Azure Networking

Azure Classroomnotes 28/Jan/2023

Networking
 Physical Network:
 We use cables/medium to connect systems.
 Virtual Network:
 This is software defined network used to connect virtual
machines

 Ip address:
 A unique number used to identify a system in a network
 Network interface connects system to network and gets
an ip address

IP Address
 Execute ipconfig
ip address : 192.168.0.11
subnet mask : 255.255.255.0
default gateway : 192.168.0.1
  IP Address = Network id + host id
 Subnet mask helps in identifying network id and host id from
ip address

 IP address format which we are looking into is IPv4.

 IP-address is 32 bit number and each position is an octet (8
bits) and 4 octets
 ip v4 range => 0.0.0.0 to 255.255.255.255
 Two systems can communicate with each other if they belong
to same network

References
 2 power table Refer Here
 Binary to decimal
 decimal to binary
Azure Classroomnotes 29/Jan/2023

Networking Basics
Problem Statement – Network Design
Problem 1

 we need a network to connect 200 devices

 We need to figure out the network id and host id ranges

 Generally we have two kinds of networks
 public network:
 These ip addresses are accessible over internet
 We have very limited public ip’s available in IPv4
 private network
 These ip addresses are reserved for intranet
 The private ip addresses which are reserved are
 10.0.0.0 to 10.255.255.255
 172.16.0.0 to 172.31.255.255
 192.168.0.0 to 192.168.255.255
 Note: When we create network through out the exercises as
well as in Azure we will be using private ranges.
  Solution
Subnet Mask: 255.255.255.0 => 1 octect => 8 => 2^8 = 256
255.255.0.0 => 2 octects => 16 => 2^16 = 65536
255.0.0.0 => 3 octects => 24 => 2^24 => 16777216

private ranges:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

Size ~= 200
SM = 255.255.255.0
some possibilties
ip: 10.0.0.x
sm: 255.255.255.0

ip: 10.0.1.x
sm: 255.255.255.0

ip: 192.168.0.x
sm: 255.255.255.0

Problem 2

 We need a network to connect 500000 devices

Subnet Mask: 255.255.255.0 => 1 octect => 8 => 2^8 = 256
255.255.0.0 => 2 octects => 16 => 2^16 = 65536
255.0.0.0 => 3 octects => 24 => 2^24 => 16777216

private ranges:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

Size = 5,00,000

IP: 10.x.x.x
SM: 255.0.0.0

Problem 3

 I need a network to connect 500 devices

Subnet Mask: 255.255.255.0 => 1 octect => 8 => 2^8 = 256
255.255.0.0 => 2 octects => 16 => 2^16 = 65536
255.0.0.0 => 3 octects => 24 => 2^24 => 16777216

private ranges:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Size = 500

IP: 10.0.x.x
SM = 255.255.0.0

IP: 172.16.x.x
SM = 255.255.0.0

IP: 192.168.x.x
SM = 255.255.0.0

 Till now the way we are creating networks i.e. we want a

network for 500 but we had to choose 65000 size network

IP Addressing options
 We have two options
 Classful:
 We have classes of networks

 Classless:
 We try looking at subnet mask as binary number
Azure Classroomnotes 30/Jan/2023

CIDR Notation
 CIDR (Classless interdomain Routing)
 The ip addressing is mentioned as x.x.x.x/n
x.x.x.x => ip
n = fixed bits

 Examples
10.10.10.0/24
ip: 10.10.10.x
SM: 11111111.11111111.11111111.00000000
255.255.255.0
2^n - 2
Size: 2^(32-24) - 2 => 254

10.10.10.0/23

ip: 10.10.0000101x.xxxxxxxx => 10.10.10.x 10.10.11.x

SM: 11111111.11111111.11111110.00000000

Size: 2^(32-23) - 2 => 510

192.168.0.0/20

IP: 192. 168. 0000xxxx.xxxxxxxx

SM: 11111111.11111111.11110000.00000000

192.168.0.x to 192.168.15.x

Size: 2^(32-20) - 2 => 4094

CIDR: 172.16.0.0/12

IP: 172. 0001xxxx.xxxxxxxx.xxxxxxxx

SM: 11111111.11110000.00000000.00000000

Size: 2^(32-12) - 2 => 1048574

172.16.0.0 172.31.255.255

CIDR: 10.128.0.0/22
10.128. 000000xx.xxxxxxxx
SM: 11111111.11111111.11111100.00000000
10.128.0.0 to 10.128.3.255

10.128.0.0/10
IP 10.10xxxxxx.xxxxxxxx.xxxxxxxx
SM: 11111111.11000000.00000000.00000000
10.128.0.0 to 10.191.255.255

192.168.224.0/20
IP: 192.168.1110xxxx.xxxxxxxx
SM: 11111111.11111111.11110000.00000000
192.168.224.0 to 192.168.239.255

