Microsoft Azure Administrator – Step by step Implement Intersite Connectivity (part 9 of 17)

Student lab manual

Lab scenario

Contoso has its datacenters in Boston, New York, and Seattle offices connected via a mesh wide-area network links, with full connectivity between them. You need to implement a lab environment that will reflect the topology of the Contoso’s on-premises networks and verify its functionality.

Objectives

In this lab, you will:

  • Task 1: Provision the lab environment
  • Task 2: Configure local and global virtual network peering
  • Task 3: Test intersite connectivity

Estimated timing: 30 minutes

Architecture diagram

Task 1: Provision the lab environment

In this task, you will deploy three virtual machines, each 

1.Sign in to the Azure portal.

2.In the Azure portal, open the Azure Cloud Shell by clicking on the icon in the top right of the Azure Portal.

3.If prompted to select either Bash or PowerShell, select PowerShell.

Note: If this is the first time you are starting Cloud Shell and you are presented with the You have no storage mounted message, select the subscription you are using in this lab, and click Create storage

4.In the toolbar of the Cloud Shell pane, click the Upload/Download files icon, in the drop-down menu, click Upload and upload the files \Allfiles\Labs\05\az104-05-vnetvm-loop-template.json and \Allfiles\Labs\05\az104-05-vnetvm-loop-parameters.json into the Cloud Shell home directory

AZ-104-MicrosoftAzureAdministrator/Allfiles/Labs/05 at master · MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator · GitHub

5.From the Cloud Shell pane, run the following to create the resource group that will be hosting the lab environment. The first two virtual networks and a pair of virtual machines will be deployed in [Azure_region_1]. The third virtual network and the third virtual machine will be deployed in the same resource group but another [Azure_region_2]. (replace the [Azure_region_1] and [Azure_region_2] placeholder with the names of two different Azure regions where you intend to deploy these Azure virtual machines):

$location1 = ‘[Azure_region_1]’
$location2 = ‘[Azure_region_2]’
$rgName = ‘az104-05-rg1’
New-AzResourceGroup -Name $rgName -Location $location1

Note: In order to identify Azure regions, from a PowerShell session in Cloud Shell, run (Get-AzLocation).Location

6.From the Cloud Shell pane, run the following to create the three virtual networks and deploy virtual machines into them by using the template and parameter files you uploaded:

$location1 = ‘[Azure_region_1]’
$location2 = ‘[Azure_region_2]’
$rgName = ‘az104-05-rg1’
New-AzResourceGroup -Name $rgName -Location $location1

Note: In order to identify Azure regions, from a PowerShell session in Cloud Shell, run (Get-AzLocation).Location

7.Close the Cloud Shell pane.

Task 2: Configure local and global virtual network peering

In this task, you will configure local and global peering between the virtual networks you deployed in the previous tasks.

1.In the Azure portal, search for and select Virtual networks.

2.Review the virtual networks you created in the previous task and verify that the first two are located in the same Azure region and the third one in a different Azure region.

Note: The template you used for deployment of the three virtual networks ensures that the IP address ranges of the three virtual networks do not overlap.

3.In the list of virtual networks, click az104-05-vnet0.

4.On the az104-05-vnet0 virtual network blade, in the Settings section, click Peerings and then click + Add.

5.Add a peering with the following settings (leave others with their default values) and click Add:

SettingValue
This virtual network: Peering link nameaz104-05-vnet0_to_az104-05-vnet1
This virtual network: Traffic to remote virtual networkAllow (default)
This virtual network: Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone
Remote virtual network: Peering link nameaz104-05-vnet1_to_az104-05-vnet0
Virtual network deployment modelResource manager
I know my resource IDunselected
Subscriptionthe name of the Azure subscription you are using in this lab
Virtual networkaz104-05-vnet1
Traffic to remote virtual networkAllow (default)
Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone

Note: This step establishes two local peerings – one from az104-05-vnet0 to az104-05-vnet1 and the other from az104-05-vnet1 to az104-05-vnet0.

Note: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:

6.On the az104-05-vnet0 virtual network blade, in the Settings section, click Peerings and then click + Add.

7.Add a peering with the following settings (leave others with their default values) and click Add:

SettingValue
This virtual network: Peering link nameaz104-05-vnet0_to_az104-05-vnet2
This virtual network: Traffic to remote virtual networkAllow (default)
This virtual network: Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone
Remote virtual network: Peering link nameaz104-05-vnet2_to_az104-05-vnet0
Virtual network deployment modelResource manager
I know my resource IDunselected
Subscriptionthe name of the Azure subscription you are using in this lab
Virtual networkaz104-05-vnet2
Traffic to remote virtual networkAllow (default)
Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone

Note: This step establishes two global peerings – one from az104-05-vnet0 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet0.

