Azure implementation


#1

Task 1 : creating azure account and subscription

1.First to create azure account click on the below link.

https://azure.microsoft.com/

  1. Add your information and enter card details ( it is to verify you as a human you will be charged with 2 Rs which will be refunded back)

You can choose the subscription as free tier. I am already a registered customer so am going with pay as you go subscription.

  1. By going into pricing calculator we can calculate our estimated charges. Below is the link for that
    https://azure.microsoft.com/en-us/pricing/calculator/

  2. You can create billing alerts click on the below link.

https://account.windowsazure.com/PreviewFeatures

enter the details and the amount at which you need to get an alert that’s it your billing alert is configured.

In the advisor you can go to the costs to get the advice’s from the Azure how to lower your costs.

Task 2 : creating virtual machine

https://www.youtube.com/watch?v=LXn9y2Wipac&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=38&t=0s

  1. Login to the azure portal
  2. Select the resource to launch Create resources compute–>choose the OS required --> type of subscription
  3. If you have resource group created you can select that if not create one.
  4. Give name to VM–> choose the region to launch–> choose the size of VM here I chosen basic configuration with 1 CPU and 1 GB ram
  5. Administrator account is like how you access your Vm --> password or ssh
  6. Click next I select the standard disk --> next to networking create vnet --> enter the CIDR block for the vnet address and subnet --> select the public ip address --> click next leaving other as default
  7. Leave everything in deafault and click on review and create

Creating Tags

  1. Go to virtual machine that we created and click on tags on the left hand side.
  2. Give NAME and value I gave costcentre as name and value as marketing and save it
  3. Then go to all resources and search for the tags to confirm and click on the tag to which resource it is assigned.

Creating locks

  1. Create a lock for your vm go to vm and select locks add lock and select the delete type so no user can delete your VM
  2. To confirm the lock try to delete the VM you will be left with error

Go to the dashboard and click on +

Creating a monitoring dashboard

Go to the dashboard and click on + --> name the dashboard monitoring–> go to storage account à select the storage --> on the upper right there is pin click on it to pin it to dashboard

Go to dashboard to check whether it is applied or not.

Creating billing dashboard --> go to all services --> subscriptions --> select the subscription and pin it

Downloading resource templates

Resource groups --> select the resource group --> deployments --> select the deployment–>

Click on download to download template

Create subscriptions and assign permissions

  1. Go to portal and select AAD --> fill in the details domain should be unique
  2. Choose subscription --> select IAM --> click on roles
  3. Go to AAD and click on roles and administrators to check the roles.

To give root level access go to AAD–> click on properties --> Azure management for azure resources “yes or no” yes will give root access.

Create users

AAD --> users on left hand side --> create --> enter details --> profile for personal details of user
–>click on Create

Click on resources --> subscription --> IAM --> add --> select owner --> select user and click save

Click user --> directory role --> add role --> global administrator --> save

Subscriptions --> iam --> select Charles --> remove

Configuring policy

All services --> services --> assignments --> assign policy --> select resource group and choose policy

Definitions --> under category select compute --> create vm using unmanaged disk

Go to vm and click disks to add managed disk choose standard --> browse storage container click ok and save

Go to policies and click on compliance

Task3: https://www.youtube.com/watch?v=_Nb50Xc2o_I&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=39&t=0s

Creating tags for the virtual machines

  1. Go to virtual machines and select one and go to tags
  2. Create your tags names and departments and save it.
  3. Go to all services --> service tag --> select tag
  4. All resources -->Advisor–> to get Azure advantages to decrease the costs
  5. All services --> Monitor–> usage and estimated costs --> choose your subscription to estimate the cost

Analyze resource utilization

Activity logs is to manage the subscription changes

Diagnostic logs is to manage the resource metrics

To set

Monitor --> Activity log -->choose subscription and time duration --> scroll to the end --> add activity log alert --> select target --> choose resource group to select VM’s --> add criteria --> all administrator operations

Define alert details --> enter alert rule name (vm created, modified or deleted) --> enter description–> save alert to choose resource group–> enable role yes–> define action group --> new action group --> enter the details --> action name and select type --> create roll

To verify go to vm and make changes by changing the size

Vm --> size --> bm1ms

Now you should receive an alert on email that you specified.

