Azure Classroom Series – 28/Mar/2021

Application Security Groups (ASG)

• ASGs help to manage security of virtual machines by grouping them according to the applications that run on them
• So lets try this sample
  • Create a virtual with 4 subnets
    • subnet1
    • subnet2
    • subnet3
    • subnet4
  • Create 3 ASG (WebServers, AppServers, DbServers)
  • Now lets create a NSG which allows
    • traffic from anywhere in to webservers on port 80,22
    • traffic from webservers to appserver on port 8080
    • traffic from appservers to dbservers on port 3306/1433
    • allow ping with same restrictions
    • deny the rest of the traffic
  • Create 3 linux vms in any subnets of your choice
    • Create a linux vm for webserver functionality and once the vm is created then navigate to the networking section and configure this vm as webserver
    • Create one more linux vm in any subnet and configure this vm as AppServer in the ASG Section
    • Create one more linux vm in any subnet and configure this vm as DbServer in Asg section
    • for the all vms use the same network security group

Scenario:

• Create two vnets in two different resource groups (two different locations) as shown below
• Create a resource group
• If we create vms in two different vnets they can communicate over public ip but that uses internet. Our requirement is to enable communication b/w two vnets over private ip addresses
• Enabling private communication b/w virtual networks in Azure is referred as vnet peering
• Now lets create one vm in network1 and one vm in network2
• Once the vm’s are created, try to login into one vm and then try to login from that vm in network to network2 using private ip address
• There is no private connectivity. Now lets navigate to the network1 and select peering
• Now lets try to login back using private ip address which failed earlier
• Ideally you should make changes in the nsg to allow the communication from the cidr range of network1 in network and viceversa