Azure is a public cloud computing platform. Azure can be used for many purposes, such as analytics, virtual computing, and networking. In particular, Azure provides a powerful tool for creating virtual networks. As a network or system administrator, you can control your virtual machines' security using application security groups. Application security groups are groups of users using a given set of applications. They sort VMs according to what applications are run on the VM and blocks VM access to users not using those applications.
Azure application security groups contain rules that control access to Azure assets. In essence, they allow users access to VMs based on the applications they use, rather than by IP address. Application security groups can be managed at the application level, making creating and maintaining an application security group a simple task.
To effectively manage Azure VMs, you need to understand application security groups in the Azure portal. This virtual lab will give you hands-on experience creating an Azure application security group, making you more comfortable working on the Azure platform.
Understand the scenario: You are a system administrator for a company that is migrating its web services from its data center to Azure. You need to create and deploy an Azure virtual machine as a web server using application security groups as a proof of concept.
Understand the environment: You are using a pre-configured Azure resource group.
Create a virtual network for a web server tier:
The first step in this challenge is to create a virtual web server. You will:
- Sign in to the Azure portal.
- Create a virtual network.
- Configure the virtual network IP address and subnet.
Create an application security group and associated network security group:
In the next step, you will create an application security group and associate it with a network security group. You will:
- Create an application security group.
- Create a network security group.
- Add inbound security rules to the network security group.
- Associate the network security group with the virtual network.
Create an Azure virtual machine and test the application security:
For the final step of this virtual lab, you will test the security of the application security group. You will deploy an Azure virtual machine and associate the application security group with it.
Azure application security groups provide an easy to configure yet powerful security tool for keeping your Azure VMs safe. Application security groups allow systems administrators to group VMs by applications rather than IP addresses. These groups provide a means for securing VM access based on the applications run on the VMs and provides a convenient method for grouping users and Azure assets.
In the "Create and Configure Application Security Groups" virtual lab, you will accomplish the following:
- Create an Azure virtual network.
- Create an Azure application security group.
- Create an Azure network security group.
- Create an Azure virtual machine to test your security group.
Other Challenges in this series:
- GUIDED CHALLENGE: Configure Azure Disk Encryption
- ADVANCED CHALLENGE: Can you harden virtual machines in Azure?