Windows Server Administration Labs

Labs 00, 01, & 02, Written by: Edward Bigos, 2023

Lab 00

Creating the Azure Education Login

Overview

This assignment sets up the login for Azure.

Cautions and Warnings

Browser Issues

The documentation was created using Firefox on an Ubuntu host. Any browser should work, but we have not tested the process on other browsers.

One specific problem encountered involved data retention from a prior user. On each screen verify the username is your username and not any other user’s information.

image.png

If the username information deviates from your information stop the process, open a blank tab, exit all the Microsoft screens, then clear all the browser information (Firefox shown below).

image.png

Do not Enter a Credit Card

If you see this image STOP. You will not need a credit card to access the education portal. Exit the process and start over.

image.png

Use Your STCC Education Login

Use your STCC login to access the education portal. If you do not see the STCC login you will not have access to the free credits.

image.png

Procedure – Creating the Azure Education Account

  1. Access the education portal at the link below.

    https://azureforeducation.microsoft.com/devtools


  2. Click Sign In

    image.png

  3. Wait for the login. Choose the sign-in options at the bottom of the window.


    image.png

     

  4. Choose Sign Into an Organization.

    image.png

  5. Enter the domain name as studentstcc.edu or stcc.edu.

    image.png



  6. Enter the user's email account name.

    image.png



  7. Select Next and wait for the redirect.

    image.png



  8. Use your STCC single sign-on credentials to log in.

    image.png



  9. Choose “Stay Signed In” only if this is your computer. For public computers choose “No”.

    image.png



  10. You will need a phone number to identify your account. This is to ensure there is a human associated with the account. The simplest method is for the user to check the “Text Me” button after entering a valid mobile phone number. A verification code will be sent to the mobile phone. Enter the SMS code into the Verification Code box. Press the Verify Code button.

    image.png



  11. Agree to the terms. Uncheck the other boxes.

    image.png



  12. After verification, the Azure Portal page will be displayed. The next step is to apply for the Azure $100.00 credit. Select the Sign Up Now button.

    image.png



  13. Select the green Start Free button.

    image.png



  14. Wait for the confirm your account screen to complete.

    image.png



  15. Enter your contact information.

    image.png


    image.png



  16. Agree to the terms. Press the Sign-up button.

    image.png



  17. While the account is created, Azure requests feedback.

    image.png



  18. On success, the portal page is displayed.

    image.png



  19. You are all set, you have setup your access to Microsoft Azure.


Lab 01

Azure Virtual Machine Introduction

Overview

This assignment creates the first virtual machine in Azure. This lab demonstrates the process of creating a Windows 2016 Server virtual machine in Azure, connecting to the server using Remote Desktop, and then removing the virtual machine.

Deliverables / What to submit

Take two screen snapshots as listed in the directions.

  1. A screenshot of the Azure Portal showing the running Windows 2016 Server instance.

  2. A screen snapshot of the Windows 10/11 workstation’s Remote Desktop connection to the Windows 2016 Server’s public IPV4 address.

  3. A screenshot of your deleted VM.

Log into the Azure for Education Portal

Log into the Azure Education Portal using your STCC credentials.

https://portal.azure.com

image.png

Procedure – Create an Azure Windows 2016 Server

  1. The portal page lists common tasks and resources.

    image.png


  2. Select Virtual Machines. No virtual machines are listed.

    image.png


  3. Choose Create to create the first virtual machine.

    image.png


  4. Choose the Create new link to create a new resource group.

    image.png


  5. Select a name for the resource group. This lab used “vm1”. Select OK.

    image.png


  6. Choose the US East 1 region.

    image.png


  7. Select the Image drop-down to select a new operating system image. Choose Windows 2016 data center for the operating system.

    image.png


  8. Enter a username for the server administrator account.

    image.png


  9. Enter a password. This lab used RaspDell@7654X for the password. This virtual machine will be exposed to the Internet so a complex and secure password is necessary. Use your password, but be sure to record it somewhere.

    image.png

    Select Next Disks at the bottom of the page.


  10. Choose a standard SSD for the disk.


    image.png

    Select Next Networking at the bottom of the page.

  11. Review the default network settings. No changes are required.

    image.png

    Select Next Management at the bottom of the page.

  12. Enable Auto Shutdown. Set the time to 7:00 PM EST.

    image.png

    Select Next Monitoring at the bottom of the page.


  13. Review the monitoring options. No changes are necessary.

    image.png

    Select Next Advanced at the bottom of the page.


  14. Review the options on the Advanced page.

    image.png

    Select Next Tags at the bottom of the page.


  15. No tags will be specified for this virtual machine.

    image.png

    Select Next Review Create at the bottom of the page.


  16. Review the specification of the virtual machine. Azure runs a validation check on the specification. Wait for the process to complete.

    image.png

    Validation completed.


    image.png

  17. Choose Create to build and start the virtual machine.

    image.png


  18. Wait for the deployment to complete.

    image.png


    image.png

  19. The deployment is complete. The virtual machine is running. Choose Go To Resource.

    image.png


  20. Review the running virtual machine’s specifications. Note the public IPV4 address.

    image.png

    STOP. Take a screen snapshot of this screen for the lab submission.

  21. Start a Windows 10 or 11 client. Remote Desktop is not available on the Windows 10/11 Home Editions. The images below are from a Windows 10 client.

    Alternatively, if you are on a Linux machine, you can use the Remmina Remote Desktop Viewer to access the remote environment.

    Search for and open the Windows Settings menu. Select System.

    image.png


  22. Select Remote Desktop.

    image.png


  23. Enable Remote Desktop.

    image.png


    image.png


  24. Search for the Remote Desktop app then start the application.

    image.png


  25. Copy the public IPV4 address of your virtual machine to the clipboard. Paste it into the Computer field in Remote Desktop. Select Show More Options.

    image.png


  26. Enter the username for the Windows 2016 Server. Choose connect.

    image.png


  27. Enter the password. Enter Yes to the security warning.

    image.png

    image.png


  28. Windows 10 initiates a remote desktop connection to the Windows 2016 server using the public IPV4 address.

    image.png



  29. The remote desktop to the Windows 2016 Server. Browse through the Windows server to convince yourself this is the same server used in the ProxMox labs.

    image.png

    image.png

    STOP. Take a screen snapshot of this screen for the lab submission.

  30. Check the red items. These features need to be configured.

    image.png

    image.png



  31. Close Server Manager. The controls for Remote Desktop are at the top of the screen. Click on the “X” to disconnect the Remote Desktop from the Windows 2016 Server.

    image.png

    Disconnection message.


    image.png

    The server has been disconnected.


    image.png


  32. Review the status of the Windows 2016 Server in the Azure Portal.

    image.png


  33. Stop the virtual machine.

    image.png

    image.png


  34. Wait until the virtual machine stops.

    image.png

    image.png


  35. Delete the virtual machine. This exercise was to step through the process. The next lab will create another virtual machine to replace it.

    image.png

    Select delete for the OS disk, the network interfaces, and the public IP address.


    image.png

    Select Delete.


    image.png

    STOP. Take a screen snapshot of this screen for the lab submission.


  36. The portal does not update to show the virtual machine has been deleted. Review the messages and refresh the page.

Lab 02

Creating an Azure Network

Overview

This assignment sets up a software-defined network for Azure.

Deliverables / What to Submit

  1. Take a screenshot of the web page to submit for credit.

  2. From the Azure Portal choose Home then VM2. Take a screenshot of the vm2 configuration. Include your username on the right side of the screen.

  3. Examine the code to create the rule to allow HTTP traffic through webnsg in Part 2 step 10.

Getting Started

  1. Login to https://portal.azure.com. From the Home screen choose All Resources.

    image.png


  2. Note the names of your existing resources. Your resources may look different from the image below.

    image.png



  3. Choose Export to CSV. Save the file for later use.

  4. Create a new tab on the browser. Open https://shell.azure.com on this new tab. This step opens an Azure shell command line interface (CLI).

    image.png


  5. Select Bash Shell.

    image.png



  6. Choose Create Storage. This creates permanent storage for the CLI shell operations.

    image.png



  7. The storage may take several minutes to create. Wait until it is complete.

    image.png



  8. On completion, the Bash shell will appear.

    image.png


  9. Create SSH keys for the CLI using the ssh-keygen command.

    image.png



  10. List the directory using ls -la. The keys are stored in the .ssh directory. Use ls -la .ssh to display the key files id_rsa and id_rsa.pub.

    image.png


Use the cat commands to display the contents of the public key.

Creating a Software Defined Network (SDN)

Azure uses a software-defined network (SDN) to provide network services to virtual machines (VMs). This set of steps will create an SDN for the next set of VMs. It helps to visualize the parts of the SDN.

image.png

Part 1 - Setting up the network

  1. Create a Network Interface. Select the Home page on the Azure Portal. Choose Create resource. In the search box enter Network. Select Network interface.

    image.png


  2. Select Network interface and then Create.

    image.png



    Resource group: vm2

    Name: webvnic

    Region: East US

    Virtual network: virtualNetwork1


    image.png

  3. Examine the subnet addresses. The 10.1.1.0/16 class B is reduced to 10.1.1.0/24. Select Edit subnet.

    image.png

    Select Edit subnet.


    image.png


    Use the following values.

     

    Name: websubnet

    Starting address: 10.1.1.0

    Subnet size: /24 (256)

     

    Save the subnet changes.

     

    Select the Static IP radio button.


    image.png


    Private IP address assignment: static

    Private IPv4 address: 10.1.1.4

     

    Save the interface configuration. After validation choose Create.


    image.png


View the webvnic configuration.

image.png


Notice there is no public IPv4 address listed on the interface.

From the Home screen choose Create, Network, Public IP address.


image.png


Enter the following values.

Resource group: vm2

Name: webPublicIP


image.png


Save the public IP address. Validate and create the IP address.

Associate the public IP address with the network interface. Note: the screens use the name webPublicIP2 but you will be using webPublicIP.

Examine the webPublicIP configuration.


image.png


Choose the Associate button.


image.png


Select Interface from the Resource drop-down.


image.png


Choose the webvnic interface.

View the webvnic configuration. Note the public IP address.


Part 2 - Configuration with the CLI

Now that we have setup our first network manually, we will now add the rest of our networks and VM to the configuration. To speed up this process, we will use the Azure CLI to mass create networks and VM's for our networks.

Open a new tab on the browser to https://shell.azure.com

  1. Create the remote security group remotensg.

    az network nsg create --resource-group vm2 --name remotensg 
  2. Create the remote network security group rules. Paste the code below into the Bash shell.

    az network nsg rule create --resource-group vm2 --nsg-name remotensg --name allowssh --protocol tcp --priority 100 --destination-port-range 22 --access allow 
  3. Create the remote subnet 10.1.2.0/24 with the subnet name remotesubnet and security group remotensg.

    az network vnet subnet create --resource-group vm2 --vnet-name vnet-eastus-1 --name remotesubnet --address-prefix 10.1.2.0/24 --network-security-group remotensg 
  4. Create the Ubuntu 22.04 Linux web server.

    az vm create --resource-group vm2 --name webvm --nics webvnic --image Ubuntu2204 --size Standard_B1ms --admin-username azuremol --generate-ssh-keys 
  5. Create the Ubuntu 22.04 Linux JumpBox server.

    az vm create --resource-group vm2 --name remotevm --vnet-name vnet-eastus-1 --subnet remotesubnet --nsg remotensg --public-ip-address remotepublicip --image Ubuntu2204 --size Standard_B1ms --admin-username azuremol --generate-ssh-keys 
  6. Test the connection to the jump box. Commands are in bold (use your IP address, the one below is an example).

    edward [ ~ ]$ eval $(ssh-agent) Agent pid 301

    edward [ ~ ]$ ssh-add

    Identity added: /home/edward/.ssh/id_rsa (edward@cc-c9c2859c-

    58c96f7cb4-ldm8p)

    edward [ ~ ]$ ssh -A azuremol@74.235.35.186

    The authenticity of host '74.235.35.186 (74.235.35.186)' can't be established.

    ED25519 key fingerprint is

    SHA256:+lbhwT+eEeB9LXHoOKwRJ3fav5OtSvaHXB1C6yeREzA.

    This key is not known by any other names

    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

    Warning: Permanently added '74.235.35.186' (ED25519) to the list of known hosts.

    Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1037-azure x86_64)

     

    • Documentation: https://help.ubuntu.com

    • Management: https://landscape.canonical.com

    • Support: https://ubuntu.com/advantage

     

    System information as of Tue May 2 03:17:47 UTC 2023

     

    System load: 0.0732421875 Processes: 101

    Usage of /: 5.0% of 28.89GB Users logged in: 0

    Memory usage: 13% IPv4 address for eth0: 10.1.2.4

    Swap usage: 0%

     

    Expanded Security Maintenance for Applications is not enabled.

     

    0 updates can be applied immediately.

     

    Enable ESM Apps to receive additional future security updates.

    See https://ubuntu.com/esm or run: sudo pro status

     

     

     

    The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

     

    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

    To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.

     

    azuremol@remotevm:~$


  7. Connect to the webvm server.

    azuremol@remotevm:~$ ssh 10.1.1.4

    The authenticity of host '10.1.1.4 (10.1.1.4)' can't be established.

    ED25519 key fingerprint is

    SHA256:1pFU2M0so/8idcudTOHBV0ZDnaQ4trDEwdIeBtTkUDI.

    This key is not known by any other names

    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

    Warning: Permanently added '10.1.1.4' (ED25519) to the list of known hosts.

    Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1037-azure x86_64)

     

    • Documentation: https://help.ubuntu.com

    • Management: https://landscape.canonical.com

    • Support: https://ubuntu.com/advantage

     

    System information as of Tue May 2 03:19:18 UTC 2023

     

    System load: 0.0 Processes: 95

    Usage of /: 5.0% of 28.89GB Users logged in: 0

    Memory usage: 13% IPv4 address for eth0: 10.1.1.4

    Swap usage: 0%

     

    Expanded Security Maintenance for Applications is not enabled.

     

    0 updates can be applied immediately.

     

    Enable ESM Apps to receive additional future security updates.

    See https://ubuntu.com/esm or run: sudo pro status


    The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

     

    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

    To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.

     

    azuremol@webvm:~$ ls azuremol@webvm:~$ uname -a

    Linux webvm 5.15.0-1037-azure #44-Ubuntu SMP Thu Apr 20 13:19:31 UTC

    2023 x86_64 x86_64 x86_64 GNU/Linux azuremol@webvm:~$


  8. Install the webserver on webvm.

    sudo apt update && sudo apt install -y apache2 

    Open port 80 for the web server. Log out from Linux server webvm. Log out from Linux server remotevm. Enter the commands from the Azure CLI shell.


  9. Create the web network security group webnsg

    az network nsg create --resource-group vm2 --name webnsg 
  10. Create the webnsg rules for the HTTP port 80.

    az network nsg rule create --resource-group vm2 --nsg-name webnsg --name allowhttp --protocol tcp --priority 100 --destination-port-range 80 --access allow 
  11. Associate the webnsg rule with the webvnic.

    az network nic update --name webvnic --resource-group vm2 --network-security-group webnsg
  12. Test the web server by opening a connection to your public IP address. The syntax is http://publicipaddress, where publicipaddress is your server's public Ip address which can be found on your VM's information tab. In my case, it would be http://20.81.63.106.

Be sure to use http and not https!

STOP. Take a screen snapshot of this screen for the lab submission.

Refer to deliverables 2 & 3 at the top of the lab for the other two lab requirements.