Azure provides a variety of services under its Azure for Students subscription, but not all

services are completely free, especially at the scale described in the above design. Here's a
breakdown of the resources used and what might be free under the Azure Student plan:

Key Features of the Azure for Students Subscription:

 $100 free credit valid for 12 months.

 Access to free services, which includes popular services with limited quotas.
 Services that exceed the free tier or are not included in the free tier will consume the
$100 credit.

Breakdown of Services in Your Design:

1. Resource Group and Virtual Network (VNet):

o Free tier: Creating a virtual network and subnets does not incur additional
charges; it’s generally free.
2. Virtual Machines (VMs):
o Free tier: The Azure for Students subscription provides certain B1S VM sizes
for 750 hours/month (one month of continuous use for one VM). However:
 You’ll be charged for additional VMs or larger VM sizes that are not part
of the free allocation.
 In your design, since you're deploying multiple VMs (e.g., Web, App,
DB), only one VM can be free at the specified size.
 Additional VMs will consume your $100 credit if you go beyond the free
limit.
3. Load Balancer:
o Not included in the free tier: The use of a Standard Load Balancer is not free.
It will consume the credit.
o A Basic Load Balancer has lower costs, but still, it is not entirely free.
4. Public IP Addresses:
o Not included in the free tier: Public IP addresses are not part of the free services
and will consume credit.
o The public IP assigned to your Load Balancer and NAT Gateway will also incur
charges after the free allocation.
5. NAT Gateway:
o Not included in the free tier: The NAT Gateway will incur charges, consuming
part of your credit.
6. Network Security Groups (NSGs):
o Free tier: NSGs do not incur costs, and configuring security rules is free.
7. Storage for Virtual Machines:
o Free tier: You get 5 GB of Blob storage for free, but the disk size of your virtual
machines (OS disk, data disks) will count against the free storage quota.
Additional usage will consume credits.
8. Data Transfer:
 o Free inbound data: Data going into Azure (inbound) is free.
o Outbound data (to the internet): There’s a free allowance of 5 GB/month, and
any additional outbound traffic will consume your credit.

Cost Considerations for Your Design:

 Virtual Machines: Since you’re creating multiple VMs (Web, App, DB), only one small
VM is free for 750 hours/month. The others will consume your $100 credit, depending on
size and duration of use.
 Load Balancer: A load balancer is not free and will use part of your credit.
 Public IP and NAT Gateway: Both services will incur charges.
 Storage: VM storage beyond the free limit of 5 GB of blob storage will also consume
credit.
Steps Overview:

1. Create a resource group.

2. Create a virtual network with three subnets (Web, Application, Database).
3. Create a load balancer for the Web tier.
4. Create VMs in the Web subnet behind the load balancer.
5. Create NAT Gateways for private subnets (Application, Database).
6. Create network security groups (NSGs) for each subnet to control traffic.
7. Associate NSGs with the subnets.

1. Create a Resource Group

bash
Copy code
az group create --name MyResourceGroup --location uksouth

2. Create a Virtual Network with Three Subnets

bash
Copy code
# Create Virtual Network and Web Subnet
az network vnet create \
--name MyVnet \
--resource-group MyResourceGroup \
--address-prefix 10.0.0.0/16 \
--subnet-name WebSubnet \
--subnet-prefix 10.0.1.0/24
# Add Application Subnet
az network vnet subnet create \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name AppSubnet \
--address-prefix 10.0.2.0/24

# Add Database Subnet

az network vnet subnet create \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name DbSubnet \
--address-prefix 10.0.3.0/24

3. Create a Load Balancer for the Web Tier

Step 1: Create a Public IP for Load Balancer

bash
Copy code
az network public-ip create \
--resource-group MyResourceGroup \
--name MyLoadBalancerPublicIP \
--allocation-method Static \
--sku Standard

Step 2: Create the Load Balancer

bash
Copy code
az network lb create \
--resource-group MyResourceGroup \
--name MyLoadBalancer \
--frontend-ip-name MyFrontendIP \
--public-ip-address MyLoadBalancerPublicIP \
--backend-pool-name MyBackendPool

Step 3: Create Load Balancer Health Probe

bash
Copy code
az network lb probe create \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer \
--name MyHealthProbe \
--protocol Tcp \
--port 80

Step 4: Create Load Balancer Rule

bash
Copy code
az network lb rule create \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer \
--name MyHTTPRule \
--protocol Tcp \
--frontend-port 80 \
--backend-port 80 \
--frontend-ip-name MyFrontendIP \
--backend-pool-name MyBackendPool \
--probe-name MyHealthProbe \
--idle-timeout 4 \
--enable-tcp-reset true
4. Create VMs in the Web Subnet and Associate with the Load Balancer

Step 1: Create VMs in the Web Subnet

You will create two VMs (for load balancing) and place them in the Web subnet.

