Scribd
Upload
20 views8 pages

Master Cloud

The document describes creating network security groups (NSGs) and rules to allow network traffic to subnets in an Azure virtual network. It creates NSGs for application gateway (nsgApg), web (nsgWeb), business (nsgBusiness), data (nsgData), and Active Directory (nsgADDS) subnets. It then defines ingress rules for each NSG to allow specific traffic to and from the subnets.

Uploaded by

alohamann999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
20 views8 pages

Master Cloud

The document describes creating network security groups (NSGs) and rules to allow network traffic to subnets in an Azure virtual network. It creates NSGs for application gateway (nsgApg), web (nsgWeb), business (nsgBusiness), data (nsgData), and Active Directory (nsgADDS) subnets. It then defines ingress rules for each NSG to allow specific traffic to and from the subnets.

Uploaded by

alohamann999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

$subnetPrefixData = "10.5.3.

0/24"

echo "Creating subnet data"


az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"


az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's


$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --


name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80
echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"


az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"


az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's


$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --


name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389
az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"
--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"


az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"


az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's


$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --


name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"
--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"


az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"


az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's


$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --


name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389cruso
João .
Para:Você
Ter, 01/08/2023 08:25

Trilha 1 - Mastercloud

https://microsoftlearning.github.io/AZ-204-DevelopingSolutionsforMicrosoftAzure/

joao
Devadmin9106

adminjoao
Devadmin@123 -- git

kennethreitz/httpbin:latest

Service Endpoint
Acessar PaaS sem ir para a internet

Private Link
Reduz regras de firewall, link privado do PaaS --> para a VNET

powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools


powershell.exe Remove-Item -Path 'C:\inetpub\wwwroot\iisstart.htm'
powershell.exe Add-Content -Path 'C:\inetpub\wwwroot\iisstart.htm' -Value $
($env:computername)

Ordem criação ambiente:


1. VNET
2. Subnet
3. NSG (Liberar porta 80)
4. VM (Ip publico e privado)
- Rodar Script powershell
5. App-gateway
- Criar Backendpool
6. Criar Webapp com URL publica
- Criar PrivateLink

DefaultEndpointsProtocol=https;AccountName=imgstorjoaocloud;AccountKey=JCAiY2whn68S
QtuynShrZevgyYmn4xk66RVFZI0CnWs1CEpxpHAcAYtwaxdce8u6c6ELEpjWwwxR+AStpTY8ng==;Endpoi
ntSuffix=core.windows.net

az webapp deployment source config-zip --resource-group ManagedPlatform --src


api.zip --name imgstorapijoaocloud

wget https://jornadacloudexpert.blob.core.windows.net/scripts/web.zip

ApiUrl=https://imgstorapijoaocloud.azurewebsites.net

az webapp deployment source config-zip --resource-group ManagedPlatform --src


web.zip --name imgstorjoaoweb

[11:57] Josue Vidal (Convidado)


https://microsoftlearning.github.io/AZ-305-
DesigningMicrosoftAzureInfrastructureSolutions/

[11:57] Josue Vidal (Convidado)


https://microsoftlearning.github.io/AZ-204-DevelopingSolutionsforMicrosoftAzure/

[11:58] Josue Vidal (Convidado)


https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator

o produto
1 - Videos (YOUTUBE / Microsoft Learn) - CONTEUDO
2 - LABs realizar (APRENDE NA PRATICA) - CONCEITO
3 - LER ARTIGO - FIXAR CONHECIMENTO - (MICROSOFT LEARN)
4 - RESUMO - 2x FIXAR CONHECIMENTO
5 - SIMULADOS - VALIDAÇÂO DOS CONHECIMENTOS

$resourceGroup --vnet-name $vNetName

>>Criando subnet Web


$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetWebName = "subnet-web"
$subnetPrefixWeb = "10.5.1.0/24"

echo "Creating subnet Web"


az network vnet subnet create --address-prefix $subnetPrefixWeb --name
$subnetWebName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Business

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetBusinessName = "subnet-business"
$subnetPrefixBusiness = "10.5.2.0/24"

echo "Creating subnet Bussiness"


az network vnet subnet create --address-prefix $subnetPrefixBusiness --name
$subnetBusinessName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Data


$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetDataName = "subnet-data"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name MSSQLRule --access Allow --protocol Tcp --direction Inbound --priority 1001 --
source-address-prefix "10.5.2.0/24" --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 1433

echo "Criando regras para nsgADDS"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgADDS" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

>>>Associar os NSG's às subnets.


$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$subnetNameApg = "subnet-apg"
$subnetWebName = "subnet-web"
$subnetBusinessName = "subnet-business"
$subnetDataName = "subnet-data"
$subnetADDSName = "subnet-adds"
$nsgApg = "nsgApg"
$nsgWeb = "nsgWeb"
$nsgBusiness = "nsgBusiness"
$nsgData = "nsgData"
$nsgADDS = "nsgADDS"

echo "Associando nsgApg ao subnetNameApg"


az network vnet subnet update --vnet-name $vNetName --name $subnetNameApg --
resource-group $resourceGroup --network-security-group $nsgApg

echo "Associando nsgWeb ao subnetWebName"


az network vnet subnet update --vnet-name $vNetName --name $subnetWebName --
resource-group $resourceGroup --network-security-group $nsgWeb

echo "Associando nsgBusiness ao subnetBusinessName"


az network vnet subnet update --vnet-name $vNetName --name $subnetBusinessName --
resource-group $resourceGroup --network-security-group $nsgBusiness

echo "Associando nsgData ao subnetDataName"


az network vnet subnet update --vnet-name $vNetName --name $subnetDataName --
resource-group $resourceGroup --network-security-group $nsgData

echo "Associate nsgADDS ao subnetADDSName"


az network vnet subnet update --vnet-name $vNetName --name $subnetADDSName --
resource-group $resourceGroup --network-security-group $nsgADDS

>> Criar bastion host


$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$publicIpBastionName = "publicIpBastion"
$bastionName = "bastionNTier"

az network public-ip create --resource-group $resourceGroup --name


$publicIpBastionName --sku Standard --location $location

az network bastion create --name $bastionName --public-ip-address


$publicIpBastionName --resource-group $resourceGroup --vnet-name $vNetName --
location $location

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy