West Coast IT Hipster

View Original

Azure Lab- Network and Peering

FIrst, step when developing this lab was to come up with a consitent way to move the audience through the lab, in a single Subscription, and within the timeframe we had to present. It was quickly decided to utilize Resource Groups to keep everyone’s resources together. Grouping resources is what these do. That coupled with a naming convention that we thought would avoid overlap, we were ready to go.

Creating a Resource Group



Thsi Lab we will be using the Azure Resource Monitor and what is called the blade. It allows for a pretty seamless naviugation experience, and provides a single pane to configure all the components needed for a specific resource. We did not utilize the Dashboard in this lab, thsi was for simplicity as some of the aprticipants had limited exposure to Azure. I will go into the Dashboard in a later post. We also employed the use of the Azure Portal menu to easily return all the participants back to their resource group. This allowed everyone to start the Blade for each subsequent resource with the Resource Group and Subscritpition already filled in. It’s always there, and made it an easy way to get everyone “Home” or back to their Resource Groups before each section.

First Step was for each Participant to configure an individual Resource Group, using the steps below.

1.   Sign in to the Azure portal.

2. From the Top Azure Services select 
Create a Resource under Azure Services 

3. In the Search field type Resource group 

4.  Select Create. The Following Window will be displayed. 

5.  Check for the proper Subscription 

6. Name Resource Group (1st Letter First Name)(1st 4 Last Name)-rg 
Example: Victor Flex would be vflex-rg – but use your own name, VFLEX is taken.

7.  Select Region Chosen in the Spreadsheet 

8.  Select Review + Create

9.  If validation says passed, Select Create

10. Use the Azure Portal Menu to navigate to your Resource Group

    For this part of the lab we put in the infrasructure for all the communication. This will be the Virtual Networks or VNets and their corresponding routing. I like to think of VNets like a tradition on-prem network. Where typically there is a single Address space (ex. 10.0.0.0/16) which is then broken up into subnet ranges., allowing for segmentation of resources within site. VNets also introduce “Gateways” allowing for the movement or routing of traffic from the VNet to the internet, or other VNets (Sites) or even across VPNs and Azure Express Routes. So, just like their on-prem network counterpart, VNets are an important part of your cloud datacenter. And even though you don’t have to build all the routes, configure the indivual switches/routers, proper lanning ans setup for you application is crucial.

For this lab we kept it simple. Two, VNets. The first to house a single compute node or VM, and the second to house the Veeam Backup for Azure Appliance. So , in this first posting I will review the setup of both VNets and the basis for their communtcation to each other (Peering) and to the Storage account to be covered in a later posting.

Let’s get into it!

1st, we started from the indivdual blank Resource Group . From within the resource Group up on the Resource Group Menu Click Add. Next we searched for Virtual Network, which we Selected and clicked Create. This brought us to the the VNet Blade.

  1. From here I asked that they Check their Subscription 

  2. Check your Resource Group

  3. Name (1st Letter of First Name)(First 4 of Last Name)-vnet1  
    Example: Victor Flex would be vflex-vnet1

  4.  Select your Region 

  5. Click Next: IP Addresses

This brings us to the next step in the blade, where I asked the participants to configure an IP Address Space, and setup their Subnet.

  1. Edit the IPv4 address space by replacing existing CIDR address with 10.1.0.0/16 (even if you see this address already) Unless you were first you will see the error message of overlapping address spaces. Ignore this message. 

  2. Add Subnet (1st Letter First Name)(1st 4 Last Name)-Sub1  
    and the Subnet address range of 10.1.0.0/24 

  3. Under Services choose Microsoft.Storage- This configures the connector for access to the Storage Account

  4. Click Add  

  5. Click Review + Create 

  6. If Validation Passes Select Create. Return to your Resource Group through the Azure Portal Menu

After this we added a 2nd VNet. For the purpose of this lab it served as the location of the Veeam backup for Azure applaince. It also lead to the configuration of Peering, which I will cover in the next post.

  1. Edit the IPv4 address space by replacing existing CIDR address with 10.2.0.0/16
    Ignore that error message of overlapping address spaces.

  2. You will also see the message that the Virtual Network doesn’t have any subnets. So click Add subnet. 

  3. Add Subnet (1st Letter First Name)(1st 4 Last Name)-sub2  
    and the Subnet address range of 10.2.0.0/24 

  4. In the Subnet Change Service from the Services Drop Box 

  5. Select Microsoft.Storage 

  6. Click Add  

  7. Click Review + Create 

  8. If Validation Passes Select Create 

  9. Click Review + Create 

  10. If Validation Passes Select Create 

  11. Wait for Deployment to Complete  

Once Deployment is Complete Click Go to resource. This is done either from the Resource Menu, or the Notification drop Menu from the upper left (HINT: it is shaped like a Bell)

Now, by default VNets do not communicate with each other. They are separate IP Spaces fenced off from each other. They do by default offer access to the internet, and thus have some default routes to do so. As we do want connectivity between these VNets, we need to setup the feature called Peering.

What is nice is though it does require some configuration, as Peering is a 2 way street configuring the conenction from a single VNet to another will complete all that is needed, including routing. SInce we jumped right into the 2 VNet we will configure Peering directly form here.

Select Peerings from the left and select Add .

We utilized a specific Naming convention that was provided in a spereadsheet for this lab. Feel free to use something similar or come up with your own naming convention.

  1. 1st Name will indicate the connection from your VNet2 to VNet1.  Ex: iN the Lab was Victor Flex so for this example I used Vflex-vnet2-vflex-vnet1 

  2. Select the 1st VNet 

  3. 1st Name will indicate the connection from your VNet1 to VNet2.  Use your naming convention
                Ex: Victor Flex would use Vflex-vnet1-vflex-vnet2 

  4. Select Ok Return to your Resource Group through the Azure Portal Menu

  5. Validation Passes Select Create 

  6. Return to your Resource Group using the Azure Portal Menu

If you navigatre to the 1st VNet you will see the Peering connection is already set here, as it was all configured in this single step. You also need not configure routing, as it is already setup with this same action.

Now we only enabled the network access settings that conencted VNet 2 to Vnet 1. Leaving the last 2 as disabled. In a future post I will include setup for VNet Peering allowing for acces across a VPN, but for the purpose of this lab we simply needed the 2 Networks to talk to each other.

That concludes the Network portion of this lab. Stay tuned for Storage and Compute. THese components will take advantage of what was setup in the network portion of this lab.