields, leaving all other fields with their default values: - - | Setting | Value | - | --- | --- | - | Subscription | Your Azure subscription | - | Resource group| `az104-rg-region1` (If necessary, select **Create new**) - | Region | **East US** | - | Username | **localadmin** | - | Password | Provide a complex password | - -1. Select **Review + Create**, then select **Create**. - - >**Note:** Wait for the template to deploy, then select **Go to resource**. You should have one virtual machine in one virtual network. - -## Task 2: Create and configure a Recovery Services vault - -In this task, you will create a Recovery Services vault. A Recovery Services vault provides storage for the virtual machine data. - -1. In the Azure portal, search for and select `Recovery Services vaults` and, on the **Recovery Services vaults** blade, click **+ Create**. - -1. On the **Create Recovery Services vault** blade, specify the following settings: - - | Settings | Value | - | --- | --- | - | Subscription | the name of your Azure subscription | - | Resource group | `az104-rg-region1` | - | Vault Name | `az104-rsv-region1` | - | Region | **East US** | - - >**Note**: Make sure that you specify the same region into which you deployed virtual machines in the previous task. - - ![Screenshot of the recovery services vault.](../media/az104-lab10-create-rsv.png) - -1. Click **Review + Create**, ensure that the validation passes and then click **Create**. - - >**Note**: Wait for the deployment to complete. The deployment should take a couple of minutes. - -1. When the deployment is completed, click **Go to Resource**. - -1. On the Recovery Services vault blade, in the **Settings** section, click **Properties**. - -1. Select the **Update** link under **Backup Configuration** label. - -1. On the **Backup Configuration** blade, review the choices for **Storage replication type**. Leave the default setting of **Geo-redundant** in place and close the blade. - - >**Note**: This setting can be configured only if there are no existing backup items. - - >**Did you know?** The [Cross Region Restore](https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore) option allows you to restore data in a secondary, Azure paired region. - -1. Return to the Recovery Services vault blade, click the **Update** link under **Security Settings > Soft Delete and security settings** label. - -1. On the **Security Settings** blade, note that **Soft Delete (For workload running in Azure)** is **Enabled**. Notice the **soft delete retention period** is **14** days. - -1. Return to the Recovery Services vault blade, select the **Overview** blade. - ->**Did you know?** Azure has two types of vaults: Recovery Services vaults and Backup vaults. The main difference is the datasources that can be backed up. Learn more about [the differences](https://learn.microsoft.com/answers/questions/405915/what-is-difference-between-recovery-services-vault). - -## Task 3: Configure Azure virtual machine-level backup - -In this task, you will implement Azure virtual-machine level backup. As part of a VM backup, you will need to define the backup and retention policy that applies to the backup. Different VMs can have different backup and retention policies assigned to them. - - >**Note**: Before you start this task, make sure that the deployment you initiated in the first task of this lab has successfully completed. - -1. On the Recovery Services vault blade, click **Overview**, then click **+ Backup**. - -1. On the **Backup Goal** blade, specify the following settings: - - | Settings | Value | - | --- | --- | - | Where is your workload running? | **Azure** (notice your other options) | - | What do you want to backup? | **Virtual machine** (notice your other options | - -1. Select **Backup**. - -1. Notice there a two **Policy sub types**: **Enhanced** and **Standard**. Review the choices and select **Standard**. - -1. In **Backup policy**, select **Create a new policy**. - -1. Define a new backup policy with the following settings (leave others with their default values): - - | Setting | Value | - | ---- | ---- | - | Policy name | `az104-backup` | - | Frequency | **Daily** | - | Time | **12:00 AM** | - | Timezone | the name of your local time zone | - | Retain instant recovery snapshot(s) for | **12** Days(s) | - - ![Screenshot of the backup policy page.](../media/az104-lab10-backup-policy.png) - -1. Click **OK** to create the policy and then, in the **Virtual Machines** section, select **Add**. - -1. On the **Select virtual machines** blade, select **az-104-10-vm0**, click **OK**, and then back on the **Backup** blade, click **Enable backup**. - - >**Note**: Wait for the backup to be enabled. This should take approximately 2 minutes. - -1. In the **Protected items** section, click **Backup items**, and then click the **Azure virtual machine** entry. - -1. Select the **View details** link for **az104-10-vm0**, and review the values of the **Backup Pre-Check** and **Last Backup Status** entries. - - >**Note:** Notice the backup is pending. - -1. Select **Backup now**, accept the default value in the **Retain Backup Till** drop-down list, and click **OK**. - - >**Note**: Do not wait for the backup to complete but instead proceed to the next task. - -## Task 4: Monitor Azure Backup - -In this task, you will deploy an Azure storage account. Then you will configure the vault to send the logs and metrics to the storage account. This repository can then be used with Log Analytics or other third-party monitoring solutions. - -1. From the Azure portal, search for and select `Storage accounts`. - -1. On the Storage accounts page, select **Create**. - -1. Use the following information to define the storage account, then and select **Review**. - - | Settings | Value | - | --- | --- | - | Subscription | *Your subscription* | - | Resource group | **az104-rg-region1** | - | Storage account name | Provide a globally unique name | - | Region | **East US** | - -1. On the Review tab, select **Create**. - - >**Note**: Wait for the deployment to complete. It should take about a minute. - -1. Search and select your Recovery Services vault. - -1. Select **Diagnostic Settings** and then select **Add diagnostic setting**. - -1. Name the setting `Logs and Metrics to storage`. - -1. Place a checkmark next to the following log and metric categories: - - - **Azure Backup Reporting Data** - - **Addon Azure Backup Job Data** - - **Addon Azure Backup Alert Data** - - **Azure Site Recovery Jobs** - - **Azure Site Recovery Events** - - **Health** - -1. In the Destination details, place a checkmark next to **Archive to a storage account**. - -1. In the Storage account drop-down field, select the storage account that you deployed earlier in this task. - -1. Select **Save**. - -1. Return to your Recovery Services vault, in the **Monitoring** blade select **Backup jobs**. - -1. Locate the backup operation for the **az104-10-vm0** virtual machine. - -1. Review the details of the backup job. - -## Task 5: Enable virtual machine replication - -1. In the Azure portal, search for and select `Recovery Services vaults` and, on the **Recovery Services vaults** blade, click **+ Create**. - -1. On the **Create Recovery Services vault** blade, specify the following settings: - - | Settings | Value | - | --- | --- | - | Subscription | the name of your Azure subscription | - | Resource group | `az104-rg-region2` (If necessary, select **Create new**) | - | Vault Name | `az104-rsv-region2` | - | Region | **West US** | - - >**Note**: Make sure that you specify a **different** region than the virtual machine. - -1. Click **Review + Create**, ensure that the validation passes and then click **Create**. - - >**Note**: Wait for the deployment to complete. The deployment should take a couple of minutes. - -1. Search for and select the `az104-10-vm0` virtual machine. - -1. In the **Backup + Disaster recovery** blade, select **Disaster recovery**. - -1. Select **Enable replication**. - -1. On the **Basics** tab, notice the **Target region**. - -1. Move to the **Advanced settings** tab. Resource selections have been made for you. It is important to review them. - -1. Verify your subscription, vm resource group, virtual network, and availability (take the default) settings. - -1. In **Storage settings** select **Show details**. - - | Setting | Value | - | ---- | ---- | - | Churn for the vm | **Normal churn** | - | Cache storage account | **(new) xxx** | - - >**Note:** It is important that both of these settings be populated, or the validation will fail. If values are not present, try refreshing the page. If that doesn't work, create an empty storage account and then return to this page. - -1. In **Replication settings** select **Show details**. Notice your recovery resources vault in region 2 was automatically selected. - -1. Select **Review + Start replication** and then **Enable