Skip to main content

Build a Company in Azure (in ONE day!)


What do we want? The Azure Fundamentals Cert by February!
When do we want it? By Feb! Just said it, pay attention!


A very helpful guide by Daniel Baker (AzureDan).

You need a subscription (or trial) to make a resource group. But you can make a Markdown without it!

Markdown: The fancy image on the Dashboard.

Let's go!




Here is my Resource Group;



I poked around in the Policy section for a time.

Other things we're going to fill out here include:

  • Networking & Gateways
  • VMs
  • Containers
  • Authentication and Identity
  • Storage
  • DevTest Labs
  • Backup Solutions
Some things may need more than a free trial + 200$ credit can give, but that's what's happening in the video, or need mounted storage I don't have available right now. Situation may vary.

Virtual Network(ing and Gateways) in Azure

Enter your resource group, hit 'Add', search what you want (Here, a Virtual Network), fill  out the information, and there you go. Also helps to go back into the resource to the deployment, and pin it to the dashboard.

Let's make some Subnets!

The Gateway Subnet routes things through the Azure Cloud.

 You'll need to go into the Marketplace and get 'Virtual Machine Gateway' app. Remember to check the region you're working in!

There are certificates made an installed. I wonder if that process could be automated somehow. Would it be safe?

Domain Controller

In making a template, there is a script given, that outlines the template rules, parameters (names, network), variables (with values), and resources (objects to deploy).

When the template is made, it can be deployed.

Visual Studio

As I can't seem to find a Visual Studio Community 2017 Version, let's hit a random thing and roll with it.


See, it's in our Development subnet in our 31vNet Virtual Network.

Here it is, and all the stats:


And here's the Networking page, that shows our public and private IPv4 addresses.

You can also click the Update Management in the left hand panel to keep your VM up to date. It's our responsibility!



It takes some time to be enabled. When it's ready, you can see where we're failing at security wise. Meanwhile, I had to troubleshoot the actual Update Agent.

It's like when Task Manager is not responding.

I can at least walk through scheduling an update deployment. We can schedule a time, and what updates are to be included (None here).

There is the Inventory tab on this VM. It basically is tracking registry, file changes, and services to monitor baselines.

The Metrics options tracks the performance of a VM and lists the results in a very GUI, chart-happy kind of way.

The Adviser tab offers us a (probably AI) guide to offer suggestions to improve performance on our resources and be reasonable with our spending.




Resource health watches your resource and tells you if it's running as expected. 




A very cool option iunder Support + troubleshooting is Boot diagnostics, to see if there are any potential issues with booting up the VM, and the option to reset the password to the built-in admin account. Snazzy! You can also redploy your VM to a new Azure host.


Next, let's deploy a CentOS system through the command Line 

Authentication 

I'm tossing in this video as well: While it has no affiliation with the one at the top of the page...I was prepared to make another post about this until I remembered "Oh yes, already did some AzAD stuff!"



 Directory Services & Domain Controllers. 

Select Azure Active Directory from the Services group.


A new user is made; If we had a group, we could put her there, but let's not let that stop us!




Paola Zallegortio is not a real person. To my knowledge.

We can go to the groups section  and make an Accounting group for Ms. Zallegortio to join.


I can create or invite a user to join, and stick them in the made group;

 See the box? The group itself doesn't show, but he's in the Accounting group with Paola. You could probably put a user in more than one group, but then you get caught up in thorny stuff, like permissions creep.

 We can establish single sign-on for a user. Let's try with Twitter - 

Default Directory > Enterprise applications - all applications > Categories > add an application > Twitter. When Twitter is installed (click 'add'), this is what you get;



 Select single sign-on, hit password based (or whatever makes sense for you,) and hit save at the resulting screen. When you go to Users and Groups, you can now add a user to the Twitter, SSO group.

DevTest Labs

Visit a resource in the Resource Groups tab, 'new', and install DevTest Labs from the Marketplace after searching.



You can add VMs to your testing labs - There's a lot of options.


 Also includes Ubuntu in Kubernetes Containers.

I've also allowed the sizes for VMs that our developers can work with under Configurations and Policies > Allowed Virtual Machine Sizes.

I set the sizes, now time for the actual amount of VMs that are allowed to be spun up; I'll go with 2.




Under Configurations and Policies - Virtual Network, our test enviroment has already been set up in our dtlbacaid-devtestlab network, though we could go back to the Virtual Network pane and make a new one for it to inhabit if we wish. In fact, I think I will.



I don't know why the name doesn't show up in the 'Your deployment is complete' panel.

Marketplace images are "Hey, what .isos should your devs be allowed to download?" I selected Cent OS and Server 2012 R2. When you go to 'Formulas (reuseable base), those are the only options):

 A while back, I made a comment that Azure had a lot less silly names than AWS, so one didn't have to Google (or Bing, as the case may be) to find out what they were working with.

