PRACTICAL MANUAL

ON
VIRTUALISATION AND CLOUD
COMPUTING IN MICROSOFT AZURE

By
Katabalwa John Vianney
Bsc.AIT, Semester IV
012220073

2024

FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY

INTERNATIONAL BUSINESS SCIENCE AND TECHNOLOGY UNIVERSITY
Plot 11A, Rotary Avenue, Lugogo Bypass, Kololo, Kampala, Uganda
 List of Activities

1 Introduction to Azure Portal

2 Creating and Managing Virtual Machines

3 Implementing Azure Storage

4 Implementing Azure Virtual Networks

5 Implementing Azure Load balancer with an Availability set

6 Azure Security Best Practices

7 Monitoring Azure Resources

8 Azure Support
Tools used for the Lab activities:

1) Windows Operating System: Default PC operating system for the lab activities.

2) Microsoft Edge: Web / Internet browser (client) to access and interact with the Azure cloud
platform. Internet connection is required here.

3) Microsoft Azure: Cloud computing platform from Microsoft as the Cloud Service Provider
(CSP).

4) Azure user account (ilanjv40@gmail.com): Microsoft Azure account created under the “Start
for Free” subscription.

Screen shot of the Azure welcome page under my user account “ilanjv40@gmail.com”:
Activity 1: Introduction to Azure:

• Exploring the Azure Portal interface, Azure services and Market place
• Understanding Azure resources group
• Managing Subscription and access control

Step 1: Sign into the Azure Portal and explore the interface as below:
1. Open the web browser and go to the Azure Portal at https://portal.azure.com.
2. Sign in with your user account to view the Azure Portal Home page.
3. While in the Home page, explore the different sections and icons in the portal interface such
as: the search bar, the left-hand menu for accessing the various Azure services and
resources, Navigation section, Tools section and Useful links section.
Step 2.1: Understanding Azure Resource Groups:
• Resource groups are used to organize and manage Azure resources under a given
subscription. This ensures that single individual resources are not scattered.
• Azure resources are the services (IaaS, PaaS) in the cloud. These are sourced from the Azure
Resource Providers managed under the Azure Resource Manager (ARM) Model.
• Any single Resource must be part of a Resource group, and any Resource group must be a
single standalone Resource group.

Step 2.2: Creating Azure Resource Groups:

1. Click on "Resource groups" in the left-hand menu.
2. In the Resource groups page, you'll see a list of existing resource groups (if any).
3. Create a new resource group by clicking the "+ Create" button.
4. Under Section “Basics”: assign meaningful name and location.
5. Proceed to select “Review + Create”, and select “Create” in the bottom left corner.
6. For this practical, the Resource group “ilan1” is created as below.
Step 3: Managing Subscriptions and Access Control.
• Subscriptions are containers for the assigned resources plus the related operations of the
resources.
• Subscriptions can be numerous but each has a quota plus a limitation in line with the on-
demand self service.

1. To review the assigned subscriptions, click on "Subscriptions" under Azure services section.
2. In the Subscriptions page, a list of your Azure subscriptions is displayed.
3. Click or select the subscription of interest to explore the related details such as the type,
status, billing, resource usage and Access control.
4. Click on "Access control (IAM)" to manage access to your subscription.
5. You can add users, assign roles, and set permissions for various Azure services and resources
within your subscription.

Step 4: Exploring all Azure Services.

1. To view all services, click on "More Services" under Azure services section. The
comprehensive list of Azure services grouped by categories is displayed.
2. Explore the different categories and related services to get an overview of what Azure
offers.
Activity 2: Creating and Managing Virtual Machines.

• Creating virtual machines (VM) using Azure Portal

• Connecting to VMs using Remote Desktop Protocol (RDP)
• Install web server - Microsoft Internet Information Services (IIS)

Step 1: Creating a virtual machine (VM):

1. Access the Virtual Machines Service in the left-hand side menu or under Azure services
section.
2. Click on the "Create” button and select the option “Azure virtual machine” to start creating
a new virtual machine.
3. Proceed to configure the created VM.