replication**. - - >**Note**: Enabling replication will take a 10-15 minutes. Watch the notification messages in the upper right of the portal. While you wait, consider reviewing the self-paced training links at the end of this page. - -1. Once the replication is complete, search for and locate your Recovery Services Vault, **az104-rsv-region2**. You may need to **Refresh** the page. - -1. In the **Protected items** section, select **Replicated items**. - -1. Check that the virtual machine is showing as healthy for the replication health. Note that the status will show the synchronization (starting at 0%) status and ultimately show **Protected** after the initial synchronization completes. - - ![Screenshot of the replicated items page.](../media/az104-lab10-replicated-items.png) - -1. Select the virtual machine to view more details. - ->**Did you know?** It is a good practice to [test the failover of a protected VM](https://learn.microsoft.com/azure/site-recovery/tutorial-dr-drill-azure#run-a-test-failover-for-a-single-vm). - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Azure Backup service provides simple, secure, and cost-effective solutions to back up and recover your data. -+ Azure Backup can protect on-premises and cloud resources including virtual machines and file shares. -+ Azure Backup policies configure the frequency of backups and the retention period for recovery points. -+ Azure Site Recovery is a disaster recovery solution that provides protection for your virtual machines and applications. -+ Azure Site Recovery replicates your workloads to a secondary site, and in the event of an outage or disaster, you can failover to the secondary site and resume operations with minimal downtime. -+ A Recovery Services vault stores your backup data and minimizes management overhead. - -## Learn more with self-paced training - -+ [Protect your virtual machines by using Azure Backup](https://learn.microsoft.com/training/modules/protect-virtual-machines-with-azure-backup/). Use Azure Backup to help protect on-premises servers, virtual machines, SQL Server, Azure file shares, and other workloads. -+ [Protect your Azure infrastructure with Azure Site Recovery](https://learn.microsoft.com/en-us/training/modules/protect-infrastructure-with-site-recovery/). Provide disaster recovery for your Azure infrastructure by customizing replication, failover, and failback of Azure virtual machines with Azure Site Recovery. diff --git a/New Instructions/Lab/LAB_11-Implement_Monitoring.md b/New Instructions/Lab/LAB_11-Implement_Monitoring.md deleted file mode 100644 index 8043f300..00000000 --- a/New Instructions/Lab/LAB_11-Implement_Monitoring.md +++ /dev/null @@ -1,265 +0,0 @@ ---- -lab: - title: 'Lab 11: Implement Monitoring' - module: 'Administer Monitoring' ---- - -# Lab 11 - Implement Monitoring - -## Lab introduction - -In this lab, you learn about Azure Monitor. You learn to create an alert and send it to an action group. You trigger and test the alert and check the activity log. - -This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using **East US**. - -## Estimated timing: 40 minutes - -## Lab scenario - -Your organization has migrated their infrastructure to Azure. It is important that Administrators are notified of any significant infrastructure changes. You plan to examine the capabilities of Azure Monitor, including Log Analytics. - -## Interactive lab simulation - -There is an interactive lab simulation that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required. - -+ [Implement monitoring](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%2017). Create a Log Analytics workspace and Azure-automation solutions. Review monitoring and diagnostic settings for virtual machines. Review Azure Monitor and Log Analytics functionality. - -## Architecture diagram - -![Diagram of the architecture tasks](../media/az104-lab11-architecture.png) - -## Job skills - -+ Task 1: Use a template to provision an infrastructure. -+ Task 2: Create an alert. -+ Task 3: Configure action group notifications. -+ Task 4: Trigger an alert and confirm it is working. -+ Task 5: Configure an alert processing rule. -+ Task 6: Use Azure Monitor log queries. - -## Task 1: Use a template to provision an infrastructure - -In this task, you will deploy a virtual machine that will be used to test monitoring scenarios. - -1. If necessary, download the **\\Allfiles\\Lab11\\az104-11-vm-template.json** lab files to