Scribd
Upload
65 views6 pages

Azure VNet and NSG Setup Guide

The document provides instructions for setting up a multi-tier architecture on Azure. It includes steps to create resource groups, virtual networks, subnets, network security groups, and a bastion host. Specific subnets are created for application gateway, web, business, data and Active Directory. Network security group rules are configured to allow appropriate traffic between the subnets.

Uploaded by

alohamann999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
65 views6 pages

Azure VNet and NSG Setup Guide

The document provides instructions for setting up a multi-tier architecture on Azure. It includes steps to create resource groups, virtual networks, subnets, network security groups, and a bastion host. Specific subnets are created for application gateway, web, business, data and Active Directory. Network security group rules are configured to allow appropriate traffic between the subnets.

Uploaded by

alohamann999
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

cruso

João .
Para:Você
Ter, 01/08/2023 08:25

Trilha 1 - Mastercloud

[Link]

joao
Devadmin9106

adminjoao
Devadmin@123 -- git

kennethreitz/httpbin:latest

Service Endpoint
Acessar PaaS sem ir para a internet

Private Link
Reduz regras de firewall, link privado do PaaS --> para a VNET

[Link] Install-WindowsFeature -name Web-Server -IncludeManagementTools


[Link] Remove-Item -Path 'C:\inetpub\wwwroot\[Link]'
[Link] Add-Content -Path 'C:\inetpub\wwwroot\[Link]' -Value $
($env:computername)

Ordem criação ambiente:


1. VNET
2. Subnet
3. NSG (Liberar porta 80)
4. VM (Ip publico e privado)
- Rodar Script powershell
5. App-gateway
- Criar Backendpool
6. Criar Webapp com URL publica
- Criar PrivateLink

DefaultEndpointsProtocol=https;AccountName=imgstorjoaocloud;AccountKey=JCAiY2whn68S
QtuynShrZevgyYmn4xk66RVFZI0CnWs1CEpxpHAcAYtwaxdce8u6c6ELEpjWwwxR+AStpTY8ng==;Endpoi
ntSuffix=[Link]

az webapp deployment source config-zip --resource-group ManagedPlatform --src


[Link] --name imgstorapijoaocloud

wget [Link]

ApiUrl=[Link]
az webapp deployment source config-zip --resource-group ManagedPlatform --src
[Link] --name imgstorjoaoweb

[11:57] Josue Vidal (Convidado)


[Link]
DesigningMicrosoftAzureInfrastructureSolutions/

[11:57] Josue Vidal (Convidado)


[Link]

[11:58] Josue Vidal (Convidado)


[Link]

o produto
1 - Videos (YOUTUBE / Microsoft Learn) - CONTEUDO
2 - LABs realizar (APRENDE NA PRATICA) - CONCEITO
3 - LER ARTIGO - FIXAR CONHECIMENTO - (MICROSOFT LEARN)
4 - RESUMO - 2x FIXAR CONHECIMENTO
5 - SIMULADOS - VALIDAÇÂO DOS CONHECIMENTOS

[Link]

while ($true) { Invoke-WebRequest -URI [Link] -


UseBasicParsing }

[Link]

[spoke-vnet,hub-vnet]

=========================================

>> Criar Grupo de Recursos

$name = "rg-ntier"
$location = "eastus"

az group create --name $name --location $location

>> Criar Vnet e a subnet do Application Gateway.

$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$addressPrefixVNet="[Link]/16"
$subnetNameApg = "subnet-apg"
$subnetPrefixApg = "[Link]/24"

echo "Creating vNet and subnetNameApg"


az network vnet create --resource-group $resourceGroup `
--name $vNetName --address-prefix $addressPrefixVNet `
--location "$location" --subnet-name $subnetNameApg `
--subnet-prefix $subnetPrefixApg

>> Criando demais subnets

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetBastionName = "AzureBastionSubnet"
$subnetPrefixBastion = "[Link]/26"

echo "Creating subnet BastionHost"


az network vnet subnet create --address-prefix $subnetPrefixBastion --name
$subnetBastionName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Web


$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetWebName = "subnet-web"
$subnetPrefixWeb = "[Link]/24"

echo "Creating subnet Web"


az network vnet subnet create --address-prefix $subnetPrefixWeb --name
$subnetWebName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Business

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetBusinessName = "subnet-business"
$subnetPrefixBusiness = "[Link]/24"

echo "Creating subnet Bussiness"


az network vnet subnet create --address-prefix $subnetPrefixBusiness --name
$subnetBusinessName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Data


$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetDataName = "subnet-data"
$subnetPrefixData = "[Link]/24"

echo "Creating subnet data"


az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"


az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's


$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"


az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --


name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "[Link]/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "[Link]/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"


--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "[Link]/24" --source-port-range "*" --destination-
address-prefix "[Link]/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "[Link]/24" --source-port-range "*" --destination-address-
prefix "[Link]/24" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --


name MSSQLRule --access Allow --protocol Tcp --direction Inbound --priority 1001 --
source-address-prefix "[Link]/24" --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 1433

echo "Criando regras para nsgADDS"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgADDS" --


name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "[Link]/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

>>>Associar os NSG's às subnets.


$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$subnetNameApg = "subnet-apg"
$subnetWebName = "subnet-web"
$subnetBusinessName = "subnet-business"
$subnetDataName = "subnet-data"
$subnetADDSName = "subnet-adds"
$nsgApg = "nsgApg"
$nsgWeb = "nsgWeb"
$nsgBusiness = "nsgBusiness"
$nsgData = "nsgData"
$nsgADDS = "nsgADDS"

echo "Associando nsgApg ao subnetNameApg"


az network vnet subnet update --vnet-name $vNetName --name $subnetNameApg --
resource-group $resourceGroup --network-security-group $nsgApg

echo "Associando nsgWeb ao subnetWebName"


az network vnet subnet update --vnet-name $vNetName --name $subnetWebName --
resource-group $resourceGroup --network-security-group $nsgWeb

echo "Associando nsgBusiness ao subnetBusinessName"


az network vnet subnet update --vnet-name $vNetName --name $subnetBusinessName --
resource-group $resourceGroup --network-security-group $nsgBusiness

echo "Associando nsgData ao subnetDataName"


az network vnet subnet update --vnet-name $vNetName --name $subnetDataName --
resource-group $resourceGroup --network-security-group $nsgData

echo "Associate nsgADDS ao subnetADDSName"


az network vnet subnet update --vnet-name $vNetName --name $subnetADDSName --
resource-group $resourceGroup --network-security-group $nsgADDS

>> Criar bastion host


$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$publicIpBastionName = "publicIpBastion"
$bastionName = "bastionNTier"

az network public-ip create --resource-group $resourceGroup --name


$publicIpBastionName --sku Standard --location $location

az network bastion create --name $bastionName --public-ip-address


$publicIpBastionName --resource-group $resourceGroup --vnet-name $vNetName --
location $location

You might also like