Lab 14: Azure Virtual Network (VNET) and Network Security Groups (NSG)

Azure Step by Step Training Lab 14: Azure Virtual Network (VNET) and Network Security Groups (NSG)
29 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$69.99
List Price:  $99.99
You save:  $30
€66.52
List Price:  €95.03
You save:  €28.51
£55.40
List Price:  £79.15
You save:  £23.74
CA$97.77
List Price:  CA$139.67
You save:  CA$41.90
A$107.48
List Price:  A$153.55
You save:  A$46.07
S$94.07
List Price:  S$134.39
You save:  S$40.32
HK$544.73
List Price:  HK$778.22
You save:  HK$233.49
CHF 61.85
List Price:  CHF 88.36
You save:  CHF 26.51
NOK kr773.61
List Price:  NOK kr1,105.21
You save:  NOK kr331.59
DKK kr496.19
List Price:  DKK kr708.87
You save:  DKK kr212.68
NZ$119.31
List Price:  NZ$170.45
You save:  NZ$51.14
د.إ257.07
List Price:  د.إ367.26
You save:  د.إ110.19
৳8,370.95
List Price:  ৳11,959.01
You save:  ৳3,588.06
₹5,916.42
List Price:  ₹8,452.40
You save:  ₹2,535.97
RM312.50
List Price:  RM446.45
You save:  RM133.95
₦117,624.49
List Price:  ₦168,042.19
You save:  ₦50,417.70
₨19,473.08
List Price:  ₨27,819.88
You save:  ₨8,346.79
฿2,426.48
List Price:  ฿3,466.55
You save:  ฿1,040.07
₺2,418.28
List Price:  ₺3,454.83
You save:  ₺1,036.55
B$406.67
List Price:  B$580.99
You save:  B$174.31
R1,268.60
List Price:  R1,812.36
You save:  R543.76
Лв130.09
List Price:  Лв185.85
You save:  Лв55.76
₩98,070.61
List Price:  ₩140,106.88
You save:  ₩42,036.26
₪261.37
List Price:  ₪373.41
You save:  ₪112.03
₱4,133.88
List Price:  ₱5,905.80
You save:  ₱1,771.92
¥10,806.63
List Price:  ¥15,438.71
You save:  ¥4,632.07
MX$1,423.91
List Price:  MX$2,034.25
You save:  MX$610.33
QR255.44
List Price:  QR364.93
You save:  QR109.49
P956.94
List Price:  P1,367.12
You save:  P410.17
KSh9,046.20
List Price:  KSh12,923.70
You save:  KSh3,877.50
E£3,475.04
List Price:  E£4,964.56
You save:  E£1,489.51
ብር8,733.50
List Price:  ብር12,476.97
You save:  ብር3,743.46
Kz63,853.79
List Price:  Kz91,223.61
You save:  Kz27,369.81
CLP$68,157.66
List Price:  CLP$97,372.26
You save:  CLP$29,214.60
CN¥506.84
List Price:  CN¥724.09
You save:  CN¥217.25
RD$4,224.90
List Price:  RD$6,035.83
You save:  RD$1,810.93
DA9,349.94
List Price:  DA13,357.64
You save:  DA4,007.69
FJ$158.89
List Price:  FJ$226.99
You save:  FJ$68.10
Q540.76
List Price:  Q772.55
You save:  Q231.78
GY$14,655.30
List Price:  GY$20,937.04
You save:  GY$6,281.74
ISK kr9,679.61
List Price:  ISK kr13,828.61
You save:  ISK kr4,149
DH699.78
List Price:  DH999.72
You save:  DH299.94
L1,274.52
List Price:  L1,820.82
You save:  L546.30
ден4,093.48
List Price:  ден5,848.08
You save:  ден1,754.59
MOP$561.60
List Price:  MOP$802.33
You save:  MOP$240.72
N$1,270.52
List Price:  N$1,815.10
You save:  N$544.58
C$2,577.69
List Price:  C$3,682.57
You save:  C$1,104.88
रु9,455.06
List Price:  रु13,507.81
You save:  रु4,052.75
S/265.82
List Price:  S/379.77
You save:  S/113.94
K281.99
List Price:  K402.86
You save:  K120.87
SAR262.75
List Price:  SAR375.38
You save:  SAR112.62
ZK1,938.58
List Price:  ZK2,769.51
You save:  ZK830.93
L331.04
List Price:  L472.94
You save:  L141.89
Kč1,685.42
List Price:  Kč2,407.85
You save:  Kč722.43
Ft27,354.11
List Price:  Ft39,078.98
You save:  Ft11,724.86
SEK kr771.99
List Price:  SEK kr1,102.90
You save:  SEK kr330.90
ARS$70,181.20
List Price:  ARS$100,263.16
You save:  ARS$30,081.95
Bs485.08
List Price:  Bs693
You save:  Bs207.92
COP$308,906.07
List Price:  COP$441,313.30
You save:  COP$132,407.23
₡35,572.52
List Price:  ₡50,820.06
You save:  ₡15,247.54
L1,770.13
List Price:  L2,528.86
You save:  L758.73
₲548,589.81
List Price:  ₲783,733.33
You save:  ₲235,143.51
$U2,994.50
List Price:  $U4,278.05
You save:  $U1,283.54
zł289.22
List Price:  zł413.19
You save:  zł123.97
Already have an account? Log In