your computer. - -1. Sign in to the **Azure portal** - `https://portal.azure.com`. - -1. From the Azure portal, search for and select `Deploy a custom template`. - -1. On the custom deployment page, select **Build you own template in the editor**. - -1. On the edit template page, select **Load file**. - -1. Locate and select the **\\Allfiles\\Labs11\\az104-11-vm-template.json** file and select **Open**. - -1. Select **Save**. - -1. Use the following information to complete the custom deployment fields, leaving all other fields with their default values: - - | Setting | Value | - | --- | --- | - | Subscription | Your Azure subscription | - | Resource group| `az104-rg11` (If necessary, select **Create new**) - | Region | **East US** | - | Username | `localadmin` | - | Password | Provide a complex password | - -1. Select **Review + Create**, then select **Create**. - -1. Wait for the deployment to finish, then click **Go to resource group**. - -1. Review what resources were deployed. There should be one virtual network with one virtual machine. - -**Configure Azure Monitor for virtual machines (this will be used in the last task)** - -1. In the portal, search for and select **Monitor**. - -1. Take a minute to review all the insights, detection, triage, and diagnosis tools that are available. - -1. Select **View** in the **VM Insights** box, and then select **Configure Insights**. - -1. Select your virtual machine, and then **Enable** (twice). - -1. Take the defaults for subscription and data collection rules, then select **Configure**. - -1. It will take a few minutes for the virtual machine agent to install and configure, proceed to the next step. - -## Task 2: Create an alert - -In this task, you create an alert for when a virtual machine is deleted. - -1. Continue on the **Monitor** page , select **Alerts**. - -1. Select **Create +** and select **Alert rule**. - -1. Select the box for the resource group, then select **Apply**. This alert will apply to any virtual machines in the resource group. Alternatively, you could just specify one particular machine. - -1. Select the **Condition** tab and then select the **See all signals** link. - -1. Search for and select **Delete Virtual Machine (Virtual Machines)**. Notice the other built-in signals. Select **Apply** - -1. In the **Alert logic** area (scroll down), review the **Event level** selections. Leave the default of **All selected**. - -1. Review the **Status** selections. Leave the default of **All selected**. - -1. Leave the **Create an alert rule** pane open for the next task. - -## Task 3: Configure action group notifications - -In this task, if the alert is triggered send an email notification to the operations team. - -1. Continue working on your alert. Select **Next: Actions**, and then select **Create action group**. - - >**Did you know?** You can add up to five action groups to an alert rule. Action groups are executed concurrently, in no specific order. Multiple alert rules can use the same action group. - -1. On the **Basics** tab, enter the following values for each setting. - - | Setting | Value | - |---------|---------| - | **Project details** | - | Subscription | your subscription | - | Resource group | **az104-rg11** | - | Region | **Global** (default) | - | **Instance details** | - | Action group name | `Alert the operations team` (must be unique in the resource group) | - | Display name | `AlertOpsTeam` | - -1. Select **Next: Notifications** and enter the following values for each setting. - - | Setting | Value | - |---------|---------| - | Notification type | Select **Email/SMS message/Push/Voice** | - | Name | `VM was deleted` | - -1. Select **Email**, and in the **Email** box, enter your email address, and then select **OK**. - - >**Note:** You should receive an email notification saying you were added to an action group. There may be a few minutes delay, but that is a sure sign the rule has deployed. - -1. Once the action group is created move to the **Next: Details** tab and enter the following values for each setting. - - | Setting | Value | - |---------|---------| - | Alert rule name | `VM was deleted` | - | Alert rule description | `A VM in your resource group was deleted` | - -1. Select **Review + create** to validate your input, then select **Create**. - -## Task 4: Trigger an alert and confirm it is working - -In this task, you trigger the alert and confirm a notification is sent. - ->**Note:** If you delete the virtual machine before the alert rule deploys, the alert rule might not be triggered. - -1. In the portal, search for and select **Virtual machines**. - -1. Check the box for the **az104-vm0** virtual machine. - -1. Select **Delete** from the menu bar. - -1. Check the box for **Apply force delete**. Enter `delete` to confirm and then select **Delete**. - -1. In the title bar, select the **Notifications** icon and wait until **vm0** is successfully deleted. - -1. You should receive a notification email that reads, **Important notice: Azure Monitor alert VM was deleted was activated...** If not, open your email program and look for an email from azure-noreply@microsoft.com. - - ![Screenshot of alert email.](../media/az104-lab11-alert-email.png) - -1. On the Azure portal resource menu, select **Monitor**, and then select **Alerts** in the menu on the left. - -1. You should have three verbose alerts that were generated by deleting **vm0**. - - >**Note:** It can take a few minutes for the alert email to be sent and for the alerts to be updated in the portal. If you don't want to wait, continue to the next task and then return. - -1. Select the name of one of the alerts (For example, **VM was deleted**). An **Alert details** pane appears that shows more details about the event. - -## Task 5: Configure an alert processing rule - -In this task, you create an alert rule to suppress notifications during a maintenance period. - -1. Continue in the **Alerts** blade, select **Alert processing rules** and then **+ Create**. - -1. Select your **resource group**, then select **Apply**. - -1. Select **Next: Rule settings**, then select **Suppress notifications**. - -1. Select **Next: Scheduling**. - -1. By default, the rule works all the time, unless you disable it or configure a schedule. You are going to define a rule to suppress notifications during overnight maintenance. -Enter these settings for the scheduling of the alert processing rule: - - | Setting | Value | - |---------|---------| - | Apply the rule | At a specific time | - | Start | Enter today's date at 10 pm. | - | End | Enter tomorrow's date at 7 am. | - | Time zone | Select the local timezone. | - - ![Screenshot of the scheduling section of an alert processing rule](../media/az104-lab11-alert-processing-rule-schedule.png) - -1. Select **Next: Details** and enter these settings: - - | Setting | Value | - |---------|---------| - | Resource group | **az104-rg11** | - | Rule name | `Planned Maintenance` | - | Description | `Suppress notifications during planned maintenance.` | - -1. Select **Review + create** to validate your input, then select **Create**. - -## Task 6: Use Azure Monitor log queries - -In this task, you will use Azure Monitor to query the data captured from the virtual machine. - -1. In the Azure portal, search for and select `Monitor` blade, click **Logs**. - -1. If necessary close the splash screen. - -1. Select a scope, your **resource group**. Select **Apply**. - -1. In the **Queries** tab, select **Virtual machines** (left pane). - -1. Review the queries that are available. **Run** (hover over the query) the **Count heartbeats** query. - -1. You should receive a heartbeat count for when the virtual machine was running. - -1. Review the query. This query uses the *heartbeat* table. - -1. Replace the query with this one, and then click **Run**. Review the resulting chart. - - ``` - InsightsMetrics - | where TimeGenerated > ago(1h) - | where Name == "UtilizationPercentage" - | summarize avg(Val) by bin(TimeGenerated, 5m), Computer //split up by computer - | render timechart - ``` - -1. As you have time, review and run other queries. - - >**Did you know?**: If you want to practice with other queries, there is a [Log Analytics Demo Environment](https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-tutorial#open-log-analytics). - - >**Did you know?