VM Configurations by tab:
• Basics tab: Provide the required or relevant basic information by below category:
1. Project details: The subscription, Resource group.
2. Instance details: Virtual machine name, image (picked windows server 2019 Datacenter),
and Size.
3. Administrator Account: username, password (note the required formats).
4. Inbound port rules: Public inbound ports (Allow selected ports), Select inbound ports (HTTP
(80), RDP (339)).

• Review other configurations under the below tabs. Preferably maintain the default settings.
1. Disks Tab: Storage settings, including OS disk type and size.
2. Networking Tab: networking settings, virtual network, subnet, and public IP.
3. Management Tab: Set up options like boot diagnostics and monitoring.
4. Monitoring Tab: Set up other monitoring options.
5. Advanced Tab: Set up other advanced options.
6. Tags Tab: Set up tagging options to enable meta-data resource sharing.

• Then proceed to select the button “Review + Create” to validate the configurations. The
notification “Validation passed” will be displayed once the validation is successful.

• Proceed to select the “Create” button to create and deploy the virtual machine. Azure will
start provisioning the resources. You can monitor the deployment progress in the Azure
Portal (It may take a few minutes depending on the internet speed).
Step 2: Connecting to or accessing the virtual machine (VM):
• Once the VM is created, you can access it through RDP using the credentials you provided
during the configuration setup for the “Administrator Account”.

• Connection process using RDP (Remote Desktop Connection) for windows:

1. Under your Resources section, select the VM created.
2. On the overview page of the VM, select “Connect” and proceed to pick “Native RDP”.
3. Select the “Download RDP file” to download the RDP file.
4. Open the RDP file and follow the windows security connection prompts.
5. Provide the password supplied during the creation of the VM and accept to connect (Yes).
Step3: Install the web server Microsoft Internet Information Services (IIS) following the below:

1. Open the RDP file and follow the windows security connection prompts.
2. Provide the password supplied during the creation of the VM and accept to connect (Yes).
3. In the VM server page or log-in, open the PowerShell prompt: Go to Windows start button,
then select PowerShell in the pop window.
4. Run the command “Install-WindowsFeature -name Web-Server -IncludeManagementTools”
5. Close the RDP connection to the VM following successful installation / confirmation.
6. Return to the Azure Portal, go to the VM resource page and copy the VM IP address: hover
over the VM IP address to show the “copy to clipboard” and click to copy the IP address.
7. Paste the IP address into the web browser to display the default web server page hosted by
the VM.
Activity 3: Creating and configuring Azure Storage accounts.

• To create a new storage account, we follow the below steps:

1. Access the “Storage Accounts” Service in the left-hand side menu or under Azure services
section.
2. Click the "Create" button.

Storage Configurations by tab:

• Basics tab: Provide the required or relevant basic information by below category:
1. Project details: The subscription, Resource group.
2. Instance details: Storage account name, region (location).
3. Performance: Select the performance type (Standard or Premium).
4. Account kind: Choose between StorageV2 (general purpose) or Blob Storage (optimized for
blob storage).
5. Replication: Choose replication options for data redundancy.

• Review other configurations under the respective tabs. Preferably maintain the default
settings.
• Then proceed to select the button “Review + Create” to validate the configurations.
• Proceed to select the “Create” button to create and deploy the Storage account. You can
monitor the deployment progress in the Azure Portal (It may take less than a minute).
 By accessing the created Storage Account, we can create the below types of redundant
storages within the Storage Account:
1. Blob (binary large object) storage: Blobs are basically files like those stored on PCs (or tablet,
mobile device, etc.). They can be pictures, Microsoft Excel files, HTML files, virtual hard disks
(VHDs), that is, pretty much anything.
2. File storage: For setting up highly available network file shares that can be accessed by using
the standard Server Message Block (SMB) protocol.
3. Table storage: For scalable NoSQL data storage that enables you to store large volumes of
semi-structured, nonrelational data.
4. Queue storage: For storing and retrieving messages such as system logs.
Activity 4: Implementing Azure Virtual Networks (VNet):

• Azure Virtual networks (VNets) provide private connectivity for Azure Virtual Machines
(Azure VMs) and some Azure services. VMs and services that are part of the same virtual
network (Network Security Group (NSG)) can access one another.
• By default, services outside the virtual network cannot connect to services within the virtual
network. You can, however, configure the network to allow access to the external service.
• To put VMs into a virtual network, you first create the virtual network and then as you
create each VM, you assign it to the virtual network and subnet. VMs acquire their network
settings during deployment or startup.