Azure Classroomnotes 31/Jan/2023

CIDR
 Expand the CIDR Range
10.224.0.0/11

fixed = 11
variable = 32-11 = 21

IP: 10.111xxxxx.xxxxxxxx.xxxxxxxx
SM: 11111111.11100000.00000000.00000000

Range: 10.224.0.0 to 10.255.255.255

Subnet
 Subnet is part of network
 As a cloud engineer we are expected to create networks and
multiple subnets
Problem-1: We need to design network with two subnets of size approximately 200 devices

 Each subnet = 200

 network = 400

private:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

Network

2^v ~= 400
variable = 9
Fixed = 32-9 = 23

ip: 172.16.0000000x.xxxxxxxx => 172.16.0.0/23

SM: 11111111.11111111.11111110.00000000
Subnet
2^v ~= 200
variable = 8
fixed = 24

ip 172.16.0.xxxxxxxx => 172.16.0.0/24

SM: 11111111.11111111.11111111.00000000

ip 172.16.1.xxxxxxxx => 172.16.1.0/24

SM: 11111111.11111111.11111111.00000000

 Network cidr: 172.16.0.0/23

 Subnet 1 cidr: 172.16.0.0/24
 subnet 2 cidr: 172.16.1.0/24
Problem-2: Create 4 subnets with 100 devices each in network

 Each subnet = 100

 network = 400
Network

2^v ~= 400
variable = 9
fixed = 23

ip: 192.168.0.0/23

SM: 11111111.11111111.1111111x.xxxxxxxx

Subnet:

2^v ~=100
variable = 7
fixed = 25

Network SM: 11111111.11111111.1111111x.xxxxxxxx

Subnet SM: 11111111.11111111.11111111.1xxxxxxx
------------------------------------------------
y.y
192.168.00000000.0xxxxxxx => 192.168.0.0/25
192.168.00000000.1xxxxxxx => 192.168.0.128/25
192.168.00000001.0xxxxxxx => 192.168.1.0/25
192.168.00000001.1xxxxxxx => 192.168.1.128/25
Problem 3: Create 4 subnets of size 50

 Network size ~= 200

 subnet size ~=50
Network

2^v ~= 100
variable = 8
fixed = 24

ip: 192.168.0.0/23

SM: 11111111.11111111.1111111x.xxxxxxxx

Subnet:

2^v ~=50
variable = 6
fixed = 26

Network SM: 11111111.11111111.11111111.xxxxxxxx

Subnet SM: 11111111.11111111.11111111.11xxxxxx
------------------------------------------------
yy
192.168.0.00xxxxxx => 192.168.0.0/26
192.168.0.01xxxxxx => 192.168.0.64/26
192.168.0.10xxxxxx => 192.168.0.128/26
192.168.0.11xxxxxx => 192.168.0.192/26
Exercises

 Create a netowork with

 8 subnets of size 500 each
 6 subnets of size 300 each

Azure Classroomnotes 01/Feb/2023

Exercises
 Create a network with
 8 subnets of size 500 each
network
192.168.0.0/20
subnets:
192.168.0.0/23
192.168.2.0/23
192.168.4.0/23
192.168.6.0/23
192.168.8.0/23
192.168.10.0/23
192.168.12.0/23
192.168.14.0/23
 6 subnets of size 300 each
network: 10.10.0.0/20
subnets:
10.10.0.0/23
10.10.2.0/23
10.10.4.0/23
10.10.6.0/23
10.10.8.0/23
10.10.10.0/23
  4 subnets of size 2 lakh devices each
“`
2 ^ v ~ = 2 lakh
fixed = 14
variable = 18
ip: 10.0.0.0/14
subnet SM: 11111111.11111100.00000000.000000000
network SM: 11111111.1111yy00.00000000.000000000
10.0.0.0/14
10.4.0.0/14
10.8.0.0/14
10.12.0.0/14

“`
* Create a 8 network with size 1000
2^v ~ = 1000
variable = 10
fixed = 22
Subnet SM: 11111111.11111111.11111100.00000000

yyy00
00100
01000
ip: 172.16.0.0/22
ip: 172.16.4.0/22
ip: 172.16.8.0/22
ip: 172.16.12.0/22
ip: 172.16.16.0/22
ip: 172.16.20.0/22
ip: 172.16.24.0/22
ip: 172.16.28.0/22

Router
 Router is a device to forward packets from one network to
another
 Router has a route table which will have rules depending on
destination address
 Note: When we are writing rules to restrict network traffic we
can filter only on network id’s
10.0.1.0/24 => Any packet with network id 10.0.1 (10.0.1.x)
0.0.0.0/0 => any ip address
192.168.0.10/32 => Specific ip address

Azure Classroomnotes 02/Feb/2023

Azure Global Infrastructure

 Azure Has Regions where the infrastructure is available for
usage
 Regions are of two types in Azure
 Regions
 Regions with Zones (3)
 Paired Regions exist for enabling disaster recovery and quick
data sync between regions