**: Once you find a query you like, you can create an alert from it. - -## Cleanup your resources - -If you are working with **your own subscription** take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group. - -+ In the Azure portal, select the resource group, select **Delete the resource group**, **Enter resource group name**, and then click **Delete**. -+ Using Azure PowerShell, `Remove-AzResourceGroup -Name resourceGroupName`. -+ Using the CLI, `az group delete --name resourceGroupName`. - -## Key takeaways - -Congratulations on completing the lab. Here are the main takeaways for this lab. - -+ Alerts help you detect and address issues before users notice there might be a problem with your infrastructure or application. -+ You can alert on any metric or log data source in the Azure Monitor data platform. -+ An alert rule monitors your data and captures a signal that indicates something is happening on the specified resource. -+ An alert is triggered if the conditions of the alert rule are met. Several actions (email, SMS, push, voice) can be triggered. -+ Action groups include individuals that should be notified of an alert. - -## Learn more with self-paced training - -+ [Improve incident response with alerting on Azure](https://learn.microsoft.com/en-us/training/modules/incident-response-with-alerting-on-azure/). Respond to incidents and activities in your infrastructure through alerting capabilities in Azure Monitor. -+ [Monitor your Azure virtual machines with Azure Monitor](https://learn.microsoft.com/en-us/training/modules/monitor-azure-vm-using-diagnostic-data/). Monitor your Azure VMs by using Azure Monitor to collect and analyze VM host and client metrics and logs. diff --git a/New Instructions/delete.md b/New Instructions/delete.md deleted file mode 100644 index c8b1b423..00000000 --- a/New Instructions/delete.md +++ /dev/null @@ -1 +0,0 @@ -delete diff --git a/New Instructions/media/az104-lab01-architecture.png b/New Instructions/media/az104-lab01-architecture.png deleted file mode 100644 index b50dc00d..00000000 Binary files a/New Instructions/media/az104-lab01-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab01-create-assigned-group.png b/New Instructions/media/az104-lab01-create-assigned-group.png deleted file mode 100644 index ffe9bd99..00000000 Binary files a/New Instructions/media/az104-lab01-create-assigned-group.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02a-architecture.png b/New Instructions/media/az104-lab02a-architecture.png deleted file mode 100644 index 2e20db7c..00000000 Binary files a/New Instructions/media/az104-lab02a-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02a-clone-role.png b/New Instructions/media/az104-lab02a-clone-role.png deleted file mode 100644 index a727078c..00000000 Binary files a/New Instructions/media/az104-lab02a-clone-role.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02a-searchactivitylog.png b/New Instructions/media/az104-lab02a-searchactivitylog.png deleted file mode 100644 index 0b3124ff..00000000 Binary files a/New Instructions/media/az104-lab02a-searchactivitylog.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02b-architecture.png b/New Instructions/media/az104-lab02b-architecture.png deleted file mode 100644 index 443e010f..00000000 Binary files a/New Instructions/media/az104-lab02b-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02b-failuretodelete.png b/New Instructions/media/az104-lab02b-failuretodelete.png deleted file mode 100644 index d00f549b..00000000 Binary files a/New Instructions/media/az104-lab02b-failuretodelete.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02b-policyerror.png b/New Instructions/media/az104-lab02b-policyerror.png deleted file mode 100644 index 69c909b9..00000000 Binary files a/New Instructions/media/az104-lab02b-policyerror.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02b-policyremediation.png b/New Instructions/media/az104-lab02b-policyremediation.png deleted file mode 100644 index 17c5123d..00000000 Binary files a/New Instructions/media/az104-lab02b-policyremediation.png and /dev/null differ diff --git a/New Instructions/media/az104-lab02b-policytags.png b/New Instructions/media/az104-lab02b-policytags.png deleted file mode 100644 index 60ce84a2..00000000 Binary files a/New Instructions/media/az104-lab02b-policytags.png and /dev/null differ diff --git a/New Instructions/media/az104-lab03-architecture.png b/New Instructions/media/az104-lab03-architecture.png deleted file mode 100644 index 713fbf63..00000000 Binary files a/New Instructions/media/az104-lab03-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab03-cloudshell-icon.png b/New Instructions/media/az104-lab03-cloudshell-icon.png deleted file mode 100644 index e1ed79d1..00000000 Binary files a/New Instructions/media/az104-lab03-cloudshell-icon.png and /dev/null differ diff --git a/New Instructions/media/az104-lab04-architecture.png b/New Instructions/media/az104-lab04-architecture.png deleted file mode 100644 index 7cae69ac..00000000 Binary files a/New Instructions/media/az104-lab04-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-architecture.png b/New Instructions/media/az104-lab05-architecture.png deleted file mode 100644 index e58f5bf5..00000000 Binary files a/New Instructions/media/az104-lab05-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-connection-troubleshoot.png b/New Instructions/media/az104-lab05-connection-troubleshoot.png deleted file mode 100644 index 7147c891..00000000 Binary files a/New Instructions/media/az104-lab05-connection-troubleshoot.