Skip to main content

Build a Company in Azure (in ONE day!)

What do we want? The Azure Fundamentals Cert by February!
When do we want it? By Feb! Just said it, pay attention!

A very helpful guide by Daniel Baker (AzureDan).

You need a subscription (or trial) to make a resource group. But you can make a Markdown without it!

Markdown: The fancy image on the Dashboard.

Let's go!

Here is my Resource Group;

I poked around in the Policy section for a time.

Other things we're going to fill out here include:

  • Networking & Gateways
  • VMs
  • Containers
  • Authentication and Identity
  • Storage
  • DevTest Labs
  • Backup Solutions
Some things may need more than a free trial + 200$ credit can give, but that's what's happening in the video, or need mounted storage I don't have available right now. Situation may vary.

Virtual Network(ing and Gateways) in Azure

Enter your resource group, hit 'Add', search what you want (Here, a Virtual Network), fill  out the information, and there you go. Also helps to go back into the resource to the deployment, and pin it to the dashboard.

Let's make some Subnets!

The Gateway Subnet routes things through the Azure Cloud.

 You'll need to go into the Marketplace and get 'Virtual Machine Gateway' app. Remember to check the region you're working in!

There are certificates made an installed. I wonder if that process could be automated somehow. Would it be safe?

Domain Controller

In making a template, there is a script given, that outlines the template rules, parameters (names, network), variables (with values), and resources (objects to deploy).

When the template is made, it can be deployed.

Visual Studio

As I can't seem to find a Visual Studio Community 2017 Version, let's hit a random thing and roll with it.

See, it's in our Development subnet in our 31vNet Virtual Network.

Here it is, and all the stats:

And here's the Networking page, that shows our public and private IPv4 addresses.

You can also click the Update Management in the left hand panel to keep your VM up to date. It's our responsibility!

It takes some time to be enabled. When it's ready, you can see where we're failing at security wise. Meanwhile, I had to troubleshoot the actual Update Agent.

It's like when Task Manager is not responding.

I can at least walk through scheduling an update deployment. We can schedule a time, and what updates are to be included (None here).

There is the Inventory tab on this VM. It basically is tracking registry, file changes, and services to monitor baselines.

The Metrics options tracks the performance of a VM and lists the results in a very GUI, chart-happy kind of way.

The Adviser tab offers us a (probably AI) guide to offer suggestions to improve performance on our resources and be reasonable with our spending.

Resource health watches your resource and tells you if it's running as expected. 

A very cool option iunder Support + troubleshooting is Boot diagnostics, to see if there are any potential issues with booting up the VM, and the option to reset the password to the built-in admin account. Snazzy! You can also redploy your VM to a new Azure host.

Next, let's deploy a CentOS system through the command Line 


I'm tossing in this video as well: While it has no affiliation with the one at the top of the page...I was prepared to make another post about this until I remembered "Oh yes, already did some AzAD stuff!"

 Directory Services & Domain Controllers. 

Select Azure Active Directory from the Services group.

A new user is made; If we had a group, we could put her there, but let's not let that stop us!

Paola Zallegortio is not a real person. To my knowledge.

We can go to the groups section  and make an Accounting group for Ms. Zallegortio to join.

I can create or invite a user to join, and stick them in the made group;

 See the box? The group itself doesn't show, but he's in the Accounting group with Paola. You could probably put a user in more than one group, but then you get caught up in thorny stuff, like permissions creep.

 We can establish single sign-on for a user. Let's try with Twitter - 

Default Directory > Enterprise applications - all applications > Categories > add an application > Twitter. When Twitter is installed (click 'add'), this is what you get;

 Select single sign-on, hit password based (or whatever makes sense for you,) and hit save at the resulting screen. When you go to Users and Groups, you can now add a user to the Twitter, SSO group.

DevTest Labs

Visit a resource in the Resource Groups tab, 'new', and install DevTest Labs from the Marketplace after searching.

You can add VMs to your testing labs - There's a lot of options.

 Also includes Ubuntu in Kubernetes Containers.

I've also allowed the sizes for VMs that our developers can work with under Configurations and Policies > Allowed Virtual Machine Sizes.

I set the sizes, now time for the actual amount of VMs that are allowed to be spun up; I'll go with 2.

Under Configurations and Policies - Virtual Network, our test enviroment has already been set up in our dtlbacaid-devtestlab network, though we could go back to the Virtual Network pane and make a new one for it to inhabit if we wish. In fact, I think I will.

I don't know why the name doesn't show up in the 'Your deployment is complete' panel.

Marketplace images are "Hey, what .isos should your devs be allowed to download?" I selected Cent OS and Server 2012 R2. When you go to 'Formulas (reuseable base), those are the only options):

 A while back, I made a comment that Azure had a lot less silly names than AWS, so one didn't have to Google (or Bing, as the case may be) to find out what they were working with.

I take that back; In order to have programs pre-installed on a base you spin up, you have to add them on...and they're called Artifacts.

These are just plans, blueprints, so you don't waste time finangling around a GUI trying to get things set up. Nice idea. Odd name.

