Introduction
As part of my journey to becoming an Azure Administrator, I recently completed Lab 04 - Implement Virtual Networking from the AZ-104 certification series. This lab provided valuable experience in configuring virtual networks (VNets) and subnets, applying network security controls, and working with DNS zones in Azure.
Throughout the lab, I learned how to build the foundation for network infrastructure in Azure, including setting up secure and scalable network configurations to accommodate growth. In this blog post, I'll go over the tasks I completed, key takeaways, and insights gained from this lab.
Lab Overview
This lab covered the fundamentals of Azure Virtual Networking. The objective was to design and configure virtual networks and subnets, implement network security groups (NSGs) and application security groups (ASGs), and configure both public and private Azure DNS zones. I created two virtual networks (CoreServicesVnet and ManufacturingVnet), managed subnetting, and ensured secure communication using NSGs and ASGs. I also configured DNS zones to resolve names both publicly and privately.
Skills Practiced:
✅ Creating and configuring virtual networks and subnets
✅ Implementing network security groups (NSGs) and application security groups (ASGs)
✅ Configuring DNS zones for both public and private resolution
✅ Managing resources using templates and the Azure portal
Task 1: Create a Virtual Network with Subnets Using the Portal
The first task was to create a virtual network and configure subnets for the CoreServicesVnet network. Here’s what I did:
1️⃣ Signed into the Azure portal – Azure Portal.
2️⃣ Created a new virtual network (CoreServicesVnet) and defined the IPv4 address space as 10.20.0.0/16.
3️⃣ Added two subnets:
SharedServicesSubnet: 10.20.10.0/24
DatabaseSubnet: 10.20.20.0/24
4️⃣ I reviewed and validated the settings, then created the network.
5️⃣ Finally, I exported the configuration template for later use in creating the ManufacturingVnet network in the next task.
📌 Insight:
Creating a virtual network with properly sized subnets ensures scalability and proper traffic segmentation. Azure allows you to customize the address space and subnet sizes according to the requirements of the workload, making it flexible for various use cases.
Task 2: Create a Virtual Network and Subnets Using a Template
The second task was to create a second virtual network (ManufacturingVnet) and its subnets using a template. Here's what I did:
1️⃣ Edited the exported template.json file to modify the network details:
Changed CoreServicesVnet to ManufacturingVnet.
Adjusted the IP address space from 10.20.0.0/16 to 10.30.0.0/16.
Created subnets:
SensorSubnet1: 10.30.20.0/24
SensorSubnet2: 10.30.21.0/24
2️⃣ I deployed the template through the Azure portal to create the new network and subnets.
📌 Insight:
Using templates for network deployment is a great way to ensure consistency and repeatability across environments. Templates allow for automation and quicker deployments, especially when scaling infrastructure or replicating similar configurations.
Task 3: Create and Configure Communication Between an Application Security Group (ASG) and a Network Security Group (NSG)
This task involved creating an Application Security Group (ASG) and a Network Security Group (NSG) to control traffic within the network. Here’s what I did:
1️⃣ Created an ASG named asg-web to group web servers together.
2️⃣ Created an NSG named myNSGSecure and associated it with the CoreServicesVnet.
3️⃣ Added an inbound rule to allow traffic from the ASG to the web servers (ports 80 and 443).
4️⃣ Configured an outbound rule to deny internet access on port 8080.
📌 Insight:
NSGs provide basic traffic filtering at the subnet and network interface level, while ASGs allow you to logically group resources that share a common purpose. Together, they offer a fine-grained security model for controlling access to your Azure resources.
Task 4: Configure Public and Private Azure DNS Zones
In this task, I worked with Azure DNS to configure both public and private DNS zones. Here’s what I did:
1️⃣ Created a public DNS zone for the domain contoso.com, adding an A record to resolve the hostname www.contoso.com to the IP address 10.1.1.4.
2️⃣ Created a private DNS zone for the domain private.contoso.com, linked it to the ManufacturingVnet, and added an A record for sensorvm to resolve to 10.1.1.4.
📌 Insight:
Azure DNS helps manage DNS records for both public and private domains. Public DNS zones allow external access to your applications, while private DNS zones enable name resolution within Azure virtual networks, improving communication and simplifying network management.
Key Learnings
1️⃣ Virtual Network Design
A virtual network (VNet) is the foundation of your network in Azure. It provides isolation and segmentation for resources. Proper planning of address spaces and subnets ensures scalability and prevents conflicts.
2️⃣ Network Security Groups (NSGs)
NSGs are crucial for controlling inbound and outbound traffic at both the subnet and network interface levels. They help secure your network by allowing or denying traffic based on rules defined for each resource.
3️⃣ Application Security Groups (ASGs)
ASGs are used to group similar types of resources together for easier management. They allow you to apply NSG rules to a group of resources, simplifying security management, especially in large environments.
4️⃣ DNS Configuration in Azure
Azure DNS zones allow for public and private name resolution. Public DNS zones are used for external access to services, while private DNS zones ensure internal communication between resources within a virtual network.
5️⃣ Using Templates for Network Automation
Templates are a great way to automate the creation of resources, ensuring that network configurations are consistent and reducing human error. This is especially useful when managing multiple environments or scaling infrastructure.
Conclusion
Completing this lab enhanced my understanding of Azure Virtual Networking. I learned how to create and manage virtual networks, subnets, and security configurations, as well as how to implement DNS zones for both public and private domains. Virtual networking is a crucial skill for any Azure Administrator, as it forms the backbone of cloud infrastructure and helps ensure secure, scalable, and well-organized resources.
🚀 Stay tuned for my next blog post on Lab 05 - Implement Intersite Connectivity!
🔗 Follow my journey as I continue mastering Azure Administration! 🚀
Top comments (0)