CST8248 – Emerging Technologies

Lab5 –Azure Cloud

Explore Azure Cloud offerings and migrate existing on premise assets into the cloud.

Purpose:

In the previous labs you learn how to setup the initial infrastructure in an enterprise, you have setup
deployed ESXI hosts as a virtualization platform, you clustered the hosts with vCenter for better usage
of you environment, you also setup the basic infrastructure servers such as Domain controller for
users and machined authentication, DNS servers for name resolutions as other servers such as web
server, backup servers, and more

The purpose of this lab you will learn how enterprise start planning to leveraging the public cloud
such as Microsoft Azure to either expand their infrastructure and take benefit of the hybrid benefit.

Equipment:
 Azure for Students Subscription

Objectives:
 Document all decisions (ie. Platform, networking,), any pain points (ie. Errors encountered
during install), troubleshooting steps, and final configurations. Keep this documentation handy
while working as it must be updated during each lab class. Your professor will ask to see you
documentation to review with you or help solve problems in the lab
 Explore the Azure interface.
 Explore Governance in public cloud
o Policies
o RBAC
 Deploy a VM in Azure running PostGreSQL
 Deploy a Web App in Azure
 Create a web server into the Azure cloud.
 Connect your web server to your database VM,
 Securing the communication between the Web front end and the backend leveraging Network
Security Group

NOTE: Storage, Compute and Networking all affect your cost. Choose the appropriate SKU for your

For each step of the lab you will find a link explaining how to perform the task using the web portal,
however the web portal is not the only way to perform the task, you have the option between,
PowerShell, ARM template, CLI, and more.

I encourage you to learn more about any of the above options

After you login to your Azure subscription, follow the following steps
1- Create a resource Group
a. https://docs.microsoft.com/en-us/Azure/Azure-resource-
manager/management/manage-resource-groups-portal#create-resource-groups
2- Create VNET
a. https://docs.microsoft.com/en-us/Azure/virtual-network/quick-create-portal
3- Create Subnets in VNET
a. You need to create 2 subnets (FrontEnd , BackEnd)https://docs.microsoft.com/en-
us/Azure/virtual-network/virtual-network-manage-subnet
4- In lab 2 you have created a web server , you need to prepare this VM to be uploaded to Azure ,
in an enterprise environment you use the Azure migrate to replicate the VM to Azure , in our
case we will migrate the VM offline by converting the VMDK to Azure HD
a. Web Server this machine will have 2 network interfaces, public and private the private
interface will reside in the FrontEnd Subnet
i. Due to the credit restriction in Azure please use B2s SKU
ii. Create Linux Virtual Machine in Azure this machine will be the Web Server :-
https://docs.microsoft.com/en-us/Azure/virtual-machines/linux/quick-create-
portal
b. Database this machine will have on Network interface, the network interface will reside
in the backEnd subnet
i. Due to the credit restriction in Azure please use B2s SKU
1. Create Linux Virtual Machine in Azure this machine will be the database
:- https://docs.microsoft.com/en-us/Azure/virtual-
machines/linux/quick-create-portal
ii. Install PostgresSQL on Linux :- https://docs.microsoft.com/en-us/Azure/virtual-
machines/linux/postgresql-install
c. Security :- you need to secure the traffic between both subnets , you only need to allow
port 22 for SSH , port 5432 for postgres
i. Create NSG : https://docs.microsoft.com/en-us/Azure/virtual-network/manage-
network-security-group
5- Connecting the web front with Postgres

https://mherman.org/blog/postgresql-and-nodejs/
 Public IP
allow Access to
SSH and HTTP

VNET

FE_NG:- Allow SSH and

Web Server Postgres traffic to BackEnd
(FrontEnd) Subnet
FrontEnd FE_NSG
Subnet FE_BE:- Allow SSH and Postgres
Traffic from FrontEnd Server

Public IP :- Dynamic

DB Server BackEnd BE_NSG

(BackEnd) Subnet

Figure1: End State Topology

deployment. Avoid over=provisioning your Azure infrastructure to reduce cost.

Landmarks:
 How much does your deployment cost? (Use the Azure reporting mechanism if possible.
Otherwise estimate cost based upon information provided to you)

 What is Azure Monitor and what kind of features does it provide?
 What are resource groups?
 What are Network Security Groups?
 How do you Manage DNS in Azure?
 How do you Manage IP addressing in Azure?

Rubric:

Azure VM Database Server, vApp, and Lift and Shift

All connections established

Landmark Questions answered.

Deployment notes documented and source information cited

Discuss findings from landmarks with your lab instructor.