Transcript

Welcome to lab 14. And in this lab 14, we will focus on how to do networking on as your cloud. So in this lab, we will create a simple demo in a very when we will create a network using as your virtual network, we will then divide the network into sub network using subnetting. And in that sub network, we will add two virtual machines must be machine one and machine two. And then we'll try to ping from machine one and machine two. We will also try to understand you know how to create security rules by using the network security group.

So this is like a 30 minutes of session. And in this session, the goal is to understand as your networking so let's get started. So let me first go and add a virtual network out here. So you can see here, I have just typed virtual network at the top and I'm clicking on this menu. The best way to get any as your resource is by using this box at the top, I really like it because going and scrolling in the menus and then finding virtual networks is really painful. Because a number of as your services are growing day by day, right, so I'm going to go here and type virtual networks.

And I will click on this. And let's go ahead and create a virtual network, you can create it from here, you can create it from here. So there are a lot of places from where you can go and add on virtual network. So let's give this network name as quest bonds network. Now, when you talk about networking, the most important thing is the IP address, right? So before I go ahead and put an IP address out here and address space out here, it's very important to understand you know, how IP addresses actually work.

So what exactly is an IP address? What exactly does subnetting means and so on. So, let me first explain that and then I will go ahead and fill this form again. So, in order to understand IP address, let me open up a small excel sheet out here. So, as we all know that when you talk about IP addresses, IP address, you know helps you to uniquely identify a computer in a network. So, the format of IP address looks something like this.

For example, you can see on my Excel sheet I am typing 10.0 point 0.0 right. So it has like these four numbers. And each one of these numbers are updates. So then point 0.0 point zero. So each number of them there are updates means you know, update, update means eight, you know, eight magicians, eight soldiers right? So each one of them are of a bit size.

In other words, it is Like 11141234 So, when I say octane octane means basically each one of these bits are of a bit size that means a total is of 32 bit the maximum address you know what you can have in a 32 bit IP address is 255 dot 255 dot 255 dot 255 it So, now think about So, basically you are you are going ahead and you want to go and assign IP addresses in your network right so, you start like saying Okay, let's take machine one so machine one will have 10 points 0.0 point one assume so this is machine one, right? Then you see okay 10.0 point 0.2 so this is machine two And so on. But now think about it at some moment of time one is that you will exhaust your IP address, right. So the number of IP addresses will get exhausted.

The second important thing is that, you know, when you talk about organizations, you know, organizations have departments, so you'd like to go ahead and create you know, group the departments in different different section. So it would be great to see that okay, like, so department one, right, all belong to 10.0 point 0.1 point 210 point 0.0 1.3. So they belong to the group of 10.0 point 0.1. Then you can have department two, and over here you would like to say Oh, like so this is the second department. So 10.0 point 2.1. This is machine one in the department and then as a 10.0 point 2.2 that's machine to.

So this grouping is all 10 points 0.1 and this grouping is of 10 point 0.2. So in other words, you'd like to go ahead and you know, have a naming convention or have some kind of a convention in this IP address, where you can go and you can create sub networks. So, for that, you know, you need to go and divide your IP address into two parts you know, one is the network part. So, this over here in this case, this 10.0 point 0.1 is the network part and the second thing here is the host part. So the network part is like you know, saying that okay, what is a city you know, what is the country, but the host part is saying that what is the street address and what is your home number, right. So, you would like to go ahead and do i do know this IP address into a network section and host section right.

So, for that we need to use a concept called as subnetting. So, for example, Now, let's try to understand subnetting So, I can see at 10.0 point 0.0. So, let's say I want to go and you know create a subnet on this. So, I can see now, so, mask you know the first one 255 dot 255 and the remaining just leave it. So, what this means now is this means that but over here, you can now go ahead and create 10 points 0.1 point 1.1 right. So, these two things these two what are called numbers only used to assign host address, one is the rest two bits will be used to assign host a host address.

