Configure Network Security Groups (NSGs) to allow Application and Database Traffic
This Configure Network Security Groups (NSGs) to allow Application and Database Traffic IT Pro Challenge helps learners understand NSG rules, how to create Azure virtual networks and use virtual network peering to connect those networks.
In this Configure Network Security Groups (NSGs) to allow Application and Database Traffic IT Pro Challenge, learners will understand how to create inbound traffic rules for NSGs, create Azure virtual networks with subnets and connect them through virtual network peering, deploy Azure virtual machines for a multi-tier app, and how to use ping and telnet to verify the connectivity between the tiers using NSGs. The skills acquired in this virtual lab are important for the role of system or network administrator.
For the purposes of this lab, you are a system administrator and your company is migrating its primary web applications and databases from an on-premises datacenter to Azure. To accomplish this, you need to create and deploy multiple Azure virtual machines in a multi-tier architecture using multiple virtual networks and Network Security Groups (NSGs). You will test the configuration when finished.
An NSG contains rules that allow or deny network traffic (inbound and outbound) to/from an Azure resource. When you associate an NSG to a subnet, the rules for that NSG apply to all the resources in the subnet.
Create Azure virtual networks and subnets using peering
To begin, you need to sign into the Azure portal and create three virtual networks (web, app, and db), each with a subnet. You also need to create virtual network peerings between the web tier and the app tier and between the app tier and the db tier.
Virtual network peering allows you to connect virtual networks that are in the same Azure region. When virtual networks are peered, resources in both virtual networks can communicate with each other with the same bandwidth as if they were on the same network.
Deploy Azure virtual machines for a multi-tier app
A multi-tier application is one that’s distributed among more than one layer. It’s used to divide an enterprise application into two or more parts (three-tier is standard).
In this step, you are going to create three Azure virtual machines for three tiers: web, app, and db.
Verify connectivity using Network Security Groups (NSGs)
First, you need to review the NSGs for the virtual machines that you created in the previous step of the lab. Verify that you have open RDP ports for the Windows virtual machines and an open SSH port for the Linux virtual machine.
Then you need to verify that there is connectivity between the web tier and the app tier and between the app tier and the db tier.
By taking this lab, you will learn how to use NSGs to create inbound traffic rules, how to use peering to create Azure virtual networks and subnetworks, deploy Azure virtual machines for a multi-tier application, and verify connectivity using NSGs.