 Azure Global/Backbone network:

 This is a backbone network which connects all the
Azure regions and edge locations

 Edge Location: This is a datacenter with purpose of

 acting like a Point of Presence location for a Content
Delivery Network (CDN)
 act as an interface to connect on-premises to Azure
Back bone network.
Azure Classroomnotes 03/Feb/2023

Azure Vnet
 The network which we create in Azure is referred as Azure
virtual network (vnet).
 The resources which we create in Azure will be part of subnet
not virtual network
 Every Azure Vnet will have a default azure route table which
allows
 communication between all the systems in vnet
 communication to the internet
 Azure VNET is connected to internet by default

 The Network ranges (cidr) which we provide while creating

network are for private connectivity
 To connect the machine from internet, enable public ip and
attach this to the network interface

 While assigning public ip, we have options to choose

 static
  dynamic
 When we use dynamic public ip, the ip address is change
during power off and on’s and otherway around in static ip.
 private ip’s are static by default

Azure Resource Creations

Azure VNet Creation using Portal

 Azure Portal Refer Here
 Create a Virtual Network
 Lets create our own cidr range. The cidr range in Azure is
referred as address space
 Once the resource is created, Navigate to it
Azure Classroomnotes 05/Feb/2023

Azure vnet contd

 In Azure subnet is scoped to Region

 In the same subnet as shown above we can have vms from

different zones.
 Lets create a linux vm and connect it the network created in
last session
  The componets with relevance to network created are
 Network security Group
 Network Interface
 Public Ip Address
 Connect to the linux machine from your system using public
ip
ssh username@publicip
sudo apt install net-tools
ifconfig
* Lets have a look at public ip address created
* Lets have a look at network interface

* Lets have a look at network security group

Scenario – 1
 Create a virtual network in any region (/22) with 3 subnets
 web (/24)
 app (/24)
 db (/24)
 Create a linux vm with public ip address in web subnet

 create a linux vm without public ip address in app subnet

 Lets try to connect to the app server from our laptop

 direct connection is not possible as app server doesnot
have public ip
 so lets connect to web server and from webserver lets
connect to app server as communication with in vnet is
enabled by default (private connections)
Azure Classroomnotes 07/Feb/2023

Network Security Groups

 Refer Here for official docs.
 This is used to filter network traffic to azure resources
 We can filter traffic based on direction, Protocols, Port,
Source/Destination IP Range
 incoming
 outgoing
 Protocols:
 TCP
 UDP
 ICMP
 ESP
 AH
 Port
 Source/Destination IP Address/Range
 How it works
 NSG has rules, lower the number higher the priority.
 When a packet arrives NSG evaluates the packets
(source ip, protocol, port) and then Allows/denies the
packet according
 Once the match is found it will not evaluate the next
rules.
 If the rule is not matched it tries to process the next rule
 Rules which we write will have number between 100 and
4096
 Default NSG Rules:
 Incoming
 Allow all communication with in vnet
 Allow Connections from load balancer
 Any thing else deny
 Outgoing
 Allow all communications within vnet
 Allow internet access
 Rest Deny
  When authoring rules ensure we dont start from 100 pick
some number like 300 or 1000 etc so that we have an option
to add more rules at the top
 Between two rules ensure that the rule number is not
consequent number (i.e. 300,301). Try to have some gap so
that we can fill any future needs (300 310)

 NSG’s can be attached to network intefaces or subnets

Reference – Popular Ports

 There are 65,535 possible port numbers, although not all are
in common use. Some of the most commonly used ports,
along with their associated networking protocol, are:
 Ports 20 and 21: File Transfer Protocol (FTP). FTP is for
transferring files between a client and a server.
 Port 22: Secure Shell (SSH). SSH is one of many tunneling
protocols that create secure network connections.
 Port 25: Historically, Simple Mail Transfer Protocol (SMTP).
SMTP is used for email.
 Port 53: Domain Name System (DNS). DNS is an essential
process for the modern Internet; it matches human-readable
domain names to machine-readable IP addresses, enabling
users to load websites and applications without memorizing a
long list of IP addresses.
  Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the
protocol that makes the World Wide Web possible.
 Port 123: Network Time Protocol (NTP). NTP allows
computer clocks to sync with each other, a process that is
essential for encryption.
 Port 179: Border Gateway Protocol (BGP). BGP is essential
for establishing efficient routes between the large networks
that make up the Internet (these large networks are called
autonomous systems). Autonomous systems use BGP to
broadcast which IP addresses they control.
 Port 443: HTTP Secure (HTTPS). HTTPS is the secure and
encrypted version of HTTP. All HTTPS web traffic goes to
port 443. Network services that use HTTPS for encryption,
such as DNS over HTTPS, also connect at this port.
 Port 500: Internet Security Association and Key Management
Protocol (ISAKMP), which is part of the process of setting up
secure IPsec connections.
 Port 587: Modern, secure SMTP that uses encryption.
 Port 3389: Remote Desktop Protocol (RDP). RDP enables
users to remotely connect to their desktop computers from
another device.
Azure Classroomnotes 08/Feb/2023