• To create a Virtual Network, we follow the below steps:

1. Access the “Virtual Networks” Service in the left-hand side menu or under Azure services
section.
2. Click the "Create" button.

VNet Configurations by tab:

• Basics tab: Provide the required or relevant basic information by below category:
1. Project details: The subscription, Resource group.
2. Instance details: VNet name, region (location).

• Review other configurations under the below tabs. Preferably maintain the default settings:
1. Security tab: VNet encryption, firewall setup, and others.
2. IP addresses: Subnet setup.

• Then proceed to select the tab “Review + Create” to validate the configurations.
• Proceed to select the “Create” button to create and deploy the VNet. You can monitor the
deployment progress in the Azure Portal. It may take less than a minute.
By accessing the created VNet, we can configure or setup other network properties such as:
Firewalls, Network security groups, subnets and other preferred layouts and access controls.
Activity 5: Implementing Azure Load Balancer with an Availability Set.

An availability set is a group of virtual machines that are deployed across fault domains and
update domains. Availability sets ensure that your application is not affected by single
points of failure, like the network switch or the power unit of a rack of servers.

• Each virtual machine is assigned an update domain and a fault domain:

1. Update domains define the group of VMs that can be updated and restarted at the same
period. During planned maintenance, only one update domain is rebooted at a time. By
default, there are 5 update domains and you can configure up to 20 update domains.
2. Fault domain define a group of VMs that share a common set of hardware, network
switches and power source. VMs in an availability set are placed in at least two fault
domains.

Microsoft recommends combing the Azure Load balancer with an availability set to get the
most application resilience.

The Azure Load Balancer enables you to distribute incoming traffic across the collections of
VMs in an Availability set in a round robin manner. It automatically removes un-healthy VMs
from rotation so that they are not routed traffic when they are unavailable.
• You can create a virtual machine and assign it to an Availability set during the deployment of
the VM. Alternatively, you create an availability set and then add VMs to it.

For this practical activity, we proceed to implement the Load balancer as below:
1. Create an Availability set under an existing Resource Group.
2. Create 2 VMs (Windows Server) and assign them to the Availability set during deployment.
3. Lastly, setup a Load Balancer with the Availability set.

Step1: Create an Availability Set under an existing Resource Group:

1. On the upper-left side of the Azure Portal, click on Create a resource.
2. In the search bar for resources, type “availability” and select Availability Set.
3. On the Availability Set page, click on Create button.
4. Proceed with the below configurations by tab:
• Basics tab: Provide the required or relevant basic information by below category:
a. Project details: The subscription, Resource group (already created as above “ilan1”).
b. Instance details: name, region (location), use managed disks (select Yes (Aligned)).

• Review other configurations under the tabs “Advanced” and “Tags”. Preferably maintain
the default settings.
• Then proceed to select the button “Review + Create” to validate the configurations.

5. Proceed to select the “Create” button to create and deploy the Availability Set. You can
monitor the deployment progress in the Azure Portal (It may take less than a minute).
6. Go to All resources, select on newly created Availability Set name and verify the Fault
domains (2) and Update domains (5).

The below screen shots describe the above procedure under Step1:
Step 2: Create 2 VMs and assign them to the created Availability set:
Creating VM resource. This is discussed above under “Activity 2: Creating and Managing
Virtual Machines”. However, under this Activity 5, ensure to create the VMs with the below
“Availability options” under the “Instance” category:
1. Availability options: Drop down and select “Availability Set”.
2. Availability Set: Drop down and select the name of the Availability set created in step1
above.
 The below screen shots describe the above procedure under Step2:

➢ Creating first VM:

➢ Creating second VM:
➢ Availability Set with the above 2 VMs (status = Running) added:

Step3: Setting up the Azure Load Balancer:

• Azure load balancer distributes incoming traffic among healthy virtual machine instances.
They use a hash-based distribution algorithm. By default, it uses a 5-tuple (source IP, source
port, destination IP, destination port, protocol type) hash to map traffic to available servers.