Monitoring metrics

Monitor–> alerts --> new alert rule --> select target --> choose subscription --> resource type as virtual machine and select vm --> alert criteria --> percentage cpu --> set alert logic–> done

Define alert details --> enter alert rule name (vm created, modified or deleted) --> enter description–> save alert to choose resource group–> enable role yes–> define action group --> new action group --> enter the details à action name and select type --> create roll

Under manage alert rules you can find the rules that we created.

Log Analytics

Monitor --> logs --> create new --> create OMS workspace and fill all details --> create

Type the query as Event | search “error” and run

Diagnostic monitoring

Monitor -->Diagnostic setting --> subscription --> resource groups --> resource type --> choose resource

Click on turn on diagnostics

Give a name to diagnostics–> archive to storage account --> choose storage account --> send log analytic–> create new --> select all and save

To confirm go to monitor --> diagnostic settings --> you can see metrics, syslogs, agent

TASK 4 : Monitoring, reporting, notification preferences

https://www.youtube.com/watch?v=eEloqlqt5co&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=39

For advisor recommendations : go to advisor --> recommendations

For health history : all resources --> service health --> health history

To trouble shoot : resource health --> trouble shoot

Creating health dashboard : create dashboard --> categories health–> select all --> go to service health an pin to dashboard

Creating health alert : health alert --> fill all the details

To view all the alerts : monitor --> alerts–> manage alerts

configuring billing alerts: all-services --> subscriptions --> invoices --> email invoice --> option --> configure recipients --> access to invoice --> on

To view the costs and spending rate and forecast : all service --> subscriptions --> choose subscription --> cost analysis and you can pin it to your dashboard

Task5: Allocate and Configure Resource Policies and Locks

https://www.youtube.com/watch?v=9qesF1bwc0o&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=40

All resources --> select resource group --> policies --> definitions --> new policy definition -->define location: choose your subscription --> enter name : name patterns must match the conventions --> description : name policy must follow the policy rules

{

"properties": {

"displayName": "must match name pattern",

"description": "name pattern must be this",

"mode": "all"

"parameters": {

“namePattern”:{

"type": "String",

"metadata": {

"description": "pattern name can include ? for letters, # for numbers"

}

}

}

},

"policyRule" {

"if": {

"not": {

"field": "name",

“match”: “[parameters(‘namePattern’)]”

}

},

"then": {

"effect": "deny"

}

}

}

Assign policy role

Then go to compliance to verify

Creating management groups:

All services–> management groups–> create new–> cto group

Then go to cto group we created and add management group–>create new–> for departments

And click on the details in the management group we created–>Go to policies and assign policy to management groups

Removing,changing and tagging resource groups**

Create tags

App contoso app

Mainwin-utc mon2:00 to tue 5:00

Environment dev

Costcentre 8923’

Expire-utc 2020-10-25

Move resource from on resource group to another resource group

Go to resource group à select the resource you wanted to move à and click on move and choose the target resourcegroup

To verify go to resource group to which we have moved

Our resource is moved to targeted resource group

Task6: Create and Configure Storage Accounts

https://www.youtube.com/watch?v=nnvTd7taFog&index=44&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq

Creating a storage account

Storage accounts --> add --> fill in the details --> storage account name should be unique --> location --> performance as standard --> account kind v2 --> redundant --> access tier hot or cool --> next --> select network --> next --> tags(env prod) --> review and create --> create

To verify go to storage accounts and select properties to check end points

Creating blob storage

Storage accounts–> click on the storage account we created --> blobs --> add container --> select public access level as you prefer I choose private.

Upload and object

Select the blob storage --> upload --> under advanced you find additional details --> we can specify folder and browse object to upload–> copy link to browser to check

Securing Storage with Access Keys and Shared Access Signatures

Storage account --> access keys --> to refresh the key

Storage account -->shared access signature–> generate sas and connection string

Blobs --> select the container --> access policy -->storage access policy–> add policy

Blobs --> select the container --> access policy -->immutable blob storage–> add policy–> policy type (time based retention)–> tag name (20days)–> add -->save

For files

Storage account -->files --> file share–> name and quote(2) --> create

Access policy --> and we can do it as we did earlier

For tables

Storage account --> add table–> click on the dots that appear at the end of the queue to find access key option

Access policy --> and we can do it as we did earlier

For queues

Storage account --> add queue --> click on the dots that appear at the end of the queue to find access key option

Access policy --> and we can do it as we did earlier

Firewall and virtual networks

You can mention the ip address which can access

Connecting and Managing Storage with Storage Explorer

Download Storage explorer using below link

https://azure.microsoft.com/en-in/features/storage-explorer/

choose your operating system and download and install

click on human icon on left side to add azure account à click on the radio button of add azure account click on signin --> enter your Microsoft credentials to login --> apply --> under subscription you can find storage accounts

Login using the storage account name and key

click on human icon on left side to add azure account --> storage account name and key --> copy the key from azure keypairs from storage account --> next --> connect --> apply --> local attached --> storage accounts --> newstorageaccount that we created

use a shared access signature URL

click on human icon on left side to add azure account --> use a shared access signature URL–>copy the URL from the azure shared access keys -->next --> connect --> apply --> local attached–> storage accounts–> newstorageaccount that we created

reference doc : https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1

Monitor and Protect Storage for High Availability

The below step should be done in azure storage explorer

In storage account --> choose the any subscription --> storage accounts --> tables --> to check the metrics with time stamps

We can create a monitoring for the same from portal

Storage account --> metrics --> choose metric type(ingress) --> aggregation (AVG)

Add metric to compare --> choose metric type(egress) --> aggregation (sum)

If you want to change the storage accounts replication any time

Storage accounts --> select the storage account --> Go to configuration --> replication type

Task 7: The Azure Import/Export Service

https://www.youtube.com/watch?v=M8XKPj7unWk&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=41

Download Microsoft Azure Import/Export tool V1

https://www.microsoft.com/en-us/download/details.aspx?id=42659

Download Microsoft Azure Import/Export tool V2

https://www.microsoft.com/en-us/download/details.aspx?id=55280

reference document

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

Extract version 2 of import export tool

Extract all the files that you wanted to import

Enable bit locker on the drive that you wanted to save & store key in the different drive.

And enable encryption. Copy files that need to import to the encrypted drive by creating folder.

Then go to import/export tool and edit dataset.csv

Local path to file, “fileshare1/filename”,type of storage(file),rename,metadata(none),properties(none)

Do it for all the files that are importing -->save

Open driveset.csv(notepad)

Location of the files,already formatted,silentmode,already encrypted, encryption recovery key from the key storage file we saved. --> save

All service --> import/export jobs --> create --> import to azure --> fill the details

Export

All service --> import/export jobs --> create --> export from azure --> storage account

Choose blobs to export --> return shipping info -->create

Configuring Azure CDN endpoints

All services --> CDN profiles --> add --> fill the details and create

Overview–> endpoint–> origin type(storage)–> origin hostname

Optimized for --> large file download

You can change optimization : cdn profiles --> choose cdn --> optimization on the left

Task 8 : Configure Azure Files

https://www.youtube.com/watch?v=SrnotZg1H-Y&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=46

Creating a file shares

5TB is the maximum size of file share it is allowed to create.

Storage account --> select one --> under file service select file --> add new fileshare --> create

Repeat the above step and create two fileshares

Mounting file share

Login to vm --> sudo update -->

sudo apt install cifs-utils

mkdir /mnt/fileshare1

sudo mount -t cifs //contosostorage4.file.core.windows.net/fileshare1 /mnt/fileshare1 -o vers=3.0,username=contosostorage4,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino

vim test.txt

then go to console and check whether the file called test.txt is created in fileshare files to confirm the mounting.

Deploy Azure filesync:

All services --> type sync and select azure file sync --> create

To confirm go to allservices --> storage sync services

Launch window machine

Change local server properties–> i.e enhanaced security click on and switch to “OFF”

Download and install azure file sync agent from below link

https://www.microsoft.com/en-us/download/details.aspx?id=57159

open folder and run server registration --> create

go to azure portal --> sync --> storage sync service --> click on sync service we created --> + sync group -->select storage account and file share --> click on fileshare --> add server end point --> registered server is the server name --> path is location

Implement Azure Backup

Creating backup

All services --> recovery service vault --> add --> fill in the details–> Open recovery service vault we created --> backup --> choose azure and virtual machine and click next --> create new policy

Ok --> choose VM’s --> ok --> enable backup

Backup items --> virtual machines -->

Home --> virtual machines -->choose vm --> backup --> backup now

To monitor the backup click on view all jobs

To create alerts for the backup

Click on the view all alerts --> configure notification --> configure and save

Go to backup of the vm to find the backup that we created

We will use mars agent installer to backup on premises machines

Review Backup reports:

Home --> subscriptions --> pay as you go --> resource providers --> find Microsoft.insights and register for it.

All services --> recovery service vault --> backup reports -->link to enable diagnostic settings --> turn on diagnostics -->

Diagnostic settings

Name backup settings

Check the archive to the storage account

Storage account and choose it

Under log choose azure back up report and retention is number of days

Save

Creating account with power BI below is the link for that

https://powerbi.microsoft.com/landing/signin/

need to register with the student or organization mail id but I don’t have it.

login -->my workspace–> search for backup --> choose azure backup–> connect --> enter the name of the storage account of diagnostics --> authentication method is key --> copy access key of the storage account -->signin

view dataset --> azure backup

snapshot blob and fileshares

Creating snapshot of blob

Storage account --> select one --> blob storage --> choose blob --> select the file --> on right side click on the three dots that appear vertically --> create snapshot --> view snapshot -->promote snapshot to get back to previous blob

Try to delete a blob file --> if there is snapshot it can’t be deleted

Creating snapshot of fileshare

Storage account --> select one --> files --> select fileshare --> more create snapshot --> view snapshots

Task 9: Creation of highly available vm’s

https://www.youtube.com/watch?v=dNp0WRX7EQs&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=45

Virtual machine --> create --> select availability region --> availability set --> create --> 2 fault domains and 9 update domains and create vm

Managed disk and unmanaged disk

Virtual machines --> create --> next -->Os disk type standard HDD–> managed disk “no”–> select the storage account and create

Go to storage accounts --> choose which you selected will creating VM–> blobs --> container named vhds

Vm _–> disks --> migrate to managed disks --> refresh to make changes effect --> edit to make host changes --> none

Changing of host caching to avoid charges

Choose the disk --> Create snapshot

Creating disk from the snapshot

All services --> disks --> add --> source snapshot choose the one we created now

To attach disk to vm

Go to vm --> disks–> add data disk–> and select the disk

Network Communication Between VMs

Creating vnet

Virtual networks–> Add --> fill in the details

Name of Vnetwork

Address space 10.1.0.0/16

Subscription

Resource group

Location in which you have you vm else you cannot launch that in this newly created vnet

Public subnet

Address range : 10.1.0.0/24

Creation of subnet

Open vnet --> choose subnet --> create subnet–>

Name private

Address : 10.1.1.0/24

Service endpoints : Microsoft storage

Creation of network security group

All services --> network security groups --> add --> fill details and create

Click on the security group created --> outbound security rules --> add

Source : virtual network

Source end point : *

Destination : service tag

Destination service tag : storage

Destination port range : *

Protocol : any

Action : allow

Priority : 100

Name allow-storage-all

Add another security rule

outbound security rules --> add

Source : virtual network

Source end point : *

Destination : service tag

Destination service tag : internet

Destination port range : *

Protocol : any

Action : deny

Priority : 110

Name :deny-all-internet

Inbound security rule:

Inbound security rules --> add

Source : any

Source end point : *

Destination : virtual network

Destination port range : 3389

Protocol : any

Action : allow

Priority : 120

Name allow-RDP

Then click on subnet’s --> associate --> choose virtual network --> choose private subnet

Then go to storage accounts --> firewalls and vnet’s --> selected networks --> add existing virtual network --> save

Create two vm’s one with private subnet and other with public subnet

1.While creating public vm in networking choose new public ip–>network security group advanced -->create vm

Choose the one we created for public access

2.While creating private vm in networking choose new public ip -->network security group advanced -->Choose private security group --> create vm

To check the network we configured connect to vm’s

Go to storage accounts -->choose file share --> select one and connect --> that will give you powershell command to connect

Virtual machines -->private vm --> connect --> download RDP --> open power shell and try the below command to access the storage account

You will be able to access the storage account but there will not be an internet connection.

