Implement Virtual Networking
Marcelo Leite Gomes
IT Support Analyst | Support End-Users | Helpdesk | Troubleshooting | Infrastructure
Create and configure a virtual network
To create a virtual network with multiple subnets, follow the steps below.
1.?Sign in to the?Azure Portal.
2.?In the Azure portal, search for and select?Virtual networks, and, on the?Virtual networks?blade, click?+ Create.
3.?Create a virtual network with the settings you need.?
4.?Click?Next: IP Addresses. Enter the?Starting address. In our example it?is?10.40.0.0. The?Address space size?is?/20.
5.?Click?+ Add subnet,?enter the values according to your reality, and then click?Add. Accept the defaults and click?Review and Create.
6.?Let validation occur and hit?Create?again to submit your deployment.
Note:?Wait for the virtual network to be provisioned.
7.?Click on?Go to resource.
8.?On the?virtual network blade, click?Subnets?and then click?+ Subnet.
9.?Create a subnet with your settings and click Save.
Deploy virtual machines into the virtual network
You will deploy Azure virtual machines into different subnets of the virtual network by using an ARM template. To do this, follow the steps.
1.?In the Azure portal, open the?Azure Cloud Shell?by clicking on the icon in the top right of the Azure Portal.
2.?If prompted to select either?Bash?or?PowerShell, select?PowerShell.
3.?In the toolbar of the Cloud Shell pane, click the?Upload/Download files?icon, in the drop-down menu, click?Upload. Upload your template and parameters json?into the Cloud Shell home directory.
Note: You must upload each file separately. After uploading, use?dir?to ensure both files were successfully uploaded.
4.?From the Cloud Shell pane, run the following to deploy two virtual machines by using the template and parameter files:
$rgName = 'az104-04-rg1'
New-AzResourceGroupDeployment `
-ResourceGroupName $rgName `
-TemplateFile $HOME/az104-04-vms-loop-template.json `
-TemplateParameterFile $HOME/az104-04-vms-loop-parameters.json
Note: This method of deploying ARM templates uses Azure PowerShell. You can perform the same task by running the equivalent Azure CLI command?az deployment create?(for more information, refer to?Deploy resources with Resource Manager templates and Azure CLI.
Note: Wait for the deployment to complete before proceeding to the next task. This should take about 2 minutes.
5.?Close the Cloud Shell pane.
Configure private and public IP addresses of Azure VMs
Here you will configure static assignment of public and private IP addresses assigned to network interfaces of Azure virtual machines.
Note: Private and public IP addresses are actually assigned to the network interfaces, which, in turn are attached to Azure virtual machines, however, it is fairly common to refer to IP addresses assigned to Azure VMs instead.
1.?In the Azure portal, search for and select?Resource groups, and, on the?Resource groups?blade, click the Resource Group where you have the vnet you want to modify. In our example, it is?az104-04-rg1.
2.?On the?az104-04-rg1?resource group blade, in the list of its resources, click?on the vnet you want to modify. In our case, az104-04-vnet1.
3.?On the?az104-04-vnet1?virtual network blade, review the?Connected devices?section and verify that there are two network interfaces?az104-04-nic0?and?az104-04-nic1?attached to the virtual network.
4.?Click?az104-04-nic0?and, on the?az104-04-nic0?blade, click?IP configurations.
Note: Verify that?ipconfig1?is currently set up with a dynamic private IP address.
5.?In the list IP configurations, click?ipconfig1.
6.?On the?ipconfig1?blade, in the?Public IP address settings?section, select?Associate, click?+ Create new, specify the settings you need it, and click?OK.
7.?On the?ipconfig1?blade, set?Assignment?to?Static, leave the default value of?IP address?set to?10.40.0.4. Click Save.
8.?Back on the?ipconfig1?blade, save the changes. Make sure to wait for the save operation to be completed before you proceed to the next step.
9.?Navigate back to the?az104-04-vnet1?blade.
10.?Click?az104-04-nic1?and, on the?az104-04-nic1?blade, click?IP configurations.
Note: Verify that?ipconfig1?is currently set up with a dynamic private IP address.
11.?In the list IP configurations, click?ipconfig1.
12.?On the?ipconfig1?blade, in the?Public IP address settings?section, select?Associate, click?+ Create new, specify your settings, and click?OK.
13.?On the?ipconfig1?blade, set?Assignment?to?Static, leave the default value of?IP address?set to?10.40.1.4.
14.?Back on the?ipconfig1?blade, save the changes.
15.?Navigate back to the?az104-04-rg1?resource group blade, in the list of its resources, click?az104-04-vm0.
16.?From the?az104-04-vm0?virtual machine blade, note the public IP address entry.
17.?Navigate back to the?az104-04-rg1?resource group blade, in the list of its resources, click?az104-04-vm1, and from the?az104-04-vm1?virtual machine blade, note the public IP address entry.