• Azure load balancers can either be internet-facing (accessible via public IP addresses) or
internal (accessible from a virtual network). Azure load balancers also support Network
Address Translation (NAT) to route traffic between public and private IP addresses.

• Azure load balancers can be configured to:

1. Load balance incoming traffic across your virtual machines.
2. Forward traffic to and from a specific virtual machine using NAT rules.

Procedure to create Azure load balancer:

1. On the upper-left side of the Azure Portal, click on Create a resource.
2. In the search bar for resources, type “load balancer” and select the “create” button.
3. Proceed to the “Create Load balancer” page, and continue with the below configurations by
tab:
• Basics tab: Provide the required or relevant basic information by below category:
a. Project details: Subscription (as per your subscription), Resource group (as already
created).
b. Instance details: Name (your choice), Region (your compatible choice), SKU (Leave the
default Standard), Type (Select Internal), Tier (Leave the default of Regional).

• Frontend IP configuration tab: Here, select “+ Add a frontend IP configuration”, then

enter or select the following information:
a. Page1: Name (), Private IP address version (Select IPv4 or IPv6 depending on your
requirements).
b. Page2: Name (), Virtual network (), Subnet (), Assignment (Select Dynamic), Availability
zone (Select Zone-redundant). Then Select Add.
 • Backend pools tab: Here, select “+ Add a backend pool”, then enter or select the
following information: Name (), Virtual network (Select IP Address for Backend Pool
Configuration). Then Select Save.

• Inbound rules tab: Provide the required or relevant basic information by below window
/ page and corresponding category:
a. Page1: In Load balancing rule, select “+ Add a load balancing rule”.
b. Page2: In Add load balancing rule, enter or select the following information:
➢ Name: your choice for rule name
➢ IP Version: Select IPv4 or IPv6 depending on your requirements
➢ Frontend IP address: Already created - Select as appropriate
➢ Backend pool: Already created - Select as appropriate
➢ Protocol: Select TCP
➢ Port: Enter 80
➢ Backend port: Enter 80
➢ Health probe: Select Create new.
1) In Name, enter lb-health-probe.
2) Select TCP in Protocol.
3) Leave the rest of the defaults, and select OK.
➢ Session persistence: Select None.
➢ Idle timeout (minutes): Enter or select 15.
➢ Enable TCP reset: Select checkbox.
➢ Enable Floating IP: Leave the default of unselected
➢ Finally, Select Save.

• Review other configurations under the tabs “Outbound rules” and “Tags”. Preferably
maintain the default settings.

4. Proceed to select the tab or button “Review + Create” to validate the configurations.
5. Proceed to select the “Create” button to create and deploy the Load balancer. You can
monitor the deployment progress in the Azure Portal.
6. Go to “All resources”, select on newly created Load balancer name and verify the settings.

The below screen shots describe the above procedure under Step3:
➢ Configuration for Inbound rules:

➢ Load Balancer created:

Activity 6: Azure Security Best Practices - Securing Azure resources with Role-Based Access
Control (RBAC).

• Role Based Access policy can be implemented at:

1. Resource Group level: Refer to the side menu “Access Control (IAM)” under the respective
Resource group overview page. Select the Resource group and follow the prompts.

2. Resource level: Refer to the side menu “Access Control (IAM)” under the respective
Resource overview page. Select the Resource and follow the prompts.

3. Subscription level – Discussed above under “Managing Subscriptions and Access Control”.

Activity 7: Monitoring Azure Resources.

• The below key services are available under the “Monitor” service in the left-hand side menu.
1. Setting up Azure Monitor for resource monitoring.
2. Creating and customizing alerts for resource health and performance.
3. Analysing resource logs and metrics.
4. Using Azure Log Analytics for advanced monitoring and querying.
Activity 8: Azure Support.

• The below key services can be accessed under the “Help + support” service in the left-hand
side menu.

1. Exploring Azure Support Plans and Tiers: Azure offers various support plans with different
levels of support, including Basic, Developer, Standard, and Professional Direct.

2. Initiating and managing support requests: you can create and manage support requests,
chat with a Microsoft support representative, or access support resources. Follow the
prompts to create a new support request, providing details about your issue.