Azure Network Security Group

 Problem: create a network security group which allows all the
communication on 80 and 443 port & denies communication
on 3389 port for ip 101.102.103.104
 Consider the following network

 Create a NSG which

 allows all incoming http (80) from anywhere
 allows all incoming ssh (22) within vnet and deny
others
  denies all incoming requests on 8080 from anywhere
 allows 8080 communication for web subnet
 22 port => deny every one but allow vnet

 Create a NSG which

 allows all incoming connections (3306) from app subnet and
denies others
 allows ssh connections within vnet and denies others

Exercise: Create A Vnet with two subnets web, db

 allow all communication from web to db and db to web

 allow all communication to web subnet from http (80) and
https
 denies all external communication to db subnet
 Verify the above behavior, by creating two vms one in web
and other in db.
  VM in db should not have public ip.
Azure Classroomnotes 09/Feb/2023

Application Security Groups

 Application security group allows to filter network traffic for
a set of vms with common purpose to other set of vms with
common purpose in the application architecture

 Create two asgs

  Attach ASG to a NIC

 IN NSGS we can use ASG to filter network traffic

 We can also filter network traffic with service tags which is
about an access to virtual networks from azure services

Multiple VNets
 Lets create the following vnet with vms

 Public connectivity exists between two vnets

 We need to explore options for private connectivity

 We have following options for private connectivity

 VNET Peering
 VPN:
 Point to site
 site to site
 We have to understand two cases
 Networks in Azure
 Hybrid Networks
Azure Classroomnotes 10/Feb/2023

Azure Networking Contd

 Current network

 We can create two kinds of VPN’s to establish private

connectivity with any network(s)
 Point to Site VPN

 Site to Site VPN

  Azure has two options for connecting Azure VNETS
 VNET to VNET Refer Here
 VNET Peering Refer Here. To create a peering
connection Refer Here
 Create a Peering Connection b/w vnet1 and vnet2

 Azure vnet limits: Refer Here

Prep for Tommorow’s Workshop

 Ubuntu Virtual Machines
 Some linux commands to install certain softwares
 Atleast two regions working.
Azure Classroomnotes 11/Feb/2023

Azure VNet Workshop – Part 1

Azure Vnet considerations

 In the case of Azure subnet, we cannot use the following

addresses (Assuming your subnet address space is
192.168.0.0/24)
 192.168.0.0 Network Address
 192.168.0.255 Broadcast Address
  192.168.0.1 Reserves this for default gateway
 192.168.0.2, 192.168.0.3 which are used by Azure for
DNS purposes
 Azure Vnet supports two kinds of subnets
 Subnet
 Gateway Subnet (This subnet is used for vpns,
Application Gateway etc.. where subnet will be used by
Azure to create managed resources)
 The smallest subnet is /29 and largest subnet is /2
 Create a network with cidr range other than private cidrs
Azure Bastion
 Create a vnet with two subnets.
 Create a linux vm and window vm without public ip

 Azure has a fully managed Bastion as a PaaS, which will

allow you to connect to virtual machines in private network
from azure portal.

 Azure Bastion has two offerings

 Basic SKU
 Stanadard SKU
 Azure Bastion Pricing Refer Here
 Create a Bastion for existing VNet

 Once the bastion is created, we can connet to azure vms using

Bastion Refer Here
Preparation
 Create a Ubuntu 20.04 Linux and install lamp
sudo apt update
sudo apt install apache2 stress -y
sudo apt install php libapache2-mod-php php-mysql -y
sudo -i
echo "<?php phpinfo(); ?>" > /var/www/html/info.php
 Ensure 80 port is open to all. Navigate to http://publicip/info.html

 Create a new resource group called as workshop-images

 Now navigate to vm and capture the vm image
  Once the vmimage is created, delete the workshop resource
group
Gallery => workshop
image => qtapache
version => 1.0.0
RG => workshop-images
Load Balancing
 Applications in Azure Run on
 virtual machines
 Azure App services
 AKS
 Functions
 If we need HA, we will be having redundant resources and
Automatic scaling.
 Azure has load balancing supporting
 Single Region
 Region with Zones
 Multiple Regions
 Layer 4 vs Layer 7 loadbalancing Refer Here
 Design Choices

Lab Setup
 Create a vnet with 3 subnets
 web
 app
  db
 Try to use a region where zones are supported
 Now create a vm with the image created earlier in atleast 2
zones and have public ips for now

Azure Load Balancer

 Azure Load Balancer is fully managed Layer 4 Loadbalancer
from Azure.