So this will be 10.0 point 1.2 and then you have 10.0 point 1.3 right. So, in other words now, you can see over here, this is one network so So, here, we can see this is one network, right? In the same way, you can go ahead and you can create some other network for example, 10.0 point 0.0 and it will say okay, now I'm going to go and mask you know the the first three to 55 255 255 and zero. So, what it means is now, only the last bit will be here to assign the host. So, this will be like 10.0 point 0.1 10.0 point two right and 10.0 point 0.3 right. So, in other words, now, this is your network part in this case, so this becomes your network part and this becomes the host part, right.

So this is your host part, right. In this case, this was the host part. So by using the concept of subnetting You can divide your IP address into different different sub networks so that you can organize better and you can work better. Now also like over here you can see that you can use this convention 255 255 to do the masking or what you can do is you can see like Okay, so, this is a bit this is a bit this is a bit and this is a bit so you can say okay, then point 0.0 point zero slash 16 right. This slash 16 means that the first two the first two bytes or the first two sections of the IP address is masked or I will say they belong to the network part. In this case, now we have 888 right so 24 so this will become 24.

So that means now over here, you know, the first three, the first three sections of the IP address will be used as a network part. So you can also use this convention here IP address, slash 16 IP address slash eight IP address slash 24 and so on right. So, so, now in other words you know why am explaining so much because over here now I need to go and give an address space right. So, I need to give an address space here which follows the CIDR notation. So CIDR notation means I will give the IP address 10 point 0.0 right and I will say this is let us say assume 16 Okay. So, when you say 16 you can see now it has said over here okay so, that means that your IP addresses will range from 10.0 point 0.0 to 10.0 point 255 dot 255.

So, you can see how the last you know two sections of the IP address is used you know used for the host part and the first two section is used for the network part right at this moment you know the discussion of it ipv6 is out of the scope, right? But in case if you go and use ipv6, you know, your number of addresses will increase, you know, that's what I can say for now. So, at this moment, you know, I have I have gone ahead, I have created an address space 10 point 0.0 and said slash 16. So that means I'm expecting now you know, my, you know, whatever computers I add into this virtual network, it will get the IP address of 10 point 0.0 as the network and then point 1.2 for the first computer must be 10.0 point 1.3 for the second computer, and so on, right.

So that's good. So I'm going to go and create a virtual network. So virtual network in as your means that it is a network under which you want your computers to run, right. So I'm going to go and assign this let's go and assign this to something called as as your network group. So I'm creating a resource group so that we can go and delete the whole thing later on. And I'm going to go and choose South India for now.

So remember that whatever location you choose in your virtual network Try to keep your machines also in the same location right? So I'm going to go and take South India for now. Name of the subnets so I'll just give the name of the subnet as so this is right. So then point 0.0 point 16. And here so let's say this is subnet one right sub network one and in this I will say 10 point 16 slash must be I can say 24 right. So that means that this subnet you know what is that inside this is 10 point 0.0 point 24 right.

So this is my main network which is like 10.0 point, whatever. And inside that I have created a subnet must be I can say 10 point 0.1 point 20 255 so let us say this is the accounts department subnet. So you know, in a company you can have an IP address right for everyone. And then you can say okay accounts department network is this HR department network is this right? So I will say this is account department account, sub subnet, right. So I'm saying that the main IP address is 10 point 0.0.

Inside that, you know, there is an account subnet and accounts department subnet 10 point 0.1. So that means that all the machines of accounts department will belong to 10.0 point 1.1 10.0 point 1.2. So when the allocation takes place, it will happen inside the network. 10.0 point 0.1 right. So I'm going to go and one click on Create and let's create this virtual network. So there you can see the response network is created.

So when I click on this, the address space is you know, 10.0 point 0.0. You can see at the right hand side, inside this unit, we have Have a subnet which is accounts of subnet if I wish I can go and add more subnets if I want. So I can say accounts department subnet, I can say HR department subnet and so on right. So now we have created a virtual networks out here, let us go ahead and add two virtual machines inside this must be like machine one and machine two. And let us try to ping from machine one to machine two, right. So I'm going to go and add a virtual machine.

So there it is. You can see I'm adding a virtual machine out here. Let's add all of them into the same as your network so that we can delete it later on. So I'm going to go and give the name as this is let's say machine one. region let's select the same one. I'm selecting for now South India in case you are from us, I would suggest to go and select the region which is nearby.