Note: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:




<!– /* Font Definitions */ @font-face {font-family:”Cambria Math”; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-469750017 -1073732485 9 0 511 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:””; margin-top:0in; margin-right:0in; margin-bottom:8.0pt; margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:8.0pt; line-height:107%;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} –>
$rgName = ‘az104-05-rg1’
 
$vnet0 = Get-AzVirtualNetwork -Name ‘az104-05-vnet0’ -ResourceGroupName $rgname
 
$vnet2 = Get-AzVirtualNetwork -Name ‘az104-05-vnet2’ -ResourceGroupName $rgname
 
Add-AzVirtualNetworkPeering -Name ‘az104-05-vnet0_to_az104-05-vnet2’ -VirtualNetwork $vnet0 -RemoteVirtualNetworkId $vnet2.Id
 
Add-AzVirtualNetworkPeering -Name ‘az104-05-vnet2_to_az104-05-vnet0’ -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet0.Id

8.Navigate back to the Virtual networks blade and, in the list of virtual networks, click az104-05-vnet1.

9.On the az104-05-vnet1 virtual network blade, in the Settings section, click Peerings and then click + Add.

10.Add a peering with the following settings (leave others with their default values) and click Add

SettingValue
This virtual network: Peering link nameaz104-05-vnet1_to_az104-05-vnet2
This virtual network: Traffic to remote virtual networkAllow (default)
This virtual network: Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone
Remote virtual network: Peering link nameaz104-05-vnet2_to_az104-05-vnet1
Virtual network deployment modelResource manager
I know my resource IDunselected
Subscriptionthe name of the Azure subscription you are using in this lab
Virtual networkaz104-05-vnet2
Traffic to remote virtual networkAllow (default)
Traffic forwarded from remote virtual networkBlock traffic that originates from outside this virtual network
Virtual network gatewayNone

Note: This step establishes two global peerings – one from az104-05-vnet1 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet1.

Note: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:




<!– /* Font Definitions */ @font-face {font-family:”Cambria Math”; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-469750017 -1073732485 9 0 511 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:””; margin-top:0in; margin-right:0in; margin-bottom:8.0pt; margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:8.0pt; line-height:107%;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} –>
$rgName = ‘az104-05-rg1’
 
$vnet1 = Get-AzVirtualNetwork -Name ‘az104-05-vnet1’ -ResourceGroupName $rgname
 
$vnet2 = Get-AzVirtualNetwork -Name ‘az104-05-vnet2’ -ResourceGroupName $rgname
 
Add-AzVirtualNetworkPeering -Name ‘az104-05-vnet1_to_az104-05-vnet2’ -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.Id
 
Add-AzVirtualNetworkPeering -Name ‘az104-05-vnet2_to_az104-05-vnet1’ -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.Id

Task 3: Test intersite connectivity

In this task, you will test connectivity between virtual machines on the three virtual networks that you connected via local and global peering in the previous task.

1.In the Azure portal, search for and select Virtual machines.

2.In the list of virtual machines, click az104-05-vm0.

3.On the az104-05-vm0 blade, click Connect, in the drop-down menu, click RDP, on the Connect with RDP blade, click Download RDP File and follow the prompts to start the Remote Desktop session.

Note: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.

Note: You can ignore any warning prompts when connecting to the target virtual machines.

4.When prompted, sign in by using the Student username and Pa55w.rd1234 password.

5.Within the Remote Desktop session to az104-05-vm0, right-click the Start button and, in the right-click menu, click Windows PowerShell (Admin).

6.In the Windows PowerShell console window, run the following to test connectivity to az104-05-vm1 (which has the private IP address of 10.51.0.4) over TCP port 3389

Test-NetConnection -ComputerName 10.51.0.4 -Port 3389 -InformationLevel ‘Detailed’

Note: The test uses TCP 3389 since this is this port is allowed by default by operating system firewall.

7.Examine the output of the command and verify that the connection was successful.

8.In the Windows PowerShell console window, run the following to test connectivity to az104-05-vm2 (which has the private IP address of 10.52.0.4):

Test-NetConnection -ComputerName 10.52.0.4 -Port 3389 -InformationLevel ‘Detailed’

9.Switch back to the Azure portal on your lab computer and navigate back to the Virtual machines blade.

10.In the list of virtual machines, click az104-05-vm1.

11.On the az104-05-vm1 blade, click Connect, in the drop-down menu, click RDP, on the Connect with RDP blade, click Download RDP File and follow the prompts to start the Remote Desktop session.

Note: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.

Note: You can ignore any warning prompts when connecting to the target virtual machines.

12.When prompted, sign in by using the Student username and Pa55w.rd1234 password.

13.Within the Remote Desktop session to az104-05-vm1, right-click the Start button and, in the right-click menu, click Windows PowerShell (Admin).

14.In the Windows PowerShell console window, run the following to test connectivity to az104-05-vm2 (which has the private IP address of 10.52.0.4) over TCP port 3389:

Test-NetConnection -ComputerName 10.52.0.4 -Port 3389 -InformationLevel ‘Detailed’

Note: The test uses TCP 3389 since this is this port is allowed by default by operating system firewall.

15.Examine the output of the command and verify that the connection was successful.

Clean up resources

Note: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges

1.In the Azure portal, open the PowerShell session within the Cloud Shell pane.

2.List all resource groups created throughout the labs of this module by running the following command:

Get-AzResourceGroup -Name ‘az104-05*’

3.Delete all resource groups you created throughout the labs of this module by running the following command:

Get-AzResourceGroup -Name ‘az104-05*’ | Remove-AzResourceGroup -Force -AsJob

Note: The command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed.

Review

In this lab, you have:

  • Provisioned the lab environment
  • Configured local and global virtual network peering
  • Tested intersite connectivity