 Refer Here for official docs

 Azure Load balancer components
 Front end
 Backend pool
  Health Probes
 LB Rules
 Create 3 vms in web subnet

 Lets create an Azure Load Balancer

 Navigate to front end ip

 Backend pools


 Health probes

 Load Balancing rules

  Access the applicaton using http://<lb-ip>/info.php

Azure Classroomnotes 11/Feb/2023

Azure Networking Workshop – Part 2

Prepartion

 To create images
# vm 1
mkdir /var/www/html/images
echo '<h1> Images </h1>' > /var/www/html/images/index.html

 To create videos
# vm 2
mkdir /var/www/html/videos
echo '<h1> Videos </h1>' > /var/www/html/videos/index.html

Azure Application Gateway

 This is Layer 7 load balancer which is managed by
Azure. Refer Here for official docs
 Azure App Gateway has two features
 Layer 7 load balancing
 Web Application Firewall
 Azure application gateway Refer Here
 Create Azure Application Gateway
  Basic overview

 url patterns

 For redirection Refer Here

 SSL Termination/Offloading: Refer Here

Azure DNS
 We can Azure DNS to manage
 public DNS
 private DNS
 DNS server stores records which map hostnames to ip
addresses
 In your local system we can create dns mappings
  Windows (C:\Windows\system32\drivers\etc\hosts)
 Linux /etc/hosts
 We can maintain DNS in Azure by creating DNS zone, but
we cannot purchase domains in Azure.

 Once the NS (name servers) are updated, all the DNS

management can be done by Azure. Azure gives 100%
uptime SLA.

Traffic Manager
 Create a VNET in Region A and VNET in Region B
 Create a ubuntu vm and install apache in Region A
 Create a ubuntu vm and install nginx in Region B
 Refer Here for traffic manager pricing
 Refer Here to create traffic manager profile
 Azure front door can be used for http accelaration as edge
locations also come into play Refer Here
Azure Compute
Azure Classroomnotes 14/Feb/2023

Azure Compute Services

 Compute Services in any cloud deal with code executions i.e.
generally they require cpu + memory
 In the below image, App server and Web Server are using
compute primarily.

 Azure Compute Services

 Azure Virtual Machines
 Azure Container Instances
 Azure Kubernetes Service
 Azure App Services
 Azure Batch (HPC)
 Azure Functions
 Azure Spring Apps

Azure Compute Options

 Cloud Computing Models
 Infrastructure as a Service
 Platform as a Service
  Software as a Service

 Azure Virtual Machines is a Service offered by Azure where

we can create Windows and Linux Virtual Machines. This is
IaaS offering from Azure
 Azure App service is service offered by Azure where we can
deploy applications directly. This is PaaS offering from
Azure.

Basic Terms
 Service: Whatever is offered by Azure to realize some
component
 Resource: Using Service what we create is a Resource.
 Cloud Services Provider: Any organization who is offering
cloud service (Azure, AWS, GCP)
 Pay as you go: Pay for whatever you have used and generally
the billing cycle is per month.
 Account
 Subscription
 Resource Group
 Management Group
Azure Classroomnotes 15/Feb/2023

Azure Virtual Machines

  Azure Virtual Machines allows us to create Windows and
Linux VMs
 Azure Virtual Machine Major components
 Where we run: This is selected by Region
 CPU and RAM: Virtual Machine Size and Type
 Disk: Type and size of the Disk
 OS: Licensed Versions will be charging more

 To connect to Azure virtual machines created we will be

using Remote connectivity. We have two protocols
 RDP (Remote Desktop Protocol): This is used by
Windows Servers and Desktops
 SSH (Secure Shell): This is used by Linux Distributions
for connectivity
 Every Virtual machine will have credentials. Azure supports
the following credentials
 Username and Pasword: This can be used by linux and
windows vms
 key based authentication: This can be used by linux vms
 To select CPU and RAM we select vm size.
 To select operating system we select VM image.
Create a Windows 2022 Server on Azure

 Navigate to Azure Portal Refer Here and authenticate

 Create a Resource group
 Create a Virtual Machine
  Connect to Windows VM

Azure Classroomnotes 16/Feb/2023

Azure Virtual Machine Contd

 Azure has two types of Regions
 Regions
  Regions with Zones

 Regions with Zone Support

 Generally when we create VM, the virtual disk from which os

is loaded is referred as OS Disk, disk from the same physical
server from which vm was launched is Temp Disk and any
additional disks which you ask for are Data disks
 Data Disks and Os Disks are non ephemeral (persist), where
as temp disk is ephemeral (volatile)
 As long as vm is running the changes in Temp Disk will be
shown, once the vm is shutdown the changes made will be
lost
 Temp Disks are available based on VM Size