I will select Windows Server 2019 data center must be I can make it cheaper by selecting windows 2016 data center right let's keep the same size I will delete it later on let's password All right. And let's allow in also anybody can come and ping in because I want that the machine should be able should be the two machines should be accessible to each other. So I would go and say okay, like public inbound ports, allow the inbound ports to pop to you know, to ping in So allow all this So allow the selected ports you know, to send traffic data. Next hard disk I think I would keep it the same so I won't review the hard disk, but the most important pound you know, important thing for now. Is the networking. So now you're adding this computer so you want to go and add to which subnet so this is the main network quest bonds network, right?

And inside this What was your network out there? I'm not sure. So this is corresponds network and inside this unit we have the accounts department so I'm going to go and add this machine you know to this network account subnet and the rest I will keep it as it is for now. And I see group I'll talk about it later on public inbound ports. So do you want people to access the virtual machine from outside? Yes, I want to do that and that is go ahead and review and create right.

So now this is machine one. Right. So you can see now machine one is getting deployed. So remember that this will get deployed inside the accounts subnet. So, the IP address of this machine you know should be like the this machines IP address you know should be like 10.0 point 1.1 or 10.0 point 1.2 right because if you remember in our response network, we had created this as the subnet. So, it will belong to now, this network so the host part is only the last bit right.

So, there it is you can see this virtual machine is getting created in the same way now let us go ahead and create another virtual machine I'm going to go and follow the same steps virtual machine so this is machine one let me add machine two as well. So, the same thing the steps are almost same as your network Okay, that's the resource group I you know, if you remember in the previous section, it was popping up the network. So that is the resource group. I was just wondering that I did not create two networks. So much into. So these are the same steps I'll follow for now.

So that you can see now I have created the machine too as well, this machine to configuration is exactly the same like machine one, and it belongs to the same network. So if I go to machine one now, you can see that it has given a private IP address of 10.0 1.4 10.0 point 1.4. And if I go to machine two because he belongs to the same network, you can see that he has allocated him in the same subnet 10.0 point 1.5. Right. So we have two virtual machines out here one which runs on 1.4 and one which runs on 1.5. Right.

So let's go ahead to machine one and let us try to ping machine two, right. So I'm going to go and say Connect out here. So from 10.0 point 1.4. I will try to connect to 10.0 point 1.5. So you can see I've said connect and download downloading this RDP file. These are the file is nothing but the remote desktop file, which will actually help me to connect, you know, to this machine.

So you can see here, it's downloaded this file out here and I'm seeing Connect. So there it is, I'm logging in, let me put my credentials. Right. And also, let me login into machine two as well, I'll tell you why. So you can see it's logging in, but also so that it is logging in. But also log into, let's log into machine two as well.

So I'm going to go and say Connect. Download RDP Wi Fi. So let me just quickly connect to machine two as well. Right, so you can see I'm connected to machine two. And also I'm connected to machine one. So this is machine one, right?

So it's loading. This is machine one And this one is machine two. So this is machine two, you can see the name out here. And you can see this is machine one. So the goal here is to ping from this machine one to machine two, because both of them belong to the same network, you know, so they should access each other, right? So I'm going to go to machine one year, it's still loading, let's let it complete.

Preparing for Windows. There it is. So they're both the machines have been loaded. So I'm going to go to machine one out here. And let me go to the command prompt, right. So IP config, so I can see that this is 10.0 point 1.4 right.

So from here now, let us try to ping to 10.0 point 1.5. Right and let's see it works or not. So you can see here he's trying to ping to 10.0 point 1.5 but You can clearly see that it is giving a request timeout out here. So let me go to machine two out here. Let's quickly check, you know, if I'm doing something wrong. So okay.

So IP config so this was 10.0 point 1.50 that's so slow. Yeah, it is 1.5. So why am I not able to ping you know, from this machine to this machine. So remember that by default, you know, these operating systems, you know, which which are, you know, on as your, you know, they're protected by firewall. So I feel so you know, that the firewall of this machine is not allowing the ping packets ICMP packets, right? So let's go to firewall and let us enable the ICMP packet.

So I'm going to go now to firewall and I will search your firewall right Slow, slow. Okay, isn't it just firewall. And over here you can see that this firewall is out here. So let us go ahead and create an inbound rule, which will actually go and allow ICMP packets. So I'm going to go and click on this new rule out here. And I will say custom rule, right.

