Study/AZ-104-MicrosoftAzureAdministrator
1
0
Fork 0
mirror of https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator.git synced 2026-02-05 16:19:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
AZ-104-MicrosoftAzureAdmini.../New Instructions/Lab/LAB_05-Implement_Intersite_Connectivity.md

12 KiB
Raw Blame History

lab
lab
title module
Lab 05: Implement Intersite Connectivity Administer Intersite Connectivity

Lab 05 - Implement Intersite Connectivity

Lab introduction

In this lab you will explore communication between virtual networks. You will implement virtual network peering and run remote commands to test connections.

This lab requires an Azure subscription. Your subscription type may affect the availability of features in this lab. You may change the region, but the steps are written using East US.

Estimated time: 30 minutes

Lab scenario

Your organization segments core IT apps and services (such as DNS and security services) from other parts of the business, including your manufacturing department. However, in some scenarios, apps and services in the core area need to communicate with apps and services in the manufacturing area. In this lab, you configure connectivity between the segmented areas. This is a common scenario for separating production from development or separating one subsidiary from another.

Interactive lab simulations

There are several interactive lab simulations that you might find useful for this topic. The simulation lets you to click through a similar scenario at your own pace. There are differences between the interactive simulation and this lab, but many of the core concepts are the same. An Azure subscription is not required.

Architecture diagram

Lab 05 architecture diagram

Tasks

  • Task 1: Create a core services virtual machine and virtual network.
  • Task 2: Create a manufacturing services virtual machine and virtual network.
  • Task 3: Test the connection between the virtual machines.
  • Task 4: Create VNet peerings between the virtual networks.
  • Task 5: Retest the connection between the virtual machines.

Task 1: Create a core services virtual machine and virtual network

In this task, we create a core services virtual network with a virtual machine.

  1. Sign in to the Azure portal - https://portal.azure.com.

  2. Search for and select Virtual Machines.

  3. From the virtual machines page, select Create then select Azure Virtual Machine.

  4. On the Basics tab, use the following information to complete the form, and then select Next: Disks >. For any setting not specified, leave the default value.

    Setting Value
    Subscription your subscription
    Resource group az104-rg5 (If necessary, select Create new. Use this group for all your lab resources.)
    Virtual machine name CoreServicesVM
    Region East US
    Availability options No infrastructure redundancy required
    Image Windows Server 2019 Datacenter: x64 Gen2
    Size Standard_DS2_v3
    Username localadmin
    Password Provide a complex password

    Screenshot of Basic virtual machine creation page.

  5. On the Disks tab, set the OS disk type to Standard HDD, and then select Next: Networking >.

  6. On the Networking tab, for Virtual network, select Create new.

  7. Use the following information to configure the virtual network, and then select Ok. If necessary, remove or replace the existing address range.

    Setting Value
    Name CoreServicesVNet (Create new)
    Address space 10.0.0.0/16
    Subnet Name Core
    Subnet address range 10.0.0.0/24

  8. Select the Monitoring tab. For Boot Diagnostics, select Disable.

  9. Select Review + Create, and then select Create.

  10. You do not need to wait for the resources to be created. Continue on to the next task.

    Note: Did you notice in this task you created the virtual network when you created the virtual machine?

Task 2: Create a manufacturing services virtual machine and virtual network

In this task, we create a manufacturing services virtual network with a virtual machine.

  1. From the Azure portal, search for and navigate to Virtual Machines.

  2. From the virtual machines page, select Create then select Azure Virtual Machine.

  3. On the Basics tab, use the following information to complete the form, and then select Next: Disks >. For any setting not specified, leave the default value.

    Setting Value
    Subscription your subscription
    Resource group az104-rg5
    Virtual machine name ManufacturingVM
    Region East US
    Availability options No infrastructure redundancy required
    Image Windows Server 2019 Datacenter: x64 Gen2
    Size Standard_DS2_v3
    Username localadmin
    Password Provide a complex password

  4. On the Disks tab, set the OS disk type to Standard HDD, and then select Next: Networking >.

  5. On the Networking tab, for Virtual network, select Create new.

  6. Use the following information to configure the virtual network, and then select Ok. If necessary, remove or replace the existing address range.