 Number of Data Disks that can be attached to VM also

depends on Size

 VM Size as of now gives us

 number of cpus
 RAM Size
 Temp Disk Size
 Number of Data Disks
 Any VM Created will have status, which helps in showing
you current state and also the different values represent the
life cylce of a vm
  Create a Windows VM

Azure Virtual Machine states

 Refer Here for the official docs
 Azure Power States Refer Here

 Azure VM Cost
 VM Size
 Disk Size
 Os costs (if any)

Azure Virtual Machine Sizes and its Types

 Azure helps in choosing the Right VM Size, by organizing
VMs by its type

 To be continued in next session

Azure Classroomnotes 17/Feb/2023

Azure Virtual Machine Sizes

 Azure VM with Family Series Refer Here
 VM Selector by Azure Refer Here
 VM Sizes Refer Here
 Azure vm size naming convention Refer Here

Azure Linux Virtual Machine Creation

 Credentials:
 We can generate the keys in our laptop or ask azure to
create a key pair and give us the private key.
 You can use username and password
 Linux:
 Remote Connection: SSH
 Softwares for Connection:
 Windows 10/11, Any Linux/Mac: You have inbuilt
ssh
 Install Git Bash/Putty
 Creating Azure Linux vm
 SSH Command
 With username and password ssh username@ipaddress
  with username and key ssh -i <path to key> username@ipaddress

Azure Classroomnotes 18/Feb/2023

Azure VM High Availability

 To make the applications in the VM Highly Available we
need to make vm’s redundant (running multiple vms)
 According to Azure Global infrastructure
 in one Region we will have many data centers
 in one Region we will have 3 zones with many data
centers each
 So possible options
 Run multiple vms with same application in Same
Region or Same Zone
 Run multiple vms with same application in Same
Region on multiple Zones
  Run multiple vms with same application in Same
multiple Regions
 Below are the ways to deploy
 VMs in multiple racks in Same Region, Options
 Availability Set:
 Multiple vms in multiple racks but no
gurantees on whether they will be closer to
each other
 Proximity Placement Group
 Multiple vms in multiple racks closer to each
other in same Datacenter inside region/zone
 VMs in Different Zones:
 Zone Based Deployment
 Vms in Different Regions:
 Multi Region Deployment

Availability Set
 Has two options
 Fault Domain
 Update Domain
Proximity Placement Group
 Refer Here for official docs
 Refer Here
 Create a Proximity Placement Group

 While Creating vm in the advanced section use the proximity

placement group created
Create a Price Estimate
 Figure out what would be monthly costs for Running a D
series VM with 4 virtual cpus and 16 GB of RAM in
Chennai.
 OS: Windows 2022
 Disk Size: 128 GB (SSD)
  Figure out the cost for Running B Series with premium disk
with 2 vcpus and 8 GB of RAM. We have the same vm
running in south india and east us
 OS: Ubunutu
 Disk: 128 GB (SSD)


Zone Based Deployment

Azure Classroomnotes 21/Feb/2023

Zone Based Deployment

 Depending on number of zones which you select while
creating vm, those many vm’s will be created
  While create vm select a single zone which is any of zone1,
zone2, zone3

VM Application Deployment Options

 If we want to deploy application on a vm what are the options

 Create a VM
 login and install application
 Use Run Command to install the application
 If the application needs to installed and configured only
during vm creation use Userdata/Custom Data
 Create a VM deploy application and create a reusable
 Managed Image
 Shared Image Gallery
 Create a VM and deploy applications using Azure VM
Extensions
 For demonstration purposes, i will be install lamp stack
sudo apt update
sudo apt install apache2 stress -y
sudo apt install php libapache2-mod-php php-mysql -y
# run this command as root user
# sudo -i
echo '<?php phpinfo(); ?>' > /var/www/html/info.php
 The application runs on 80 port accessed
by http://publicip/info.php

 Lets run the above using Run Command

Azure Classroomnotes 21/Feb/2023

Zone Based Deployment

 Depending on number of zones which you select while
creating vm, those many vm’s will be created
  While create vm select a single zone which is any of zone1,
zone2, zone3

VM Application Deployment Options

 If we want to deploy application on a vm what are the options

 Create a VM
 login and install application
 Use Run Command to install the application
 If the application needs to installed and configured only
during vm creation use Userdata/Custom Data
 Create a VM deploy application and create a reusable
 Managed Image
 Shared Image Gallery
 Create a VM and deploy applications using Azure VM
Extensions
 For demonstration purposes, i will be install lamp stack
sudo apt update
sudo apt install apache2 stress -y
sudo apt install php libapache2-mod-php php-mysql -y
# run this command as root user
# sudo -i
echo '<?php phpinfo(); ?>' > /var/www/html/info.php
 The application runs on 80 port accessed
by http://publicip/info.php
 Lets run the above using Run Command
Azure Classroomnotes 22/Feb/2023

Azure VM Custom Data and User Data

 Custom Data and User Data are the scripts that can be
executed while VM is being created (Provisioned)
 User Data is latest version of Custom Data where Azure
Instance Metadata Service is accessible
 Steps
#!/bin/bash
apt update
apt install apache2 stress -y
apt install php libapache2-mod-php php-mysql -y
echo '<?php phpinfo(); ?>' > /var/www/html/info.php
systemctl restart apache2

 Lets create an Azure VM with the above as user data

Preparation

 Create a ubuntu linux vm

 Become a root user sudo -i
  Execute the following commands
apt update
apt install apache2 stress -y
apt install php libapache2-mod-php php-mysql -y
echo '<?php phpinfo(); ?>' > /var/www/html/info.php
systemctl restart apache2

 From the VM Created above, we can create resuable images.