Configure network security groups
Here you will configure network security groups in order to allow for restricted connectivity to Azure virtual machines.
1. In the Azure portal, search for and select?Network Security Groups, and, on the?Network Security Groups?blade, click?+ Create.
2. Create a network security group with the settings you need.
3. Click?Review and Create. Let validation occur and hit?Create?to submit your deployment.
Note: Wait for the deployment to complete. This should take about 2 minutes.
领英推荐
4. On the deployment blade, click?Go to resource?to open the?az104-04-nsg01?network security group blade.
5. On the?az104-04-nsg01?network security group blade, in the?Settings?section, click?Inbound security rules.
6. Add an inbound rule informing the necessary settings in the Add inbound security rule blade and click Add.
7. On the?az104-04-nsg01?network security group blade, in the?Settings?section, click?Network interfaces?and then click?+ Associate.
8. Associate the?az104-04-nsg01?network security group with the?az104-04-nic0?and?az104-04-nic1?network interfaces.
Note: It may take up to 5 minutes for the rules from the newly created Network Security Group to be applied to the Network Interface Card.
9. Start the?az104-04-vm0?and?az104-04-vm1?virtual machines.
10. Navigate back to the?az104-04-vm0?virtual machine blade.
11. On the?az104-04-vm0?blade, click?Connect.
12. Click?RDP. Click?Download RDP File?using the Public IP address and follow the prompts to start the Remote Desktop session.
Note: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.
13. When prompted, sign in with the user and password.
Configure Azure DNS for internal name resolution
To configure DNS name resolution within a virtual network by using Azure private DNS zones, follow the steps below.
1. In the Azure portal, search for and select?Private DNS zones?and, on the?Private DNS zones?blade, click?+ Create.
2. Create a private DNS zone. Enter the settings you need.
3. Click?Review and Create. Let validation occur and hit?Create?again to submit your deployment.
Note: Wait for the private DNS zone to be created. This should take about 2 minutes.
4. Click?Go to resource?to open the?contoso.org?DNS private zone blade.
5. On the?contoso.org?private DNS zone blade, in the?Settings?section, click?Virtual network links, and then ?+ Add.
6. Create a virtual network link with the settings you need.
7. Click?OK.
Note:?Wait for the virtual network link to be created. This should take less than 1 minute.
8. On the?contoso.org?private DNS zone blade, in the sidebar, click?Overview.
9. Verify that the DNS records for?az104-04-vm0?and?az104-04-vm1?appear in the list of record sets as?Auto registered.
Note:?You might need to wait a few minutes and refresh the page if the record sets are not listed.
10. Switch to the Remote Desktop session to?az104-04-vm0, right-click the?Start?button and, in the right-click menu, click?Windows PowerShell (Admin).
11. In the Windows PowerShell console window, run the following to test internal name resolution in the newly created private DNS zone:
nslookup az104-04-vm0.contoso.org
nslookup az104-04-vm1.contoso.org
12. Verify that the output of the command includes the private IP address of?az104-04-vm1?(10.40.1.4).
Configure Azure DNS for external name resolution
Configure external DNS name resolution by using Azure public DNS zones.
1.?In the Azure portal, search for and select?DNS zones?and, on the?DNS zones?blade, click?+ Create.
2.?Create a DNS zone with the settings you need.
3.?Click?Review and Create. Let validation occur and hit?Create?again to submit your deployment.
Note: Wait for the DNS zone to be created. This should take about 2 minutes.
4.?Click?Go to resource?to open the blade of the newly created DNS zone.
5.?On the DNS zone blade, click?+ Record set.
6.?Add a record set with your necessary settings.
7.?Click?OK.
8.?On the DNS zone blade, click?+ Record set.
9.?Add a record set set with your necessary settings.
10.?Click?OK.
11.?On the DNS zone blade, note the name of the?Name server 1?entry.
12.?In the Azure portal, open the?PowerShell?session in?Cloud Shell?by clicking on the icon in the top right of the Azure Portal.
13.?From the Cloud Shell pane, run the following to test external name resolution of the?az104-04-vm0?DNS record set in the newly created DNS zone (replace the placeholder?[Name server 1]?with the name of?Name server 1?you noted earlier in this task and the?[domain name]?placeholder with the name of the DNS domain you created earlier in this task):
nslookup az104-04-vm0.[domain name] [Name server 1]
14.?Verify that the output of the command includes the public IP address of?az104-04-vm0.
15.?From the Cloud Shell pane, run the following to test external name resolution of the?az104-04-vm1?DNS record set in the the newly created DNS zone (replace the placeholder?[Name server 1]?with the name of?Name server 1?you noted earlier in this task and the?[domain name]?placeholder with the name of the DNS domain you created earlier in this task):
nslookup az104-04-vm1.[domain name] [Name server 1]
16.?Verify that the output of the command includes the public IP address of?az104-04-vm1.