Azure Backups

Under your virtual machine, look to the left. Operations > Disaster Recovery. Make sure it's in the correct region.

You see a cache storage account setting, it's used before a source VM is replicated to the target. It will be made when this is deployed.

You can only set protections in one region;

The virtual machine 'kearosan' couldn't be protected to the region 'West US' as it is already protected to the region 'East US 2'.

 If you click the 'Failed' Hyperlink, that's the error that pops up, along with possible causes, recommendations, and Error ID.

Something did get backed up:

"Success - Task Failed."

As a reminder, here is our Dashboard now;

I made a new resource group and pulled up the Web App service in the Marketplace to install.

Of interesting note is the Application Monitoring selection of my apps, network, and infrastructure. It's not available with my plan. 

 It took some time to deploy it because it simply did not like the settings in the region I was trying to put it in. It worked in West Europe but not West US. Interesting. 

I think I took a different turn somewhere. But I can at least show you something in this App Service:

Here are some application settings: Set rule for when data can be moved. With this set up, data will be stored and moved while encrypted.

Security and Monitoring Your Azure Cloud

 "Is the cloud safe?"

Let's be honest, attacks are growing more sophisticated, and end users just want things to work, and aren't concerned about security. Nothing personal - You have other things to do. Leave it to a cloud service to have multiple security options in place to protect your data they have stored. After all, it's Microsoft. They've been at this for quite a while. I think they know how to store data.

Onto the final lesson. 

It's a little scant looking.

Clicking Recommendations give a page with suggestions about how to have more secure resources. There's even an option to include your own custom policies. With AI, it probably knows what your policies intend to do, and know how to warn against things that may break them. Very neat.

Let's look at the suggestion for Compute:

'Web application should only be accessible from over HTTPS!'

You're right.

'Quick Fix' takes us to another screen, where you essentially scroll down and hit it again.

Another window pops up, explaining why this is beneficial. I appreciate the lesson, but let's actually implement it.

With the final click, the remediation is successful, and it will take a few minutes to update to a Healthy Resource in our Security Center.

There's far more to do with Azure (And in Security Center that I did not outline), and this is a little beyond the scope of AZ-900, but it was great to get a comprehensive, hands-on look at the service.

If you have any AZ-900 resources, feel free to comment.

FOR EMPLOYERS: It's learning.


Popular posts from this blog

Connecting IoT Devices to a Registration Server (Packet Tracer, Cisco)

In Packet Tracer, a demo software made by Cisco Systems. It certainly has changed a lot since 2016. It's almost an Olympic feat to even get started with it now, but it does look snazzy. This is for the new CCNA, that integrates, among other things, IoT and Automation, which I've worked on here before. Instructions here . I don't know if this is an aspect of "Let's make sure people are paying attention and not simply following blindly", or an oversight - The instructions indicate a Meraki Server, when a regular one is the working option here. I have to enable the IoT service on this server. Also, we assign the server an IPv4 address from a DHCP pool instead of giving it a static one. For something that handles our IoT business, perhaps that's safer; Getting a new IPv4 address every week or so is a minimal step against an intruder, but it is a step. There are no devices associated with this new server; In an earlier lab (not shown), I attached them to 'H

What Do You Need? [AKA; List of Offered Services / My Next Role] (2020)

UPDATED 2021 I am a trusted outsourced remote consultant for your company.   I enjoy having the flexibility to take on temporary projects from time to time! I start at part-time, temp work for now. If we like each other, we can renegotiate. If anything sounds weird, out there, or unusual - Feel free to e-mail me , because I probably think it's awesome. 3 Services Offered Technical: Cloud Technician     Azure [ See tag ] Subcategories: Infrastructure As Code (Specifically Terraform/Azure and CloudFormation/AWS ) Azure Networking I really like the Azure space, and will continue down that path.  Support [Web: Example Job Description ] [Text : Example Description ]     I help you with adjustments in HTML, CSS, and Javascript.     When you email a business a question and they answer? That's me.   Auditing :  Something doesn't work on your page or in your app. I can find it. [ Here ] [ Example Job Description ]   I really enjoy testing apps and webpage concepts! I have an

Using Terraform and AWS Cloud9

Wanted to try Cloud9 but didn't feel like making an EC2 instance in the GUI. So I made a Terraform file instead, remade a default VPC, and it took 20 minutes of troubleshooting. #AWS — Morgan (@runtcpip) February 1, 2022     👉🏾 Find the Notion page of this post here , if it's easier for you. It certainly looks nicer!   Setup: An EC2 instance A reference to the default VPC, which I had to remake, as I had deleted mine.    Downloading Terraform into Cloud9: Instructions here . Done and Done. Now, How About Using It? The kicker (or blessing) is that Cloud9 doesn't auto save, like I’ve set my VSCode up to do. Had to do a lot of manual saving, but it wasn’t a struggle. The lock file is created, but I don't see it in my file system to the left until resources have been pushed, so I made a simple bucket to try it out. Because this instance is attached to my AWS account, I suppose anything I make within this will be as well. Let's see! Does Every Terraform Command