 Azure Supports creating reusable images in two ways
 Azure managed Image
 Azure Compute Gallery

Generalized and Specialized VM Images

 Azure Generalized VM allows users to set credentials while

provisioning, whereas specialized VM images don’t allow to
set credentials
 Azure Managed Image:
 This creates Generalized VM Images
 Azure Compute Gallery
 This creates both Generalized as well as specialized VM
Images
 Note: If we need to create Generalized VM Image, the user
specific information has to be removed, so the source vm
becomes unusable.
Create a Managed Image

 Click Capture
 Now lets try to create a vm with the captured image
  Note:
 Learn JSON Refer Here

Azure Classroomnotes 23/Feb/2023

Azure Virtual Machines

Azure Shared Images using Compute Gallery

 Refer Here for the official documentation.

 Shared Image gallery allows us to create multiple image
definitions.
 Each Image definition represent an application (purpose)
 In each Image Definition we can have multiple image
versions.
 Creating a new Compute Gallery
 Terms
 Publisher: This generally represents organization
building images
 Offer: This represents the application/release
 SKU: This represents the versions
 To create image use capture from VM
Immutable Infrastructure
 For creating infra have a template (ARM
Templates/Terraform)
 Changes in infra will be done in the template
 If the application is deployed on vms where same application
is deployed in multiple vms handling this from vm image is
easier.
  To automate vm image creation

System Setup
 Install Azure CLI: Refer Here
 Understand json Refer Here
 Refer Here for the video which contains all the necessary
software installations to be done.
Azure Classroomnotes 24/Feb/2023

Horizontal and Vertical Scaling

 Vertical Scaling is about increasing resources to current vm/physical machine (increasing
RAM/CPU).
 Adopting Vertical Scaling means we need to restart the workload which means
downtime
 Generally scaling is used in the sense of increasing but the situation is same even to
decrease resource
 Horizontal scaling is about increasing workloads to distribute the load among mutliple
systems
 Adopting Horizontal scaling means we need not have a downtime because we are
adding more workloads (vms)

 In Azure, We can perform both horizontal and vertical scaling

Vertical Scaling in Azure

 Changing the vm size in Azure is a way to perform vertical scaling, This leads to restart of the
vm
 Create a VM with apache
  Now resize the VM size

Horizontal Scaling in Azure

 We have two options

 Manually add/remove vms
 Automatically increase or decrease vmss => Azure Virtual Machine Scale Set (VMSS)

Azure Virtual Machine Scale Sets (VMSS)

 Virtual Machine Scale Set Refer Here
 VMSS lets us do horizontal scaling, with
 fixed count maintained
 scale out and in based on some metric to automatically
increase or decrease vms
 A VMSS represents a Virtual Machine with some
component/application which needs to be scaled (order service,
user service not both)
 To Create a VMSS ideally we need an Virtual machine Image
rather than using userdata/custom data/run commands to install
applications.
 Exploring options while creating VMSS
Azure Classroomnotes 28/Feb/2023

VMSS
 Lets create an image in Azure Compute Gallery
Create a VMSS with fixed scaling

 VMSS can be used for fixed scaling where it tries to maintain

the desired count
 The following image describes the activity which we are
supposed to perform

 Fixed count = 3
 Health Probe
 GET /info.php should get 200
 Failed: when two consecutive health probes have gone
bad
 Succed: When atleast 3 consecutive health probes have
good status.
 Create a VMSS
 Now access http://publicip/info.php here public ip is ip address of
load balancer
  Lets create a new http health probe

Experiment with metrics

 Create a VM with ubuntu
 Login into vm with two terminals
 Execute htop in one terminal
 Install stress in other terminal sudo apt update and sudo apt install
stress
 execute the command stress --cpu 8 --timeout 10m -v

Azure Classroomnotes 01/Mar/2023

Azure VMSS Autoscaling

 Create a VMSS with image from compute gallery with
autoscaling
 min: 1
 max: 5
 scale out by 1 if cpu utilization > 60%
 scale in by 1 if cpu utilization < 40%
  We have artificially stressed the VM in VMSS using
stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 100m -v

 The instances in VMSS before we started execution are 1,

lets wait for 5-10 mins and check for the results
  By default we can scale using host based metrics
 CPU
 RAM
 Disk utilization
 If you need to scale with Application level metrics we can use
application insights Refer Here and also from diagnostic
extension Refer Here

Rolling updates to VMSS

 Ensure your upgrade policy is not manual.
 Create a new version of the image in compute gallery/image
definition and as the upgrade policy is automatic, it should
 upgrade the vmss with new image version.