Virtual machines -->public vm --> connect --> download RDP–> open power shell and try the below command to access the storage account.

You need to get permissions denied

You will be able to connect to internet using public vm.

Activate Monitoring for VMs

virtual machines --> add --> in management --> boot diagnostics on --> Os guest diagnostic on --> create new storage account --> create vm

For autoscaling

All services --> virtual machine scaleset -->create—>

Open it --> scaling -->

Monitor–> alerts–> new alert --> create rule --> select resource --> filter by resource type(virtual machine scale sets)–> condition (cpu usage)–> alert logic greater than max 90–>action group to send mail

VM resizing after deployment

Go to vm --> size --> you will be able to see only few sizes --> stop vm and check for the sizes–> you will have more options

Create an image of the vm by clicking on it

All services–> images–> select the image we created–> create vm–>

Configuring VM scale sets

Virtual machine scale sets–> add --> while adding add loadbalancer

All services–> loadbalancer to verify the load balancer we created.

Task 10 : create and deploy ARM templates

https://www.youtube.com/watch?v=rqtQW6VcqXI&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq&index=43

Accessing the previous deployment

Resource groups–>deployments -->select the deployment -->download

All resources --> virtual machine --> create --> review and create --> in the last page you will see download a template for automation

Create resource à template deployment --> create --> create linux vm --> edit template -->edit parameters --> create passwords and click on purchase to launch vm

To verify go to vm’s to find the vm we created

Size of template file should not exceed 1MB

Attaching Network interface

All services --> network interface card–> create

Select NIC --> ip configurations --> choose subnet public --> enable public ip

Vm --> stop the vm --> networking --> attach network interface --> attach the interface we created–> if you have two NIC you can detach one

Creating application security group

All services --> application security group -->add --> create

To attach ASG

Vm --> select vm --> networking --> application security group --> configure application security groups --> select the one we created

Creating route table

All services --> route tables --> add–> create

BGP route propagation enables routes from on-premises to azure portal

Choose routetable --> routes -->add -->

We can attach route table to our subnet
vnet -->subnets -->routetable and attach

Create Peering Between Virtual Networks

Virtual networks --> select Vnet one --> peering --> choose vnet that we wanted to peer to

Repeat the above step from the other vnet and target to vnet we did first

Configuring virtual network gateway

Choose vnet --> subnets --> add gateway subnet --> create

Address spaces and to add additional address range

Create subnet called backend

Go to another vnet and do the same

All service --> virtual network gateway --> add --> create by selecting vnet of cloud

Repeat above step and choose on prem vnet and create

Create on one of the network gateway --> connections --> add --> create

Repeat the above step and do the same.

To verify click on the connection and check the status whether is connected are not.

Azure DNS Zones and Custom DNS Settings

Azure active directory --> custom domain names --> add custom domain name–> add domain

To setup DNS zones follow the below setps

All services --> DNS zones --> add --> enter domain name --> create --> then click on DNS record that is created --> copy the name servers --> dns management tool

Create vnet --> create vm

All services --> dns zone --> record set --> alias record set yes

Task 11: Manage Azure Active Directory (AAD)

https://www.youtube.com/watch?v=7AFettRz1yI&index=42&list=PLL7rh2YAHA3arveR4tXIq1huouav4jZWq

Create AAD

All services --> active directory --> create --> click here to manage directory

AAD–> custom domains–> add custom domain–>

Azure AD identity protection is a paid service you will be charges

All service --> azure AD identity protection–> onboard --> create

Conditional policy

AAD -->conditional Access polices–> new policy --> enable policy --> create

Self-service Options in Azure Active Directory

All services --> access reviews --> onboard --> create --> program --> new program --> default program–> controls --> new access review–>

Self service password reset

AAD–> choose one --> password reset --> properties --> all -->save

Authenticating devices in azure directory

AAD–>select one–> devices–>