And I will say all programs. So I will say protocol type ICMP so ICMP, we can see ICMP v4 so ICMP in our packets which are like ping and trace RT as So on, right? So I'm going to go and say, okay, allow all those packets and I'll say next. So, allow any IP address for for now, if you if you wish you can go and you can add, you know, the IP addresses, you know, who can do those things right. And I would suggest to go and use these ones, you know, be very specific in case if you can, so that you can have more better security, right? But this moment, you know, because we are just testing let us say allow, allow the connection and allow everything right.

So allow ICMP, right, allow ping, so on, so it does a finish. So with this I'm expecting now. So let's now go back, right, go back to go back to machine one. And let's try to now run the ping so you can see now, so you can see now I'm able to ping, right. So, so we have successfully created an Azure virtual network. And we have created two machines machine One and machine two, and we are able to ping from these machines and these both belong to the same same network right.

Now, one is that we have this firewall, you know, which helped us to go and apply rules, you know, saying that you know, which packets are allowed and which packets are not allowed inside the machine. But the truth is that, you know, the packets actually arrived into the machine and then later on this Windows Firewall software actually prevented those packets, but what if I want to go and apply security at the network level? So, in other words, you know, from this machine that is your 1.1 point four, you know, when the ping comes to this machine, between the network itself, you know, it should it should go and put a rule saying that no, this ping is not allowed and so on. Right. So, that's where, you know, we have something called as a network security group. So what is the software You know, like your firewall or your antivirus, you know, they they apply security on the machine level.

But when you talk that you want to apply it on the network level, then in as your we have something called as the network security group. So I'm going to go to machine to out here. So every machine here, will, you know, has this networking tab. And when you go to this networking tab, here, you have this network interface. So at this moment, we have this network interface here created machine tools, 276, I will go and click on this. And in this, you know, we have this thing called as network security group, right?

So I'm gonna go and click on this network security group, and over a year, you can go and you can, you can go and you can define rules, right? So I'm going to go and add a rule, right? So I can see that certain rules are out here. So what let's let's look at the name this is machine to NSG machine to energy. So let's go to machine to NSG. So there it is network security group.

Remember, each one of these components are created separately. So you can see the virtual machines are separate. The network security group is separate, the network interfaces separate so that you can configure them separately. Right? So and also you're definitely our virtual network is separate, right? So this is what I want to configure.

So from, you know, when you saw from when you saw things from here, actually, this was, this is showing you that how the network security group is connected to this to this machine, right. But if you want to go and configure this machine to NSG, then you really need to go. You really need to go to this machine to energy out here. And over here. Now let's go ahead to this inbound Security Rule. And I'm going to go and create an ad inbound Security Rule where I will say any source Any port any IP address right is not allowed to send ICMP packets.

So you can see here I'm saying ICMP packet deny right? ICMP packet not allowed. Right. And I will just say I see him Kendall school not allowed to add. So now with this, I have added that ICMP packets are not allowed. So, at this moment, if you see, I was able to ping this machine, right, I was able to ping 1.5.

Right. But now that I have created a network security rule, or the NSG rule, which says that the packets are not allowed. This should not work really right. So, I'm going to go and again, click on ping out here and let's see if this works or not. So there it is. You can see now Ping is not working anymore, right?

If you look at the other machine, I have allowed the firewall. So you can see the allow ICMP packet is all out there. But still he is not able to ping it. Because we have, we have created an NSG rule now, and energy rule is now getting applied on the network level. And the network security or the energy rule will override any kind of security, which is available at the machine level. So when you talk about, you know, defining how the security or how the network traffic rules are, you can use this energy between those your resources.

So that brings us to the end of this session. One of the things you should always do is you know, whenever you do, because these are all demos, right? Just make sure that you go ahead and you delete your resource group, or else you will get built right. So I'm going to go and do the same. So very quickly. So what did we do out here so In this video, you know, we talked about how to go and create an OCR network, we also ping from one machine to another machine.

And we also, we also try to look into something called as the network security group, you know, which helps us to define, you know, the rules at the network level. So you can see that I'm deleting this as your network. Now, some important things out here, you should delete the whole resource group. You know, if you go and delete individual items, you will still be getting built, right? So I won't advise you to go and select all and do on delete, because you know, the, the chronological order is, is automatically maintained if you go and delete the whole group, right? So that's why I always say that please create a resource group and do the practicals in that in those resource groups so that later you can delete them properly.

So you can see I'll say delete resource group as your network, right? So with this it will make sure that That the whole group the whole resources in that group is deleted in a chronological order and it is deleted for sure, when you go and select all from here and when you say delete, it is very much possible that he will not use a chronological order and then one resource is using other resource and other resources using other resources is sometimes possible that we will not delete also right. So that brings us to the end of the session. So hope that you have enjoyed this session. Thank you so much.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.