 After the image rollout is complete you should be seeing the

new image deployed in vmss without downtime.
Azure Classroomnotes 03/Mar/2023

Azure VMSS Auto Upgrade

 For a VMSS to support autoupgrade, Health Extensions
needs to be enabled.

 Refer Here on the official docs on setting automatic

upgrades.
  Ensure auto upgrade is on by executing the following
command in azure cli
az vmss update --name phpmyinfo --resource-group vmssdemo --set
UpgradePolicy.AutomaticOSUpgradePolicy.EnableAutomaticOSUpgrade=true

* To perform manual upgrade execute the following command

az vmss rolling-upgrade start --resource-group "vmssdemo" --name "phpmyinfo"

Azure VM Purchasing Options

 To Purchase VM’s In Azure we have 3 major options
 On-demand:
 We pay hourly bills based on usage
 Hourly charge for vms which are running
 Reservations:
 We give a commitment of 1 (41% discount) or 3
years (62% discount)
 Monthly charges
 Spot VMs: Refer Here

Azure Classroomnotes 07/Mar/2023

Platform as a Service – Azure Web Apps

 Azure App Service is a Platform as a Service offering in
Azure which enables to run applications Refer Here
 Lets create an App Service
 Now Navigate to the url

 Refer Here for sample app

  Make changes and push the changes

App Service Plans

 Broadly are divided into
 Basic/Shared
 Standard/Premium
 Isolated
 Basic/Shared are plans recommended for dev/test
environments. The Basic plan will support only manual
scaling and share (F1) doesnot support scaling
 Refer Here for hosting plans
 Refer Here for pricing plans
 Refer Here
Azure Classroomnotes 08/Mar/2023

Azure App Services Contd..

 Azure App Service doesnot run in your virtual network, so to
use the app service privately use endpoints Refer Here
 Consider the following case, We have app service and which
requires a database.
 Create a database and pass connection strings
 Refer Here for dotnet core examples
 Refer Here for setting java app with db and Refer
Here for node js.
 Refer Here for python webapp with db
 Deployment slots gives us an option to run various
environments in the app service to cater to ci/cd pipelines
 Troubleshooting app services
 Logs, Monitoring are enabled
 We can use development section to ssh and to use
advanced tools
  Azure App Service has metrics which enable us to track
 Usage
 Data In and Data Out
 Http Response Status Code
 Log Stream give live logs while you are using the application
 Azure App Service for Standard and above service plans
gives option to buy domains and supports adding custom
domain name
 Azure App Service can be scaled up and Scaled out.
 Certficates can be added or use the defaul managed certifacte
by microsoft

Azure Classroomnotes 09/Mar/2023

Serverless
 In Serverless, We write business logic as function (code).
This function will be executed when the requests are made
and we will be charged only for this duration.
 Managed Serverless providers will process the request and
run the function charge you accordingly.
 Azure offers serverless (FaaS) using Azure Functions
 There are no standards in this technology and portability from
one provider to other is difficult.
 Refer Here for official docs
 Create a simple function
 Lets create a sample azure function using visual studio code
  Ensure Azure Functions Extension is installed

 Refer Here for quick start from official docs

 Next Steps:
 Function
 Trigger
 Bindings
 Durable Functions

Azure Classroomnotes 11/Mar/2023

Azure CLI
 Azure has three interfaces
 Web interface:
 Azure portal
 Command Line interface
 Azure CLI
 Azure Powershell
 Code interface
  Azure SDK

 Install azure cli Refer Here

 Azure CLI sign in Refer Here
 Azure CLI has the following pattern
az <service> [<sub-service>] <action> [{--arg1 value1} .. {--argn valuen}]

 Azure commmand return json by default

 To find the commands Refer Here
Create a Linux VM using Azure CLI

 Getting Started
 Install azure cli tools extension to vs code
 Create a file with extension .azcli
 To Create VM
 resource group
 region
 vm image:
 publisher: Canonical
 offer: 0001-com-ubuntu-server-jammy
 sku: 22_04-lts-gen2
 instance size: Standard_B1s
  ports to be opened: 22, 80
 Steps:
 Create a resource group Refer Here for changeset

 Create a vm Refer Here for the changeset

 Login into the instance and ssh <username>@<publicip>

 install apache
 Refer Here for changes to install apache and open 80 port

Azure Active Directory and ARM Templates, Azure Bicep

Azure Storage

Azure Databases

Migration’s