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-createcorevm.png b/New Instructions/media/az104-lab05-createcorevm.png deleted file mode 100644 index 6902be43..00000000 Binary files a/New Instructions/media/az104-lab05-createcorevm.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-fail.png b/New Instructions/media/az104-lab05-fail.png deleted file mode 100644 index 3bc4320b..00000000 Binary files a/New Instructions/media/az104-lab05-fail.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-peering.png b/New Instructions/media/az104-lab05-peering.png deleted file mode 100644 index 25ed551d..00000000 Binary files a/New Instructions/media/az104-lab05-peering.png and /dev/null differ diff --git a/New Instructions/media/az104-lab05-success.png b/New Instructions/media/az104-lab05-success.png deleted file mode 100644 index d0fde6cd..00000000 Binary files a/New Instructions/media/az104-lab05-success.png and /dev/null differ diff --git a/New Instructions/media/az104-lab06-appgw-rule.png b/New Instructions/media/az104-lab06-appgw-rule.png deleted file mode 100644 index 6ab43fa2..00000000 Binary files a/New Instructions/media/az104-lab06-appgw-rule.png and /dev/null differ diff --git a/New Instructions/media/az104-lab06-create-appgw.png b/New Instructions/media/az104-lab06-create-appgw.png deleted file mode 100644 index 819e01b5..00000000 Binary files a/New Instructions/media/az104-lab06-create-appgw.png and /dev/null differ diff --git a/New Instructions/media/az104-lab06-create-lb1.png b/New Instructions/media/az104-lab06-create-lb1.png deleted file mode 100644 index e2096c4c..00000000 Binary files a/New Instructions/media/az104-lab06-create-lb1.png and /dev/null differ diff --git a/New Instructions/media/az104-lab06-gw-architecture.png b/New Instructions/media/az104-lab06-gw-architecture.png deleted file mode 100644 index 0f3ed1a6..00000000 Binary files a/New Instructions/media/az104-lab06-gw-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab06-lb-architecture.png b/New Instructions/media/az104-lab06-lb-architecture.png deleted file mode 100644 index 6dfc37ee..00000000 Binary files a/New Instructions/media/az104-lab06-lb-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab07-architecture.png b/New Instructions/media/az104-lab07-architecture.png deleted file mode 100644 index 7b883425..00000000 Binary files a/New Instructions/media/az104-lab07-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab07-create-container.png b/New Instructions/media/az104-lab07-create-container.png deleted file mode 100644 index 028ae3d0..00000000 Binary files a/New Instructions/media/az104-lab07-create-container.png and /dev/null differ diff --git a/New Instructions/media/az104-lab07-create-share.png b/New Instructions/media/az104-lab07-create-share.png deleted file mode 100644 index f4791e94..00000000 Binary files a/New Instructions/media/az104-lab07-create-share.png and /dev/null differ diff --git a/New Instructions/media/az104-lab07-movetocool.png b/New Instructions/media/az104-lab07-movetocool.png deleted file mode 100644 index a1fcd983..00000000 Binary files a/New Instructions/media/az104-lab07-movetocool.png and /dev/null differ diff --git a/New Instructions/media/az104-lab07-notauthorized.png b/New Instructions/media/az104-lab07-notauthorized.png deleted file mode 100644 index ff919f15..00000000 Binary files a/New Instructions/media/az104-lab07-notauthorized.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-create-vm.png b/New Instructions/media/az104-lab08-create-vm.png deleted file mode 100644 index 0ce357bd..00000000 Binary files a/New Instructions/media/az104-lab08-create-vm.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-create-vmss.png b/New Instructions/media/az104-lab08-create-vmss.png deleted file mode 100644 index b10c2070..00000000 Binary files a/New Instructions/media/az104-lab08-create-vmss.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-resize-vm.png b/New Instructions/media/az104-lab08-resize-vm.png deleted file mode 100644 index 04cce830..00000000 Binary files a/New Instructions/media/az104-lab08-resize-vm.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-scale-rule.png b/New Instructions/media/az104-lab08-scale-rule.png deleted file mode 100644 index c133517e..00000000 Binary files a/New Instructions/media/az104-lab08-scale-rule.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-vm-architecture.png b/New Instructions/media/az104-lab08-vm-architecture.png deleted file mode 100644 index 420f1ec5..00000000 Binary files a/New Instructions/media/az104-lab08-vm-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-vmss-architecture.png b/New Instructions/media/az104-lab08-vmss-architecture.png deleted file mode 100644 index 5e6fb90b..00000000 Binary files a/New Instructions/media/az104-lab08-vmss-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab08-vmss-resize.png b/New Instructions/media/az104-lab08-vmss-resize.png deleted file mode 100644 index 679b9853..00000000 Binary files a/New Instructions/media/az104-lab08-vmss-resize.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09a-architecture.png b/New Instructions/media/az104-lab09a-architecture.png deleted file mode 100644 index 0b51477d..00000000 Binary files a/New Instructions/media/az104-lab09a-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09a-autoscale.png b/New Instructions/media/az104-lab09a-autoscale.png deleted file mode 100644 index 0617b592..00000000 Binary files a/New Instructions/media/az104-lab09a-autoscale.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09b-aca-architecture.png b/New Instructions/media/az104-lab09b-aca-architecture.png deleted file mode 100644 index 13103469..00000000 Binary files a/New Instructions/media/az104-lab09b-aca-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09b-aca-overview.png b/New Instructions/media/az104-lab09b-aca-overview.png deleted file mode 100644 index b34d8342..00000000 Binary files a/New Instructions/media/az104-lab09b-aca-overview.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09b-aci-architecture.png b/New Instructions/media/az104-lab09b-aci-architecture.png deleted file mode 100644 index 756cffbe..00000000 Binary files a/New Instructions/media/az104-lab09b-aci-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab09b-aci-overview.png b/New Instructions/media/az104-lab09b-aci-overview.png deleted file mode 100644 index 7ab17d92..00000000 Binary files a/New Instructions/media/az104-lab09b-aci-overview.png and /dev/null differ diff --git a/New Instructions/media/az104-lab10-architecture.png b/New Instructions/media/az104-lab10-architecture.png deleted file mode 100644 index b85c3de2..00000000 Binary files a/New Instructions/media/az104-lab10-architecture.png and /dev/null differ diff --git a/New Instructions/media/az104-lab10-backup-policy.png b/New Instructions/media/az104-lab10-backup-policy.png deleted file mode 100644 index 13dee4a6..00000000 Binary files a/New Instructions/media/az104-lab10-backup-policy.png and /dev/null differ diff --git a/New Instructions/media/az104-lab10-create-rsv.png b/New Instructions/media/az104-lab10-create-rsv.png deleted file mode 100644 index bc1d77a4..00000000 Binary files a/New Instructions/media/az104-lab10-create-rsv.png and /dev/null differ diff --git a/New Instructions/media/az104-lab10-replicated-items.png b/New Instructions/media/az104-lab10-replicated-items.png deleted file mode 100644 index ddd8be97..00000000 Binary files a/New Instructions/media/az104-lab10-replicated-items.png and /dev/null differ diff --git a/New Instructions/media/az104-lab11-alert-email.png b/New Instructions/media/az104-lab11-alert-email.png deleted file mode 100644 index 874fc0b0..00000000 Binary files a/New Instructions/media/az104-lab11-alert-email.png and /dev/null differ diff --git a/New Instructions/media/az104-lab11-alert-processing-rule-schedule.png b/New Instructions/media/az104-lab11-alert-processing-rule-schedule.png deleted file mode 100644 index 02c7ce41..00000000 Binary files a/New Instructions/media/az104-lab11-alert-processing-rule-schedule.png and /dev/null differ diff --git a/New Instructions/media/az104-lab11-architecture.png b/New Instructions/media/az104-lab11-architecture.png deleted file mode 100644 index 0ce8e44d..00000000 Binary files a/New Instructions/media/az104-lab11-architecture.png and /dev/null differ