    Setting Value
    Name ManufacturingVNet
    Address space 172.16.0.0/16
    Subnet Name Manufacturing
    Subnet address range 172.16.0.0/24

  7. Select the Monitoring tab. For Boot Diagnostics, select Disable.

  8. Select Review + Create, and then select Create.

Task 3: Test the connection between the virtual machines

In this task, you test the connection between the virtual machines in different virtual networks.

Verify the private IP address of the CoreServicesVM

  1. From the Azure portal, search for and select the CoreServicesVM virtual machine.

  2. On the Overview blade, in the Networking section, record the Private IP address of the machine. You need this information to test the connection.

Test the connection to the CoreServicesVM from the ManufacturingVM.

  1. In the portal, select for and select the ManufacturingVM virtual machine.

  2. In the Operations section, select the Run command blade.

  3. Select RunPowerShellScript and run the Test-NetConnection command. Be sure to use the private IP address of the CoreServicesVM.

     Test-NetConnection <CoreServicesVM private IP address> -port 3389

  4. It may take a couple of minutes for the script to run. The top of the page shows an informational message Script execution in progress.

  5. The test connection should fail. Virtual machines in different virtual networks should, by default, not be able to communicate.

    PowerShell window with Test-NetConnection failed.

Task 4: Create VNet peerings between the virtual networks

In this task, you create virtual network peerings to enable communications between VNets.

  1. In the Azure portal, select Virtual Networks, and then select CoreServicesVnet.

  2. In CoreServicesVnet, under Settings, select Peerings.

  3. On CoreServicesVnet | Peerings, select + Add.

  4. Use the information in the following table to create the peering.

    Section Option Value
    This virtual network
    Peering link name CoreServicesVnet-to-ManufacturingVnet
    Allow Allow CoreServicesVNet to access the peered virtual network selected (default)
    Allow CoreServicesVNet to receive forwarded traffic from the peered virtual network selected
    Enable CoreServicesVNet to use the peered virtual networks' remote gateway Not selected (default)
    Remote virtual network
    Peering link name ManufacturingVnet-to-CoreServicesVnet
    Virtual network deployment model Resource manager
    I know my resource ID Not selected
    Subscription your subscription
    Virtual network ManufacturingVnet
    Allow ManufacturingVNet to access CoreServicesVNet selected (default)
    Allow ManufacturingVNet to receive forwarded traffic from CoreServicesVNet selected
    Enable ManufacturingVNet to use CoreServicesVNet's remote gateway Not selected (default)

  5. Review your settings and select Add.

    Screenshot of peering page.

  6. In CoreServicesVnet | Peerings, verify that the CoreServicesVnet-to-ManufacturingVnet peering is listed. Refresh the page to ensure the Peering status is Connected.

  7. Switch to the ManufacturingVnet and verify the ManufacturingVnet-to-CoreServicesVnet peering is listed. Ensure the Peering status is Connected.

Task 5: Test the connection between the VMs

In this task, you verify the virtual machines in different virtual networks can communicate with each other.

  1. Search for and select the ManufacturingVM.

  2. In the Operations section, select the Run command blade.

  3. Select RunPowerShellScript and add the Test-NetConnection command. Be sure to use the private IP address of the CoreServicesVM.

    Test-NetConnection <CoreServicesVM private IP address> -port 3389

  4. It may take a couple of minutes for the script to run. The top of the page shows an informational icon Script execution in progress.

  5. The test connection should succeed. Powershell window with Test-NetConnection succeeded

Review the main points of the lab

Congratulations on completing the lab. Here are the main takeaways for this lab.

  • By default, resources in different virtual networks cannot communicate.
  • Virtual network peering enables you to seamlessly connect two or more virtual networks in Azure.
  • Peered virtual networks appear as one for connectivity purposes.
  • The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure.

Cleanup your resources

If you are working with your own subscription take a minute to delete the lab resources. This will ensure resources are freed up and cost is minimized. The easiest way to delete the lab resources is to delete the lab resource group.

  • In the Azure portal, select the resource group, select Delete the resource group, Enter resource group name, and then click Delete.
  • Using Azure PowerShell, Remove-AzResourceGroup -Name resourceGroupName.
  • Using the CLI, az group delete --name resourceGroupName.