bash
Copy code
# Create VM 1 in Web Subnet
az vm create \
--resource-group MyResourceGroup \
--name WebVM1 \
--vnet-name MyVnet \
--subnet WebSubnet \
--image Ubuntu2204 \
--admin-username azureuser \
--admin-password Niraj98452#### \
--authentication-type password \
--enable-secure-boot true \
--enable-vtpm true \
--nsg WebNSG \
--no-wait

# Create VM 2 in Web Subnet

az vm create \
--resource-group MyResourceGroup \
--name WebVM2 \
--vnet-name MyVnet \
--subnet WebSubnet \
--image Ubuntu2204 \
--admin-username azureuser \
--admin-password Niraj98452#### \
--authentication-type password \
--enable-secure-boot true \
--enable-vtpm true \
--nsg WebNSG \
--no-wait

“”for updating Nat rule of load balancer.

az network nsg rule create --resource-group MyResourceGroup --nsg-name WebNSG --

name AllowSSH --protocol Tcp --direction Inbound --priority 1000 --source-address-
prefixes '*' --source-port-ranges '*' --destination-port-ranges 22 --access Allow “”

Step 2: Add VMs to Load Balancer Backend Pool

bash
Copy code
# Add WebVM1 to Load Balancer Backend Pool
az network nic ip-config address-pool add \
--address-pool MyBackendPool \
--ip-config-name ipconfig1 \
--nic-name WebVM1VMNic \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer

# Add WebVM2 to Load Balancer Backend Pool

az network nic ip-config address-pool add \
--address-pool MyBackendPool \
--ip-config-name ipconfig1 \
--nic-name WebVM2VMNic \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer

5. Create NAT Gateway for Private Subnets

Step 1: Create a Public IP for the NAT Gateway

bash
Copy code
az network public-ip create \
--resource-group MyResourceGroup \
--name NatGatewayPublicIP \
--sku Standard \
--allocation-method Static

Step 2: Create the NAT Gateway

bash
Copy code
az network nat gateway create \
--resource-group MyResourceGroup \
--name MyNatGateway \
--public-ip-addresses NatGatewayPublicIP

Step 3: Associate the NAT Gateway with the Private Subnets (App and Db Subnets)

bash
Copy code
# Associate NAT Gateway with Application Subnet
az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name AppSubnet \
--nat-gateway MyNatGateway

# Associate NAT Gateway with Database Subnet

az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
 --name DbSubnet \
--nat-gateway MyNatGateway

6. Create Network Security Groups (NSGs) to Control Traffic

Step 1: Create NSGs

bash
Copy code
# Create NSG for Web Subnet
az network nsg create \
--resource-group MyResourceGroup \
--name WebNSG

# Create NSG for App Subnet

az network nsg create \
--resource-group MyResourceGroup \
--name AppNSG

# Create NSG for Database Subnet

az network nsg create \
--resource-group MyResourceGroup \
--name DbNSG

Step 2: Define NSG Rules for Each Subnet

Web Subnet (Allow HTTP/HTTPS and SSH)

bash
Copy code
# Allow HTTP/HTTPS inbound to Web servers
az network nsg rule create \
--resource-group MyResourceGroup \
--nsg-name WebNSG \
--name AllowHTTP \
--priority 100 \
--protocol Tcp \
--direction Inbound \
--destination-port-ranges 80 443 \
--access Allow

# Allow SSH from a management IP (assume 203.0.113.5)

az network nsg rule create \
--resource-group MyResourceGroup \
--nsg-name WebNSG \
--name AllowSSH \
--priority 200 \
--protocol Tcp \
--direction Inbound \
--source-address-prefixes 203.0.113.5 \
--destination-port-ranges 22 \
--access Allow
Application Subnet (Allow Traffic from Web Subnet)

bash
Copy code
# Allow traffic from Web Subnet (10.0.1.0/24)
az network nsg rule create \
--resource-group MyResourceGroup \
--nsg-name AppNSG \
--name AllowWebToApp \
--priority 100 \
--protocol Tcp \
--direction Inbound \
--source-address-prefixes 10.0.1.0/24 \
--destination-port-ranges 8080 \
--access Allow

Database Subnet (Allow Traffic from App Subnet)

bash
Copy code
# Allow traffic from App Subnet (10.0.2.0/24)
az network nsg rule create \
--resource-group MyResourceGroup \
--nsg-name DbNSG \
--name AllowAppToDb \
--priority 100 \
--protocol Tcp \
--direction Inbound \
--source-address-prefixes 10.0.2.0/24 \
--destination-port-ranges 3306 \
--access Allow

Step 3: Associate NSGs with Subnets

bash
Copy code
# Associate WebNSG with Web Subnet
az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name WebSubnet \
--network-security-group WebNSG

# Associate AppNSG with App Subnet

az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name AppSubnet \
--network-security-group AppNSG

# Associate DbNSG with Db Subnet

az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVnet \
--name DbSubnet \
 --network-security-group DbNSG

az deployment group create --resource-group <YourResourceGroupName> --template-file

azuredeploy.json --parameters @azuredeploy.parameters.json

az deployment group show --name <deployment-name> --resource-group <YourResourceGroupName>