Azure Networking Contd…

Network Security Groups Contd

• Creating vnet with 3 subnets (web,app,db) and a vm in each subnet
  
• Initially create 3 nsg with default rules
  • webnsg
  • appnsg
  • dbnsg
    
• Lets create a public ip address Refer Here
• vm in web subnet will have public ip and rest will have no public ips
  • vm in db subnet
    
  • vm in app subnet
    
  • vm in web subnet
    
• Lets try checking the network connectivity with ping which requires icmp protocol
• Lets enable icmp for all ip addresses in web sg
  
  
• Try ssh connectivity with web vm and it will fail as there is no nsg rule for 22 port
  
• Lets add 22 port connectivity for web vm and icmp for app and db vms
  
• Within network i.e. intra ntwork all the communications are enabled (icmp/tcp/udp)
• Any vm/system present in public network which helps in connecting the vms in private is called as Bastion/JumpBox
• Azure has a service called as Azure Bastion which helps in connecting the machines in private from Azure portal.

Azure Bastion

• Create a network with two subnets and two vms without public ip’s
  
• After creating this network deploy bastion
  
• Once the Bastion is deployed, navigate to private vm and connect using bastion