Azure Classroom Series – 22/Mar/2021

Azure supports multiple cidr ranges in the Address for VNet

  • Lets create a azure virtual network
    • address space: 192.168.0.0/22
    • subnets:
      • web: 192.168.0.0/24
      • app: 192.168.1.0/24
      • db: 192.168.2.0/24
      • mgmt: 192.168.3.0/24 Preview Preview Preview
  • Now according to change in architecture we need to add two more subnets
    • DMZ-Public
    • DMZ-Private
  • In Azure address space of VNET is a list of cidr ranges, so we can add more cidr ranges even after creating network to extend the network Preview Preview
  • we can also give other cidr ranges Preview
  • After the address space is saved lets add two more subnets
    • DMZ-Public: 10.100.0.0/24
    • DMZ-Private: 10.100.1.0/24 Preview Preview Preview

Network Security

  • When we create a vm in azure vnet with public it looks as shown below Preview
  • Any one from internet can access the vm once they have public ip
  • This can be both useful and trouble causing scenario.
  • So how can we control access to this vm only to specific users or allowing all the users only on a specific port
  • Azure offers network security which can be applied at the network interface (VM) or at subnet level which is referred as network security group (NSG)
  • We can use Azure NSG to filter network traffic to or from azure resources in a Azure virtual network
  • Just to understand lets quickly create a linux vm in azure Preview Preview
  • Once the vm is created i would like to login into the vm
ssh username@publicip

Preview

  • I’m able to login by providing right credentials
  • Now let me install apache server
sudo apt update
sudo apt install apache2 -y

Preview

  • Now lets install tomcat which works on port 8080
sudo apt install tomcat8 -y
sudo service tomcat8 status
  • Now try to access http://publicip:8080
  • This is not working
  • Lets try to ping Preview
  • So lets try to understand what NSG does and how is it allowing only some ports and protocols

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin