- Lab
- A Cloud Guru
Create and Configure Virtual Machines on Azure
In this hands-on lab scenario, you are working as a Cloud Engineer for Gamma Tech, an up-and-coming computer repair company. You’ve been asked to deliver a proof of concept of how your company could use virtual machines to host websites. You’ll use the Azure portal to create and configure virtual machines in Microsoft Azure. This will include creating a virtual machine, installing a web server role, working with DNS, resizing a VM, attaching a disk, and encrypting disks using Azure Key Vault.
Path Info
Table of Contents
-
Challenge
Create a Windows Virtual Machine in the Azure Portal
-
Create a Windows Server 2022 Virtual Machine in the same region as the resource group:
- Choose Standard_DS1_v2 for the virtual machine size.
- VM Name:
Lab-VM-01 - Username:
cloud_user - Password:
I8JJL#$442ag - Select none for public inbound ports.
-
Create a virtual network called
lab-vnet:- Ensure the address range is set to
10.0.0.0/16.
- Ensure the address range is set to
-
Create a subnet called
lab-subnet-vm:- Give this subnet an address range of
10.0.0.0/24.
- Give this subnet an address range of
-
Create a public IP address for the virtual machine.
-
-
Challenge
Configure Virtual Machine Access with Azure Bastion
-
Deploy Azure Bastion by choosing to connect from the VM in the overview page and then creating Azure Bastion using the defaults.
-
Connect to the VM and install the web server role.
-
Create a simple web page by using the following PowerShell command:
Add-Content -Path "C:\inetpub\wwwroot\Default.htm" -Value $($env:computername)
-
-
Challenge
Configure Virtual Machine Networking
-
Using the Azure portal, change the virtual machine's DNS server to use
8.8.8.8(Google's DNS server). -
Using the Azure portal, give the virtual machine a DNS name label. The name needs to be unique across each Azure region.
-
Create an inbound network security group rule that will allow port
80traffic inbound to the VM. -
Navigate to the virtual machine's DNS label using your web browser.
- Note: It may take some time for the inbound security rule to create and apply.
- The address will look something like this:
http://<dns-name-label>.<region>.cloudapp.azure.com/.
-
-
Challenge
Resize the Virtual Machine and Add a Data Disk
-
Create a new data disk on the virtual machine:
- Set its size to
30gb. - Set its type to
Standard SSD.
- Set its size to
-
On the virtual machine, initialize and format the new disk.
-
Resize the virtual machine to a
D2s_v3size.
-
-
Challenge
Encrypt the Windows Virtual Machine with Azure Disk Encryption
-
Create an Azure Key Vault:
- Use the standard pricing tier.
- Change the days to retain deleted vaults to 7.
- Ensure that purge protection is disabled .
- Enable Azure Disk Encryption on the Key Vault.
-
Create an encryption key:
- IMPORANT: Creating an encryption key should be done from the Additional Settings on the disks page of the virtual machine. Otherwise, you will receive an error message if you try to create a key from the Key Vault.
- IMPORTANT: Make sure to use a 3072 or 4096 RSA key size, or you will receive an error message during the encryption process.
-
Encrypt both the OS and data disks.
-
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
