Application Security Group (ASG)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
Hello, Siberians. Welcome to this lesson on application Security group. This lesson is part of the top Madu off the Is that 500 Microsoft Azure Security Technologies, Cars for simplicity have referring to the aggravation SG going forward.
00:17
Quick information on what will be covering here. In this lesson,
00:21
we'll start out by looking at some car SST concept.
00:25
How then demonstrate also create and use here She's in network security group rules. Let's get into this
00:33
first
00:34
What I SG's
00:36
here. She's allows users to define groupings for veteran machines for the populace off, simplifying the management off network security rules. Okay, what does that mean?
00:47
Let's look at the next description and see if it helps us to understand this concept. Mark.
00:53
The primary use case off Air Cities is simplified micro segmentation
00:58
again. What does that mean? David.
01:00
Well, network security groups, like with described in the previous lesson, allows us to implement segmentation for workloads running in an azure virtual network.
01:11
However, using the night he addressed to the finder, segmentation could be difficult to manage as I P addresses could change.
01:21
And as we make constantly bringing up new instances on deprivation in old instances in our veteran networks. Done, Mr. We need to constantly be keeping our rules off two dates.
01:33
In the case of my diagram below, the first thing that needs to do is associate s just to my VM.
01:40
For example, eso sheds the far svm Thanh Yes, he called Web seven
01:45
the second PM trying years he called observer on the top of the M 20 years he called db seven.
01:52
Now when I apply my energy, rose is still viewed an i p addresses that could change. I used the edges for my source and destination. For example, the first rule that have defined here allows traffic to put 80 80 from any VM associated with Web seven air, sea
02:09
toe any VM associated with the apse of a STD
02:14
while the second vote allows traffic to part three to resemble eight from any VM associated with ABS ever air ski tow any VM associated with the db sever years? She
02:25
This is what application security groups allows us to implement
02:30
here. She also makes it easy for hostile implement security policies for dynamic walk loads.
02:36
So if I bring up in new Web server, for example, all I need to do is make sure that it is associated with the word sever air Sea on the vitals will automatically apply. I do not need to update my energy with the I p address off the new instance I just provisioned.
02:53
There is one last thing to note about here. Cities, though
02:58
they are limited to a single virtual network, so I cannot use them across. Virtual Network appears
03:04
now to our demonstration.
03:07
Here's a list off casted are between.
03:08
The first thing that I do is to create on Air Sea and associate it to a Windows virtual machine.
03:15
How did they find a energy road that uses the air Student I created earlier are verified that my application will applies
03:23
and finally out of some tidy up task by associating the public i p results that I created in previous lesson on the energy that I also created in a previous lesson out associate those from my veteran Mission Network interface.
03:38
So in the first task, how creates an ear she called Web server on our associate IDs to my windows VM he has a visual representation off what are between
03:46
I currently have my VM on, I'll be created in on here she and associating it with it.
03:53
So right now I'm in the azure Pato. If I go, I'd and click on Create a Results and I said for Application
04:00
Security Group on Outlook on the option There,
04:04
on a quiet and click on, creates
04:08
our Puts that in the same result ago. But I've put on my previous resources,
04:12
and I'll call it in them off. Web
04:15
seven
04:16
are living in the same region as my other resources, which is UK self on our click on review, Plus creates
04:24
and actually can create. Now that my Air Sea has finished creating, I'll go to associate it with my virtual machine. So what I'll do is I'll go under veteran machines.
04:33
I will select my veteran machine and I go on the network in
04:36
Now, in the networking section, I have applications security groups, yes. So if I click on application security groups,
04:44
I'll click on the option to confiscate,
04:46
and I'll go to select my webs ever air she and African safe.
04:50
Now that is, saved my webs of our here. She is not associated with this virtual machine
04:57
in the next task habit of finding NSC road I use is the Air Sea that I just created.
05:03
What are pigeons are be allowing part 80 from the Internets toe any VM with the website for a ski on. Here's a visual representation of what are between.
05:13
I already have the energy associated to the network interface off my VM. I'll simply be having a route to heat that makes use off the air. She so I'm back in the azure Pato
05:24
on what are do is I have the option to click on my network interface here. So if I grab gently Common network interface
05:32
on if I click on the security group, I have my security group. Yes, I'll go ahead and select that security group
05:39
on my click on inbound rules. I can say the block rule that I had it in the earlier lesson, So what I'll do is I'll go ahead in new impound. Drew
05:47
from Sauce is in service, stock and sauce, bean Internet
05:53
and the suspect our live that has any. The destination out changed that application security group,
06:00
and I'll select the Web server application, security groups or anything that's going to envy him. That's associated with that group.
06:09
For the destination part, range out Select spot 80 or type import 80
06:15
for the protocol. *** electricity on the action to be allow now for the priority out, given the low poverty off 100
06:24
and for the name Al Golden type. Allow
06:27
Http
06:30
to
06:30
Web Sever
06:33
Cook
06:34
and I'll go ahead and click on hot
06:38
once that finished, adding,
06:40
I can go back for my next task.
06:42
Now. In the next task are very find that my role is walking by testing http access from the Internet to my Windows VM,
06:50
which, as a Web server that's running
06:54
yes, if the show representation off what are beteen
06:57
because of the rule that I configured for the S E. I expect connectivity from Port 80 on the Internet to my Windows Reem to be successful and to be accepted.
07:08
So right now I'm back in the azure Pato on. What I'll do is I'll click back on the veteran machines and I'll select my Windows virtual machine.
07:16
Our copy my public I p address how type in http
07:21
and I put in my
07:24
I p address there and press enter. And there you go, you can see that I have connectivity to my windows vm on pot 80
07:31
Now in the final task RB tighten things up in preparation for the next lesson. So what I'll do is out dissociates the public i p and the energy for my viens network interface
07:44
aan s official representation off what are between are simply remove the public. I pee on the energy.
07:49
So back in the agile Pato what I'll do is our quiet and click on networking form a virtual machine
07:57
and I'll click on the network interface
07:59
the 1st 1 Our every move is the public eyepiece are quiet and click on I p configuration
08:05
our select I p conflict one on out, Click on the public ivy to associates that on our click on safe
08:11
So now that that is safe successfully, I consider that saved network interface. I'll go to associates, the Natural Security group also, So I just go one step back to networking.
08:24
I'll select my network interface on I'll Click on Network Security Group
08:28
How click on edits and I'll sets. That's to none
08:31
on our click on safe.
08:33
So once that saved successfully on back to a situation where I have my Windows virtual machine in my private sub net with no public I p address on with no network security group.
08:45
That puts us in a good place for the next lesson.
08:48
So here's a somebody off what we covered in this lesson.
08:52
We started out by looking at some car air, sea concept,
08:56
and finally I demonstrated outer create and use air. She's in network security group Rose.
09:03
This brings us to the end of this video. Thanks very much for watching, and I'll see you in the next lesson.
Up Next
AZ-500: Microsoft Azure Security Technologies

In this Microsoft Azure Security Technologies (AZ-500) training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By