I take that back; In order to have programs pre-installed on a base you spin up, you have to add them on...and they're called Artifacts.


These are just plans, blueprints, so you don't waste time finangling around a GUI trying to get things set up. Nice idea. Odd name.

Azure Backups

Under your virtual machine, look to the left. Operations > Disaster Recovery. Make sure it's in the correct region.



You see a cache storage account setting, it's used before a source VM is replicated to the target. It will be made when this is deployed.

You can only set protections in one region;


The virtual machine 'kearosan' couldn't be protected to the region 'West US' as it is already protected to the region 'East US 2'.

 If you click the 'Failed' Hyperlink, that's the error that pops up, along with possible causes, recommendations, and Error ID.

Something did get backed up:


"Success - Task Failed."
 WebApps!


As a reminder, here is our Dashboard now;




I made a new resource group and pulled up the Web App service in the Marketplace to install.


Of interesting note is the Application Monitoring selection of my apps, network, and infrastructure. It's not available with my plan. 



 It took some time to deploy it because it simply did not like the settings in the region I was trying to put it in. It worked in West Europe but not West US. Interesting. 

I think I took a different turn somewhere. But I can at least show you something in this App Service:




Here are some application settings: Set rule for when data can be moved. With this set up, data will be stored and moved while encrypted.


Security and Monitoring Your Azure Cloud

 "Is the cloud safe?"

Let's be honest, attacks are growing more sophisticated, and end users just want things to work, and aren't concerned about security. Nothing personal - You have other things to do. Leave it to a cloud service to have multiple security options in place to protect your data they have stored. After all, it's Microsoft. They've been at this for quite a while. I think they know how to store data.

Onto the final lesson. 







It's a little scant looking.

Clicking Recommendations give a page with suggestions about how to have more secure resources. There's even an option to include your own custom policies. With AI, it probably knows what your policies intend to do, and know how to warn against things that may break them. Very neat.

Let's look at the suggestion for Compute:


'Web application should only be accessible from over HTTPS!'

You're right.

'Quick Fix' takes us to another screen, where you essentially scroll down and hit it again.


Another window pops up, explaining why this is beneficial. I appreciate the lesson, but let's actually implement it.

With the final click, the remediation is successful, and it will take a few minutes to update to a Healthy Resource in our Security Center.

There's far more to do with Azure (And in Security Center that I did not outline), and this is a little beyond the scope of AZ-900, but it was great to get a comprehensive, hands-on look at the service.

If you have any AZ-900 resources, feel free to comment.



FOR EMPLOYERS: It's learning.

Comments

Popular posts from this blog

What Do You Need? [AKA; List of Offered Services] (2020)

I am a remote consultant.   I enjoy having the flexibility to take on temporary projects from time to time! I start at part-time, temp work for now. If we like each other, we can renegotiate. If anything sounds weird, out there, or unusual - Feel free to e-mail me . Doesn't have to be tech-related. I just have to find it interesting and flexible. Services Offered Writing about tech [ Example Job Description , 2 , 3 ]      You want to pay me to write more of *waves hand* this blog? I am game .   Email Marketing Specialist [ Example Job Description ]       I write B2C e-mails going out to over 280 people weekly.   Technical Analyst [ Example Job Description ]      Let me find out what works and what doesn't for your internal software.    IT Operations Tech [ Example Job Description ]     Hardware and SaaS support.  Web Support [ Example Job Description ]      I help you with adjustments in HTML, CSS, and Javascript. Text-based support [ Example Description ].           Wh

Azure Networking Options - Core Cloud Services

I have done a lot of AWS things on here. Time to give Azure some attention. After all, since employers don't think Cisco or COMPTIA certifications are important, maybe Microsoft ones are? First, let's really think about why these are the two biggest cloud services providers in the world: They've been doing internet things for a long time. Amazon launched in 1995 , a virtual bookstore. Microsoft, well, you know.  They've lived, breathed, and frankly, created, infrastructure that we use today, that they're selling to us today. Of course the Store of Everything and the Company of Everything would encourage us to put everything in their hands. Also: Azure has a lot less silly names for modules. Important. I appreciate straightforwardness. I said 'a lot less', not '100% sensible names' Microsoft has a clear set of Azure Fundamentals that anyone can interact with. Let's talk about networking basics, basically to say, again, &quo

Portfolio of UX/Product Feedback {Updated: November 20 2020}

Have You Looked at Your Webpage From the Customer's View Lately? You have probably been linked here from a form or my resume. If you have any questions about what I'm looking for in a role, click here .   This post is not to shame, but to point out errors and hopefully make my talent for finding and documenting such mistakes clear to someone hiring. Contents: Instances where I offer constructive feedback on someone's website, logo, or app. Actions that were taken by the developers or artists.  I'm glad you want your webpages to be the best they can be with my help; If you need your sites audited, e-mail me . Latest Update -  November 20th, 2020.